Here, the protocol failure was the lack of linkage between the PIN and the
account number. In fact, interbank standards call for PIN encryption to include
the account number, but the bank’s system antedated these standards.
This illustrates the fact that encryption is not as straightforward as it looks. It
can be used for a number of purposes, including keeping data secret, guaranteeing
the authenticity of a person or transaction, producing numbers which appear to
be random, or binding the parts of a transaction together. However, we have
to be very clear about what we are trying to do in each case: encryption is not
synonymous with security, and its improper use can lead to errors.
2.2 Hacking pay-per-view TV
We will now turn from offline to online systems, and we will assume that our
opponent Charlie controls the network and can modify messages at will. This
may seem a bit extreme, but is borne out by the hard experience of the satellite
TV industry.
Satellite TV signals are often encrypted to make customers pay a subscrip-
tion, and the decoders are usually personalised with a secure token such as a
smartcard. However, this card does not have the processing power to decrypt
data at video rates, so we will usually find at least one cryptoprocessor in the
decoder itself. Many decoders also have a microcontroller which passes messages
between the cryptoprocessor and the card, and these have been replaced by at-
tackers. Even where this is hard, hackers can easily interpose a PC between the
decoder and the card and can thus manipulate the traffic.
– If a customer stops paying his subscription, the system typically sends a
message over the air which instructs the decoder to disable the card. In the
‘Kentucky Fried Chip’ hack, the microcontroller was replaced with one which
blocked this particular message. This was possible because the message was
not encrypted [Mcco93].
– More recently a crypto key was obtained in clear, possibly by a microprobing
attack on a single card; as the card serial numbers were not protected, this
key could be used to revive other cards which had been disabled.
– In another system, the communications between the decoder and the card
were synchronous across all users; so people could video record an encrypted
programme and then decrypt it later using a protocol log posted to the
Internet by someone with a valid card [Kuhn95].
These attacks are not just an academic matter; they have cost the industry
hundreds of millions of pounds.
So in the following sections, our model will be that Alice wishes to commu-
nicate with Bob with the help of Sam, who is trusted, over a network owned by
Charlie, who is not. In satellite TV, Alice would be the user’s smartcard, Bob
the decoder, Charlie the compromised microcontroller (or a PC sitting between
the set-top box and the smartcard) and Sam the broadcaster; in a distributed
system, Alice could be a client, Bob a server, Charlie a hacker and Sam the
authentication service.
剩余14页未读,继续阅读
weixin_38581308
- 粉丝: 2
- 资源: 893
我的内容管理
展开
最新资源
- 51单片机驱动DS1302时钟与LCD1602液晶屏万年历设计
- React 0.14.6版本源码分析与组件实践
- ChatGPT技术解读与应用分析白皮书
- 米-10直升机3D模型图纸下载-3DM格式
- Tsd Music Box v3.02:全面技术项目源码资源包
- 图像隐写技术:小波变换与SVD数字水印的Matlab实现
- PHP图片上传类源码教程及资源下载
- 掌握图像压缩技术:Matlab实现奇异值分解SVD
- Matlab万用表识别数字仪表教程及源码分享
- 三栏科技博客WordPress模板及丰富技术项目源码资源下载
- 【Matlab】图像隐写技术的改进LSB方法源码教程
- 响应式网站模板系列:右侧多级滑动式HTML5模板
- POCS算法超分辨率图像重建Matlab源码教程
- 基于Proteus的51单片机PWM波频率与占空比调整
- 易捷域名查询系统源码分享与学习交流平台
- 图像隐写术:Matlab实现SVD数字水印技术及其源码
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
