This is page 2 of:
Heartland’s New Encryption Strategy: Let Them In, But Limit Them
Given the nature of the hardware security module approach, this would only cover in-store and wouldn’t help card-not-present transactions.
Probably the most differentiated element of the Heartland proposal involves its approach to key management. At a technical level, it’s based on using different keys for different zones, with a modified one-time-password approach in that the key is disabled—permanently—after one legitimate use, theoretically making a stolen key—especially one obtained by the proverbial disgruntled employee—of very limited value.
But at a strategic level, the key management approach is based on a very different view to protecting data. Traditionally, security approaches have been based on denying the bad guys access to the data, something that has proven extremely difficult and some might even say futile. Heartland’s new approach is based on the business reality of being a professional cyber thief in 2009. It’s not necessary to deny the cyber thieves access to all protected data. As long as the amount of accessible data is below a certain threshold, it’s not cost-effective for the thieves to steal it.
The major breaches today are seeking millions of names each because of better deactivation procedures by the card brands. In other words, they know that 90-plus percent of the stolen cards will be dead by the time they can be used. That 10 percent is all they have to make money with and they’ll need to sell them to others. Keeping the stolen booty small enough might be almost as good as never letting them in, but it’s probably a lot easier to actually deliver.
“We’re using multiple keys in multiple zones. The keys that are used to encrypt the transaction at the point of sale are changed every day for the merchant and for the particular device so that, should somebody crack our keys, they would be able to (only) get one batch of data from one merchant,” said Heartland’s Carr. “We think this is really industry changing. As soon as the encrypted transactions get into our hardware security module and the batch is closed out, which is done daily, those keys go away and are never used again. So we think our key management approach is really sort of elegant and solves an awful lot of problems, especially for unattended devices that are so expensive to do key injection with.”
The fundamental approach of what Heartland is advocating involves retailers never having to store the card number. The only problem with that approach is that the card number has to be stored somewhere and it has to somewhere be associated with that transaction’s reference number. Could that prove to be the approach’s Achilles heel? Carr said he didn’t think it would be.
-Dan Stiel
May 14th, 2009 at 10:12 pm
Without changing the way the card industry or the banks do business today, this sounds like a fairly decent solution. Encrypting small batches of account numbers with the same key has a few cryptographic risks: a bad guy can attempt a chosen plaintext attack, or use a known plaintext attack to help decipher the batch. But as long as they are using good cryptography (AES or 3DES), those attacks won’t be enough to help an attacker.
I do wonder how they will be generating pseudo-random numbers. That seems to be the weakest link in this chain (reversing the random number generator was the downfall of SSL in Netscape 4.0 a while back.)
Other attacks against this type of implementation include traffic analysis. If you see a specific pattern at 10:00 and again at 2:30, you can surmise that the same card was used twice at that terminal, although you won’t be able to identify the card number itself. Will that help an external attacker? It certainly won’t help a card thief, but could permit certain forms of surveillance.
This might also be susceptible to a brute-force attack if the attacker has access to the encryption routine: by force-feeding it millions of card numbers, he might be able to guess one of the current batch (limited batch sizes prevent this attack.)
As I keep saying, however, encryption at the reader is only a stop-gap deterrent, and not a complete solution. Stolen credit card numbers and cloned cards will continue to be valuable to thieves. Skimmers will still be profitable tools. The only way a real solution will be possible is when the card industry itself steps up to the plate with smart card encryption (a more secure version of CAP, for example.) Once that’s in place, all the encryption hardware and schemes we put in place today will be impotent extra layers that will just cost us more money to remove.