Paul Kocher, the president and chief scientist of Rambus Cryptography Research division, recently penned an article for the New York Times about the long-overdue U.S. upgrade to “smart” credit cards equipped with security chips.
The cards – which employ a protocol known as E.M.V. – are currently widely used throughout Europe and the rest of the world. However, most American cards today are only equipped with a magnetic strip to verify authorized customer activity.
“With a magnetic stripe, payment terminals access all the information required to produce a clone of the card,” writes Kocher. “In contrast, the E.M.V. cards give merchants nonreusable authentication codes, drastically reducing the potential for fraudulent use of information that can be hacked from retailers.”
According to Kocher, the upgrade will deny cyber criminals one of their most lucrative strategies, although they certainly won’t be throwing in the digital towel anytime soon.
“Instead they’ll shift to other lucrative (though somewhat less attractive) ways to profit from stolen data and credentials, such as stealing from brokerage accounts, forging checks, filing bogus tax refunds and engaging in insider trading and medical billing schemes,” Kocher attests. “More systems will get attacked and then upgraded, technical advances will create new and greater opportunities for abuse, and the cycle will continue.”
Nevertheless, says Kocher, the market is steadily progressing towards safer technologies, with cryptographic algorithms providing the mathematical building blocks for security and privacy. Indeed, dedicated security hardware that once occupied racks of equipment can now be manufactured on the corner of a chip for just a few cents.
“The E.M.V. roll-out is a critical first step, but it will take a long time to shift our critical security tasks away from complex microprocessors and their software to simpler, well-isolated circuits and chips built for security,” he concludes.
As we’ve previously discussed on Rambus Press, legendary cryptographer Paul Kocher discovered timing cryptanalysis – a method of obtaining secret keys from cryptographic devices operating in non-constant time. More specifically, he determined that many RSA and Diffie-Hellman were executing simple operations faster than more complex ones, allowing keys to be found by measuring the variations and applying innovative statistics.
Kocher also co-developed simple power analysis and differential power analysis, contributed to the design of Deep Crack (a DES brute-force key search machine) and co-authored the Secure Sockets Layer (SSL) 3.0 protocol, a cryptographic standard for secure communications over the Internet.