Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
One of the most widely used block ciphers in the financial world was the Data Encryption Standard (DES) algorithm, also known as the Data Encryption Algorithm (DEA). This algorithm was originally chosen as a FIPS standard in 1976 and is currently considered insecure because its key length (56 real key bits and 8 parity bits) is now short enough to be easily compromised with current computing techniques (For example, the EFF DES Breaker, the Cost-Optimized Parallel Code Breaker (COPACABANA) and Crack.sh: The World's Fastest DES Cracker, among others).
Figure 1. Structure of a DES key: 64 bits, of which the last bit of each byte is used as a parity bit.
In response to this problem, two algorithms were developed that used the same DES base but added new complexity to the process by using additional iterations and keys:
Figure 2. Double DES (K1 ≠ K2)
Figure 3. Double-length TDEA (K1 ≠ K2)
Figure 4. Triple-length TDEA (K1 ≠ K2 ≠ K3)
The set of keys used in 2DES and 3DES and their specific order is called a Key Bundle, a concept introduced in the 1990s. When using several keys, the order of keys must be established or the decryption process will be incorrect. Additionally, the use of key bundles helps protect against any meet-in-the-middle attacks. These types of attacks are programmed to obtain cryptographic keys in ciphers that use two or more keys in multiple encryption rounds with the same algorithm.
However, the use of key bundles does not guarantee the complete security of the cryptosystem. One of the main problems lies in the security during the process of exchange and storage of symmetric keys in hostile environments. Usually, these keys are shared or stored by encrypting them with another key (key-encrypting key - KEK). If a KEK is transmitted or stored without any attributes restricting its use to specific processes (encryption of another key), an attacker could exploit this vulnerability as part of a cryptosystem attack (cryptanalysis).
One of the most popular solutions to manage this problem is the use of variants (Key Variants). Variants are created by combining a binary mask with the original key, depending on the type of implementation (Atalla variant, Thales variant, IBM variant or Control Vectors, etc.). However, this method does not provide any functionality for key integrity verification or authentication.
Key Wrapping solves this problem. Key wrapping is an additional cryptographic protection concept which can be used for both TDEA (Triple DEA Key Wrap - TKW) and AES (AES Key Wrap - AESKW or AES Key Wrap With Padding - KWP). The purpose of key wrapping is to unequivocally link the key (AES or all keys in a TDEA Key Bundle) to additional information (metadata), establishing specific usage policies for each key. In general terms, the use of key wrapping allows you to:
In this way, the functionalities provided by the key bundles and variants can be deployed using only key wrapping. Technically, the concept of key wrapping is also known as key blocks.
To maintain compliance with the requirements 18-3 of PCI PIN v3.0 and P2PE v3.0, some of the acceptable methods for implementing key blocks are:
There are multiple proprietary implementations of these key block methods, including Atalla Key Blocks (AKB) and Thales Key Blocks (TKB). To avoid compatibility issues and ensure consistency with ANSI X9.24, in 2017 ANSI developed the ASC X9 TR-31: Interoperable Secure Key Exchange Key Block Specification technical report, which is now the de facto method for implementing key blocks.
In X9 TR-31, each key block contains a protected key, the information of its use limitations, and other metadata that are protected by a key wrapping mechanism.
Figure 5. Key Block Structure using ANSI X9.24
(source: www.pcihispano.com)
This model involves the generation of a new encryption key (Key-Block Protection Key - KBPK) from which two additional keys will be derived. One to encrypt the section containing the cryptogram of the key and its length, called Key-Block Encryption Key (KBEK), and another to generate a message authentication code (Message Authentication Code - MAC) of the entire content of the key block. The use of these structures ensures the change or replacement of any bit in the attributes or the encryption key can be effectively detected.
Figure 6. Example of decoding a Key Block, including the header description, using EFTlab BP-Tools (https://www.eftlab.com/bp-tools/)
Generally, encryption keys can be stored or transmitted by any of the following methods:
Traditionally, when keys are stored or transmitted by encrypting them with other keys (called Key-encrypting (encipherment or exchange) keys - KEK) it cannot be guaranteed that the KEK can only be used for the encryption or decryption of other keys nor can its integrity be validated. In that case, the use of key blocks is essential and is applicable anytime a cryptographic key exists outside the boundaries of a security cryptographic device (SCD).
The concept of key wrapping / key blocks applies to any symmetrical encrypted key.
Finally, to enable a coordinated and phased migration to key blocks (July 2020 for PCI PIN and August 2020 for P2PE) the PCI SSC defined the following phases and their related dates (modified due to the impact of the COVID-19):
With the release of the PCI PIN v2.0 standard in 2014, all encrypted symmetric keys must now be managed in structures known as key blocks. Key blocks allow the integrity of cryptographic keys to be protected in a standardized manner with an unambiguous association to a particular use. This safeguard helps prevent unauthorized modification or substitution.
This article has delved into the history and necessity of using key blocks, as well as the key dates stipulated for the global implementation of this security mechanism.
References
PCI Security Standards Council Bulletin: Revisions to the Implementation Date for PCI PIN Security Requirement 18-3
PCI Security Standards Council Bulletin: Revisions to the Implementation Dates for PCI P2PE Security Requirement 18-3
PCI SSC Information Supplement: Cryptographic Key Blocks (Junio 2017)
PCI SSC Information Supplement: PIN Security Requirement 18-3 -Key Blocks (Junio 2019)
Geobridge: Implementing Key Blocks Guide
SANS: 3DES and Secure PIN-based Electronic Transaction Processing
ANSI X9.24 Part 1-2009 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques
ANSI X9.24 Part 2-2006 Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for Distribution of Symmetric Keys
ANSI X9 TR-31, Interoperable Secure Key Exchange Key Block Specification
ISO 20038: Banking and related financial services - Key wrap using AES
Column Header Text | Column Header Text | Column Header Text |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
|
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Performing a review of the media inventories at least annually |
Performing a review of the media inventories at least annually |
Performing a review of the media inventories at least annually |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
I am the Senior Security Consultant in Advantio. I have more than 15 years of experience, working both in South America and Europe. My information security background includes consultancy and audit, training, implementation of security technologies and design and policy development among others.
Certifications: CISSP, CISM, CISA, CRISC, CEH, CHFI, PCI QSA, QSA (P2PE), 3DS Assessor
Comments