Showing papers by "Ross Anderson published in 2010"

Indications of proton-dominated cosmic-ray composition above 1.6 EeV.

Abstract: We report studies of ultrahigh-energy cosmic-ray composition via analysis of depth of air shower maximum (${X}_{\mathrm{max} }$), for air shower events collected by the High-Resolution Fly's Eye (HiRes) observatory. The HiRes data are consistent with a constant elongation rate $d⟨{X}_{\mathrm{max} }⟩/d[\mathrm{log} (E)]$ of $47.9\ifmmode\pm\else\textpm\fi{}6.0(\mathrm{stat})\ifmmode\pm\else\textpm\fi{}3.2(\mathrm{syst})\text{ }\text{ }\mathrm{g}/{\mathrm{cm}}^{2}/\mathrm{\text{decade}}$ for energies between 1.6 and 63 EeV, and are consistent with a predominantly protonic composition of cosmic rays when interpreted via the QGSJET01 and QGSJET-II high-energy hadronic interaction models. These measurements constrain models in which the galactic-to-extragalactic transition is the cause of the energy spectrum ankle at $4\ifmmode\times\else\texttimes\fi{}{10}^{18}\text{ }\text{ }\mathrm{eV}$.

Chip and PIN is Broken

Abstract: EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network. The fraudster performs a man-in-the-middle attack to trick the terminal into believing the PIN verified correctly, while telling the card that no PIN was entered at all. The paper considers how the flaws arose, why they remained unknown despite EMV’s wide deployment for the best part of a decade, and how they might be fixed. Because we have found and validated a practical attack against the core functionality of EMV, we conclude that the protocol is broken. This failure is significant in the field of protocol design, and also has important public policy implications, in light of growing reports of fraud on stolen EMV cards. Frequently, banks deny such fraud victims a refund, asserting that a card cannot be used without the correct PIN, and concluding that the customer must be grossly negligent or lying. Our attack can explain a number of these cases, and exposes the need for further research to bridge the gap between the theoretical and practical security of bank payment systems. It also demonstrates the need for the next version of EMV to be engineered properly.

Who Controls the off Switch

Abstract: We're about to acquire a significant new cyber- vulnerability. The world's energy utilities are starting to install hundreds of millions of 'smart meters' which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay tariff; secondary purposes include supporting interruptible tariffs and implementing rolling power cuts at times of supply shortage. The off switch creates information security problems of a kind, and on a scale, that the energy companies have not had to face before. From the viewpoint of a cyber attacker - whether a hostile government agency, a terrorist organisation or even a militant environmental group - the ideal attack on a target country is to interrupt its citizens' electricity supply. This is the cyber equivalent of a nuclear strike; when electricity stops, then pretty soon everything else does too. Until now, the only plausible ways to do that involved attacks on critical generation, transmission and distribution assets, which are increasingly well defended. Smart meters change the game. The combination of commands that will cause meters to interrupt the supply, of applets and software upgrades that run in the meters, and of cryptographic keys that are used to authenticate these commands and software changes, create a new strategic vulnerability, which we discuss in this paper.

On the Security Economics of Electricity Metering.

Abstract: Smart grids are a hot topic, with the US administration devoting billions of dollars to modernising the electricity infrastructure Significant action is likely in metering, where the largest and most radical change may come in the European Union The EU is strongly encouraging its 27 Member States to replace utility meters with ‘smart meters’ by 2022 This will be a massive project: the UK, for example, looks set to replace 47m meters at a cost of perhaps £350 each Yet it is not at all clear what it means for a meter to be secure The utility wants to cut energy theft, so it wants the ability to disable any meter remotely; but a prudent nation state might be wary of a facility that could let an attacker turn off the lights Again, the utility may want to monitor its customers’ consumption by the half hour, so it can price discriminate more effectively; the competition authorities may find this abhorrent Other parts of government might find it convenient to have access to fine-grained consumption data, but might find themselves up against privacy law There are at least half-a-dozen different stakeholders with different views on security – which can refer to information, to money, or to the supply of electricity And it’s not even true that more security is always better: some customers may opt for an interruptible supply to save money In short, energy metering is ripe for a security-economics analysis, and in this paper we attempt a first cut We end up with five recommendations for the regulation of a future smart meter infrastructure

Security Economics and Critical National Infrastructure

Abstract: There has been considerable effort and expenditure since 9/11 on the protection of ‘Critical National Infrastructure’ against online attack. This is commonly interpreted to mean preventing online sabotage against utilities such as electricity,oil and gas, water, and sewage - including pipelines, refineries, generators, storage depots and transport facilities such as tankers and terminals. A consensus is emerging that the protection of such assets is more a matter of business models and regulation - in short, of security economics - than of technology. We describe the problems, and the state of play, in this paper. Industrial control systems operate in a different world from systems previously studied by security economists; we find the same issues (lock-in, externalities, asymmetric information and so on) but in different forms. Lock-in is physical, rather than based on network effects, while the most serious externalities result from correlated failure, whether from cascade failures, common-mode failures or simultaneous attacks. There is also an interesting natural experiment happening, in that the USA is regulating cyber security in the electric power industry, but not in oil and gas, while the UK is not regulating at all but rather encouraging industry’s own efforts. Some European governments are intervening, while others are leaving cybersecurity entirely to plant owners to worry about. We already note some perverse effects of the U.S. regulation regime as companies game the system, to the detriment of overall dependability.

Verified by visa and mastercard securecode: or, how not to design authentication

Abstract: Banks worldwide are starting to authenticate online card transactions using the ‘3-D Secure’ protocol, which is branded as Verified by Visa and MasterCard SecureCode. This has been partly driven by the sharp increase in online fraud that followed the deployment of EMV smart cards for cardholder-present payments in Europe and elsewhere. 3-D Secure has so far escaped academic scrutiny; yet it might be a textbook example of how not to design an authentication protocol. It ignores good design principles and has significant vulnerabilities, some of which are already being exploited. Also, it provides a fascinating lesson in security economics. While other single sign-on schemes such as OpenID, InfoCard and Liberty came up with decent technology they got the economics wrong, and their schemes have not been adopted. 3-D Secure has lousy technology, but got the economics right (at least for banks and merchants); it now boasts hundreds of millions of accounts. We suggest a path towards more robust authentication that is technologically sound and where the economics would work for banks, merchants and customers – given a gentle regulatory nudge.

Robbing the Bank with a Theorem Prover

Abstract: So it’s a fairly provocative title, how did we get to that? Well automated tools have been successfully applied to modelling security protocols and finding attacks, and some good examples here are Gavin Lowe’s work, using FDR to model the Needham-Shroeder protocols, and Larry Paulson’s work using Isabella to prove the SET protocol secure. Now we come to the observation that security protocols, and security application programming interfaces are very closely related. So just to define what we mean by a security API here. We’re talking devices that offer security services, that will obviously have some interface, typically the application programming interface, and unlike a normal API it also has to enforce policy onto the user, it has to make sure that keys remain secret, that PINs aren’t revealed, and that users can’t generally do things that would violate the security policy.

It’s the Anthropology, Stupid!

Abstract: Imagine a world five or ten years from now where virtualisation has become pervasive. Rather than doing your work on a personal computer, you have a laptop (or a tablet or a virtual reality headset) with a number of virtual machines — say one for work, one for play, one for serious personal things like banking, and one for the classified work on the defence contract your employer picked up.