When organized crime applies academic results: a forensic analysis of an in-card listening device

详细信息    查看全文

• 作者：Houda Ferradi ; Rémi Géraud ; David Naccache…
• 关键词：Forensics ; Side ; channel analysis ; EMV ; Smart cards
• 刊名：Journal of Cryptographic Engineering
• 出版年：2016
• 出版时间：April 2016
• 年：2016
• 卷：6
• 期：1
• 页码：49-59
• 全文大小：3,265 KB
• 参考文献：1.EMVCo. http://​www.​emvco.​com/​specifications.​aspx
  2.EMVCo. EMV Specification (Book 1), version 4.2 (2008). http://​www.​emvco.​com/​download_​agreement.​aspx?​id=​652
  3.EMVCo. EMV Specification (Book 2), version 4.2 (2008). http://​www.​emvco.​com/​download_​agreement.​aspx?​id=​653
  4.EMVCo. EMV Specification (Book 3), version 4.2 (2008). http://​www.​emvco.​com/​download_​agreement.​aspx?​id=​654
  5.French prosecution case number 1116791060
  6.Mayes, K., Markantonakis, K., Chen, C.: Smart card platform fingerprinting. Glob. J. Adv. Card Technol., 78–82 (2006)
  7.Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and pin is broken. In: 2010 IEEE Symposium on Security and Privacy, pp. 433–446. IEEE, New York (2010)
  8.Rivest, R.L., Shamir, A.: How to reuse a “write-once” memory. Inf. Control 55(1), 1–19 (1982)MathSciNet CrossRef MATH
  9.Souvignet, T., Frinken, J.: Differential power analysis as a digital forensic tool. Foren. Sci. Int. 230(1), 127–136 (2013)CrossRef
  
• 作者单位：Houda Ferradi (1)
  Rémi Géraud (1)
  David Naccache (1)
  Assia Tria (2)
  
  1. Computer Science Department, École normale supérieure, 45 rue d’Ulm, 75230, Paris Cedex 05, France
  2. Centre Microélectronique de Provence, CEA-TEC PACA, 880 Route de Mimet, 13541, Gardanne, France
  
• 刊物类别：Computer Science
• 出版者：Springer Berlin / Heidelberg
• ISSN：2190-8516

文摘

This paper describes the forensic analysis of what the authors believe to be the most sophisticated smart card fraud encountered to date. In 2010, Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) described a man-in-the-middle attack against EMV cards. Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) demonstrated the attack using a general purpose FPGA board, noting that “miniaturization is mostly a mechanical challenge, and well within the expertise of criminal gangs”. This indeed happened in 2011, when about 40 sophisticated card forgeries surfaced in the field. These forgeries are remarkable in that they embed two chips wired top-to-tail. The first chip is clipped from a genuine stolen card. The second chip plays the role of the man-in-the-middle and communicates directly with the point of sale terminal. The entire assembly is embedded in the plastic body of yet another stolen card. The forensic analysis relied on X-ray chip imaging, side-channel analysis, protocol analysis, and microscopic optical inspections.