Personal tools
You are here: Home Events Lab lunch speakers 2010 Gavin Keighren

Gavin Keighren

The EMV PIN Verification "Wedge" Vulnerability

On 11 Feb 2010, four Cambridge security researchers publicised a man-in-the-middle attack on the "Chip & PIN" verification process. The attack exploits a deficiency in the verification protocol and works by preventing the card from receiving the terminal's PIN verification request message, and tricking the terminal into believing that the card has accepted the PIN that was entered.

I will outline the attack along with some of the possible fixes as suggested by the researchers in their draft paper on the flaw [1]. I will also touch on some of the approaches used to detect such flaws at the design/implementation stage.

[1] "Chip and PIN is Broken", Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond. To appear in IEEE Symposium on Security and Privacy, May 2010.

Document Actions