Abstract:

A number of efficient attacks against the typical financial API of tamper responding security modules will be presented. This allows the recovery of the PIN from an encrypted PIN block. These attacks succeed against the state of the art security modules of all major vendors, and are computationally trivial requiring between a few seconds and a couple of minutes. Some real world attack scenarios are also presented highlighting the potential for fraud.

dissertation, slides