Job ad: Research Assistants/Associates in Compilers or Operating Systems for CHERI and the Arm Morello Board

2020-09-05UncategorizedRobert N. M. Watson

We are pleased to announce two new research and/or software-development posts contributing to the CHERI project and Arm’s forthcoming Morello prototype processor, SoC, and development board. Learn more about CHERI and Morello on our project web site. Fixed-term: The funds for this post are available for up to 2 years, with the possibility of extension … Continue reading Job ad: Research Assistants/Associates in Compilers or Operating Systems for CHERI and the Arm Morello Board →

Of testing centres, snipe, and wild geese: COVID briefing paper #8

2020-08-27Legal issues, PoliticsHelen Oliver

Does the road wind up-hill all the way? Yes, to the very end. Will the day’s journey take the whole long day? From morn to night, my friend. Christina Rossetti, 1861: Up-Hill. This week’s COVID briefing paper takes a personal perspective as I recount my many adventures in complying with a call for testing from … Continue reading Of testing centres, snipe, and wild geese: COVID briefing paper #8 →

Hacking the iPhone PIN retry counter

2016-09-15Academic papers, Hardware & signals, Legal issues, News coverage, Politics, Privacy technology, Security engineeringRoss Anderson

At our security group meeting on the 19th August, Sergei Skorobogatov demonstrated a NAND backup attack on an iPhone 5c. I typed in six wrong PINs and it locked; he removed the flash chip (which he’d desoldered and led out to a socket); he erased and restored the changed pages; he put it back in … Continue reading Hacking the iPhone PIN retry counter →

Another scandal about forensics

2015-04-19Academic papers, Banking security, Legal issues, News coverage, Politics, Security economicsRoss Anderson

The FBI overstated forensic hair matches in nearly all trials up till 2000. 26 of their 28 examiners overstated forensic matches in ways that favoured prosecutors in more than 95 percent of the 268 trials reviewed so far. 32 defendants were sentenced to death, of whom 14 were executed or died in prison. In the … Continue reading Another scandal about forensics →

Chip and Skim: cloning EMV cards with the pre-play attack

2012-09-10Academic papers, Banking security, Hardware & signals, Legal issues, ProtocolsMike Bond

November last, on the Eurostar back from Paris, something struck me as I looked at the logs of ATM withdrawals disputed by Alex Gambin, a customer of HSBC in Malta. Comparing four grainy log pages on a tiny phone screen, I had to scroll away from the transaction data to see the page numbers, so … Continue reading Chip and Skim: cloning EMV cards with the pre-play attack →

The Smart Card Detective: a hand-held EMV interceptor

2010-10-19Banking security, Hardware & signals, Protocols, Security engineeringMarios O. Choudary

During my MPhil within the Computer Lab (supervised by Markus Kuhn) I developed a card-sized device (named Smart Card Detective – in short SCD) that can monitor Chip and PIN transactions. The main goal of the SCD was to offer a trusted display for anyone using credit cards, to avoid scams such as tampered terminals … Continue reading The Smart Card Detective: a hand-held EMV interceptor →

Reliability of Chip & PIN evidence in banking disputes

2010-02-26Academic papers, Banking security, Legal issuesSteven J. Murdoch

It has now been two weeks since we published our paper “Chip and PIN is broken”. Here, we presented the no-PIN attack, which allows criminals to use a stolen Chip and PIN card, without having to know its PIN. The paper has triggered a considerable amount of discussion, on Light Blue Touchpaper, Finextra, and elsewhere. … Continue reading Reliability of Chip & PIN evidence in banking disputes →

Tuning in to random numbers

2009-09-08Banking security, Hardware & signalsTheo Markettos

Tomorrow at Cryptographic Hardware and Embedded Systems 2009 I’m going to be presenting a frequency injection attack on random number generators formed from ring oscillators. Random numbers are a vital part of cryptography — if predictable numbers are being used an attacker may be able to read secret messages, impersonate either party, or replay transactions. … Continue reading Tuning in to random numbers →

Defending against wedge attacks in Chip & PIN

2009-08-25Banking security, CryptologySteven J. Murdoch

The EMV standard, which is behind Chip & PIN, is not so much a protocol, but a toolkit from which protocols can be built. One component it offers is card authentication, which allows the terminal to discover whether a card is legitimate, without having to go online and contact the bank which issued it. Since … Continue reading Defending against wedge attacks in Chip & PIN →

PED vulnerability paper receives "Most Practical Paper" award at Oakland

2008-05-21Academic papers, Awards, Banking securitySaar Drimer

In February, Steven Murdoch, Ross Anderson and I reported our findings on system-level failures of widely deployed PIN Entry Devices (PED) and the Chip and PIN scheme as a whole. Steven is in Oakland presenting the work described in our paper at the IEEE Symposium on Security and Privacy (slides). We are very pleased that … Continue reading PED vulnerability paper receives "Most Practical Paper" award at Oakland →

Light Blue Touchpaper

Security Research, Computer Laboratory, University of Cambridge

Search Results for: chip and pin