In February, Steven Murdoch, Ross Anderson and I reported our findings on system-level failures of widely deployed PIN Entry Devices (PED) and the Chip and PIN scheme as a whole. Steven is in Oakland presenting the work described in our paper at the IEEE Symposium on Security and Privacy (slides).
We are very pleased that we are the recipients of the new “Most Practical Paper” award of the conference, given to “the paper most likely to immediately improve the security of current environments and systems”. Thanks to everyone who supported this work!
Congratulations again guys on this, and a nice conclusion to all your work in the PED area! You really pulled the wool over the IEEE judges eyes, with a “most practical paper” award for attacks that really only work under laboratory conditions 😉
The question unanswered… what to investigate next?
Mike
Congratulations!
Good job and all, but it seems a bit ludicrous for an academic conference to be giving out a “Most Practical Paper” award. What does it signify? That you’re the most practical of the impractical? I guess that’s something…..
Well deserved 😉
Well Done
But who gets the award for greatest deployment?
http://news.bbc.co.uk/1/hi/business/7557956.stm
And see here for the police viewpoint…
The shim attack that we predicted in this paper has now been reported in the wild, two years later.