25 december 2010
... is ook ...
Net doen alsof
Uit:
Net doen alsof is ook liegen
Dominique Goblet
Vertaald uit het Frans door Ernst van de Hemel
(Oorspronkelijke titel: Faire semblant c'est mentir)
Oog & Blik | De Bezige Bij
ISBN 978-90-5492-259-9
Tweet
The Smart Card Detective (SCD)
Van de site van Omar Choudary, PhD-opleiding in Computer Science, Universiteit van Cambridge:
--
The Smart Card Detective (SCD)
The SCD is a card-size device that can intercept, monitor and modify the data of an EMV transaction (EMV is the protocol used in Europe for smartcard payments). This device and the associated software are the result of my MPhil project. The main goal of the SCD was to offer a trusted display for anyone using credit cards, to avoid scams such as tampered terminals which show an amount on their screen but debit the card another (usually larger) amount.
However, the final result is a more general and open EMV framework that can basically do anything a card or a terminal might do. That is, the SCD can act as both a card or a terminal (or even a CAP device), and it can relay, monitor and modify a transaction between a card and a terminal.
We have successfully tested the SCD with many CAP readers and terminals. Among the applications implemented I mention: confirmation of requested amount before authorising a transaction, log of transaction data, PIN modification. We have been able to test also the No PIN vulnerability using the SCD. There is also a French reportage on this.
The hardware consists of an ATMEL AT90USB1287 microcontroller, with several features: 3 power supplies (USB, DC, battery), ISP, USB and JTAG connectors, 2 ISO-7816 (smartcard) interfaces. Most of the software (targetted for the AVR architecture) is written in C with some small parts in assembler.
All the details about the SCD can be found on my MPhil thesis.
Reden van deze post: UK Bankers Try Gag of Student's Research.
De link naar het pdf-bestand hierboven verwijst naar een gemirrorde locatie. Andere mirror hier. Het motto: alles waar je aandacht aan besteedt, wordt groter.
Tweet
--
The Smart Card Detective (SCD)
The SCD is a card-size device that can intercept, monitor and modify the data of an EMV transaction (EMV is the protocol used in Europe for smartcard payments). This device and the associated software are the result of my MPhil project. The main goal of the SCD was to offer a trusted display for anyone using credit cards, to avoid scams such as tampered terminals which show an amount on their screen but debit the card another (usually larger) amount.
However, the final result is a more general and open EMV framework that can basically do anything a card or a terminal might do. That is, the SCD can act as both a card or a terminal (or even a CAP device), and it can relay, monitor and modify a transaction between a card and a terminal.
We have successfully tested the SCD with many CAP readers and terminals. Among the applications implemented I mention: confirmation of requested amount before authorising a transaction, log of transaction data, PIN modification. We have been able to test also the No PIN vulnerability using the SCD. There is also a French reportage on this.
The hardware consists of an ATMEL AT90USB1287 microcontroller, with several features: 3 power supplies (USB, DC, battery), ISP, USB and JTAG connectors, 2 ISO-7816 (smartcard) interfaces. Most of the software (targetted for the AVR architecture) is written in C with some small parts in assembler.
All the details about the SCD can be found on my MPhil thesis.
Reden van deze post: UK Bankers Try Gag of Student's Research.
De link naar het pdf-bestand hierboven verwijst naar een gemirrorde locatie. Andere mirror hier. Het motto: alles waar je aandacht aan besteedt, wordt groter.
Tweet