The banks are thinking about introducing a new anti-phising meaure called the ‘chip authentication protocol’. How it works is that each customer gets a device like a pocket calculator in which you put your ‘chip and PIN’ (EMV) card, enter your PIN (the same PIN you use for ATMs), and it will display a one-time authentication code that you’ll use to log on to your electronic banking service, instead of the current password and security question. The code will be computed by the card, which will encrypt a transaction counter using the EMV authentication cryptogram generation key – the same key the EMV protocol uses to generate a MAC on an ATM or store transaction. The use model is that everyone will have a CAP calculator; you’ll usually use your own, but can lend it to a friend if he’s caught short.
I can see several problems with this. First, when your wallet gets nicked the thief will be able to read your PIN digits from the calculator – they will be the dirty and worn keys. If you just use one bank card, then the thief’s chance of guessing your PIN in 3 tries has just come down from about 1 in 3000 to about 1 in 10. Second, when you use your card in a Mafia-owned shop (or in a shop whose terminals have been quietly reprogrammed) the bad guys have everything they need to loot your account. Not only that – they can compute a series of CAP codes to give them access in the future, and use your account for wicked purposes such as money laundering. Oh, and once all UK banks (not just Coutts) use one-time passwords, the phishermen will just rewrite their scripts to do real-time man-in-the-middle attacks.
I suspect the idea of trying to have a uniform UK solution to the phishing problem may be misguided. Bankers are herd animals by nature, but herding is a maladaptive response to phishing and other automated attacks. It might be better to go to the other extreme, and have a different interface for each customer. Life would be harder for the phishermen, for example, if I never got an email from the NatWest but only ever from Bernie Smith my ‘relationship banker’ – and if I were clearly instructed that if anyone other than Bernie ever emailed me from the NatWest then it was a scam. But I don’t expect that the banks will start to act rationally on security until the liability issues get fixed.
an easier one … if you can lend one to your friend and since the major banks are known, the only thing you have to do is open an account in several of the major banks, phish and then use your device …
Ross,
You are right, the Banks (and most other organisations) will only increase the security of their systems when the Pain / Cost of not doing it exceads the current cost of the way they do it. Which is not going to happen as long as they either have no legal liability or can use compleatly inefectual “smoke and mirror” security to limit bad publicity.
I am still amazed that the banks and other organisations are alowed to transfer their liability on to the customer in such a maner, and one has to question why our legislators still act in their favour and not that of the customer….
I am not sure whether the second and third complaints are really legitimate. Those kind of threats existed before as well. In other words, the security of the system is no worse with the new ‘chip authentication protocol.’
Especially the real-time MiTM attack (BTW, is there a non-real-time MiTM?) — I would venture to say that any protocol where the user has to authenticate the bank (i.e., to ensure that the website to which he connects is the correct one) is open to MiTM. This is because users are notoriously bad at checking authentication information (SSL certs, etc.).
From Ross’ perspective, the banks are damned if they do anything to improve security and damned if they don’t! “When your wallet gets nicked” they’ll have your card, but not necessarily the reader and let’s face it, that would require a physical attack whereas electronic attacks such as traditional phishing, scale a lot more easily and are a much greater threat.
Ross also overlooks the fact that there may be a separate application on the chip for authentication purposes and that other controls can be applied using the card and reader to ensure the integrity of the transaction (and defeat phishing based man-in-the-middle attacks). It’s also highly likely that the banks will be using a range of controls to manage risk (I’m sure that Ross is aware of the concept of “defence in depth”?).
Ross is correct in thinking that life would be harder for phishermen if Internet users had a clear understanding about email communication, but the fact remains most people don’t understand email spoofing and there are some very convincing social engineering exploits used, so people will continue to be duped by scam emails.
So, “yet another moan by Ross Anderson” and no constructive views on the situation!
Some banks at least seem to agree with me…
There are already some solutions that could address to first problem and that reflect what Ross says in the end. Both solutions are from HSBC (UK and Brazil that I use).
First is not asking always just the full pin for the CAP, but the full pin (full just because is needed for the smart-card) plus partial something that just you and the bank know(like a today’s internet password), that is something like and offset that could be use to XOR with the CAP in the end (not sure about this). HSBC UK do something like this by asking you just to type partial and random selected numbers from your internet password. With this, the detection by “dirty and worn” can be more difficult, as well the “Malicious friend” problem (just if you borrow the device a very large number of times).
For the identification of scams Ross mention in the end, HSBC Brazil has simething that seems a good solution to me. Everytime I want to access any HSBC Brazil related stuff I see a digital stamp, with 3 carachterics ( a geometric figure, a number and an object ) that I should recognized as mine stamp. If it is not there I know that HSBC has someting worng (probably is not HSBC).