Anzeige
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint
When organized crime applies academic results powerpoint

Check these out next

How to train your robot (with Deep Reinforcement Learning)
How to train your robot (with Deep Reinforcement Learning)
Lucas García, PhD
4 Strategies to Renew Your Career Passion
4 Strategies to Renew Your Career Passion
Daniel Goleman
The Student's Guide to LinkedIn
The Student's Guide to LinkedIn
LinkedIn
Different Roles in Machine Learning Career
Different Roles in Machine Learning Career
Intellipaat
Defining a Tech Project Vision in Eight Quick Steps pdf
Defining a Tech Project Vision in Eight Quick Steps pdf
TechSoup
The Hero's Journey (For movie fans, Lego fans, and presenters!)
The Hero's Journey (For movie fans, Lego fans, and presenters!)
Dan Roam
10 Inspirational Quotes for Graduation
10 Inspirational Quotes for Graduation
Guy Kawasaki
The Health Benefits of Dogs
The Health Benefits of Dogs
The Presentation Designer
1 von 49

When organized crime applies academic results powerpoint

14. Nov 2016
Downloaden Sie, um offline zu lesen
Geräte & Hardware

Abstract. This paper describes the forensic analysis of what the authors believe to be the most sophisticated smart card fraud encountered to date. In 2010, Murdoch et al. [7] described a man-inthe-middle attack against EMV cards. [7] demonstrated the attack using a general purpose FPGA board, noting that “miniaturization is mostly a mechanical challenge, and well within the expertise of criminal gangs”. This indeed happened in 2011, when about 40 sophisticated card forgeries surfaced in the field. These forgeries are remarkable in that they embed two chips wired top-to-tail. The first chip is clipped from a genuine stolen card. The second chip plays the role of the man-in-the-middle and communicates directly with the point of sale (PoS) terminal. The entire assembly is embedded in the plastic body of yet another stolen card. The forensic analysis relied on X-ray chip imaging, side-channel analysis, protocol analysis, and microscopic optical inspections.

Dennis Van Kerrebroeck
Anzeige
Anzeige
Anzeige

Recomendados

Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software2.3K Aufrufe64 Folien
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn554 Aufrufe39 Folien
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...Palo Alto Software83.5K Aufrufe39 Folien
9 Tips for a Work-free Vacation9 Tips for a Work-free Vacation
9 Tips for a Work-free VacationWeekdone.com2.4K Aufrufe14 Folien
I Rock Therefore I Am. 20 Legendary Quotes from PrinceI Rock Therefore I Am. 20 Legendary Quotes from Prince
I Rock Therefore I Am. 20 Legendary Quotes from PrinceEmpowered Presentations137.8K Aufrufe21 Folien
How to Map Your FutureHow to Map Your Future
How to Map Your FutureSlideShop.com265.5K Aufrufe16 Folien

Más contenido relacionado

Último(20)

Anusree Sreedharan PPT.pptxAnusree Sreedharan PPT.pptx
Anusree Sreedharan PPT.pptx
ShaliniSreedharan13 Aufrufe
【本科生、研究生】澳洲悉尼科技大学毕业证文凭购买指南【本科生、研究生】澳洲悉尼科技大学毕业证文凭购买指南
【本科生、研究生】澳洲悉尼科技大学毕业证文凭购买指南
akuufux4 Aufrufe
PFM50S 300VAC / 5A TO 20A / M5 STUDSPFM50S 300VAC / 5A TO 20A / M5 STUDS
PFM50S 300VAC / 5A TO 20A / M5 STUDS
Premier Filters, Inc.0 Aufrufe
thermistorthermistor
thermistor
AmirulMohdNoor11 Aufruf
CubiScan 25 Operation Manual 1.2.pdfCubiScan 25 Operation Manual 1.2.pdf
CubiScan 25 Operation Manual 1.2.pdf
AlbertoSoliz30 Aufrufe
【本科生、研究生】加拿大卡尔加里大学毕业证文凭购买指南【本科生、研究生】加拿大卡尔加里大学毕业证文凭购买指南
【本科生、研究生】加拿大卡尔加里大学毕业证文凭购买指南
akuufux3 Aufrufe
КУПИ ПАСОШ,ВОЗАЧКА ДОЗВОЛА,ЛИЧНА КАРТА,ДИПЛОМА, ИЗВЕШТАЈ О РОЂЕЊУ,ШЕНГЕН ВИЗА...КУПИ ПАСОШ,ВОЗАЧКА ДОЗВОЛА,ЛИЧНА КАРТА,ДИПЛОМА, ИЗВЕШТАЈ О РОЂЕЊУ,ШЕНГЕН ВИЗА...
КУПИ ПАСОШ,ВОЗАЧКА ДОЗВОЛА,ЛИЧНА КАРТА,ДИПЛОМА, ИЗВЕШТАЈ О РОЂЕЊУ,ШЕНГЕН ВИЗА...
copeg4132 Aufrufe
【本科生、研究生】美国科罗拉多大学波尔得分校毕业证文凭购买指南【本科生、研究生】美国科罗拉多大学波尔得分校毕业证文凭购买指南
【本科生、研究生】美国科罗拉多大学波尔得分校毕业证文凭购买指南
foxupud3 Aufrufe
【本科生、研究生】加拿大罗瑞尔大学毕业证文凭购买指南【本科生、研究生】加拿大罗瑞尔大学毕业证文凭购买指南
【本科生、研究生】加拿大罗瑞尔大学毕业证文凭购买指南
foxupud3 Aufrufe
Lecture1(laser).pptx.pdfLecture1(laser).pptx.pdf
Lecture1(laser).pptx.pdf
SouvikMukherjee951 Aufruf
【本科生、研究生】英国伦敦政治经济学院毕业证文凭购买指南【本科生、研究生】英国伦敦政治经济学院毕业证文凭购买指南
【本科生、研究生】英国伦敦政治经济学院毕业证文凭购买指南
akuufux3 Aufrufe
【本科生、研究生】新西兰北方理工学院毕业证文凭购买指南【本科生、研究生】新西兰北方理工学院毕业证文凭购买指南
【本科生、研究生】新西兰北方理工学院毕业证文凭购买指南
akuufux3 Aufrufe
openai-chatgpt sunumuopenai-chatgpt sunumu
openai-chatgpt sunumu
glkabakc0 Aufrufe
boat airdopes.pdfboat airdopes.pdf
boat airdopes.pdf
SushilVishwakarma284 Aufrufe
Components of system unit-chapter-04.pptxComponents of system unit-chapter-04.pptx
Components of system unit-chapter-04.pptx
AnmolJalil5 Aufrufe
DIY Home Weather Station (Devoxx Poland 2023)DIY Home Weather Station (Devoxx Poland 2023)
DIY Home Weather Station (Devoxx Poland 2023)
Ryan Cuprak0 Aufrufe
【本科生、研究生】澳洲詹姆士库克大学毕业证文凭购买指南【本科生、研究生】澳洲詹姆士库克大学毕业证文凭购买指南
【本科生、研究生】澳洲詹姆士库克大学毕业证文凭购买指南
foxupud2 Aufrufe
RaspberryPi.pptxRaspberryPi.pptx
RaspberryPi.pptx
Pheo250 Aufrufe
Lab3&4-Excercise.pptxLab3&4-Excercise.pptx
Lab3&4-Excercise.pptx
JazzyB51 Aufruf
【本科生、研究生】美国加州大学伯克利分校毕业证文凭购买指南【本科生、研究生】美国加州大学伯克利分校毕业证文凭购买指南
【本科生、研究生】美国加州大学伯克利分校毕业证文凭购买指南
akuufux3 Aufrufe

Destacado(20)

How to train your robot (with Deep Reinforcement Learning)How to train your robot (with Deep Reinforcement Learning)
How to train your robot (with Deep Reinforcement Learning)
Lucas García, PhD40.2K Aufrufe
4 Strategies to Renew Your Career Passion4 Strategies to Renew Your Career Passion
4 Strategies to Renew Your Career Passion
Daniel Goleman120K Aufrufe
The Student's Guide to LinkedInThe Student's Guide to LinkedIn
The Student's Guide to LinkedIn
LinkedIn82.6K Aufrufe
Different Roles in Machine Learning CareerDifferent Roles in Machine Learning Career
Different Roles in Machine Learning Career
Intellipaat11.3K Aufrufe
Defining a Tech Project Vision in Eight Quick Steps pdfDefining a Tech Project Vision in Eight Quick Steps pdf
Defining a Tech Project Vision in Eight Quick Steps pdf
TechSoup 8.6K Aufrufe
The Hero's Journey (For movie fans, Lego fans, and presenters!)The Hero's Journey (For movie fans, Lego fans, and presenters!)
The Hero's Journey (For movie fans, Lego fans, and presenters!)
Dan Roam28K Aufrufe
10 Inspirational Quotes for Graduation10 Inspirational Quotes for Graduation
10 Inspirational Quotes for Graduation
Guy Kawasaki301.4K Aufrufe
The Health Benefits of DogsThe Health Benefits of Dogs
The Health Benefits of Dogs
The Presentation Designer 34.2K Aufrufe
The Benefits of Doing NothingThe Benefits of Doing Nothing
The Benefits of Doing Nothing
INSEAD51.3K Aufrufe
A non-technical introduction to ChatGPT - SEDA.pptxA non-technical introduction to ChatGPT - SEDA.pptx
A non-technical introduction to ChatGPT - SEDA.pptx
Sue Beckingham17.9K Aufrufe
The Dungeons & Dragons Guide to MarketingThe Dungeons & Dragons Guide to Marketing
The Dungeons & Dragons Guide to Marketing
Ian Lurie15.9K Aufrufe
How You Can Change the WorldHow You Can Change the World
How You Can Change the World
24Slides58K Aufrufe
signmesh snapshot - the best of sustainabilitysignmesh snapshot - the best of sustainability
signmesh snapshot - the best of sustainability
signmesh9.5K Aufrufe
The Science of a Great Career in Data ScienceThe Science of a Great Career in Data Science
The Science of a Great Career in Data Science
Kate Matsudaira38.2K Aufrufe
The ABC’s of Living a Healthy LifeThe ABC’s of Living a Healthy Life
The ABC’s of Living a Healthy Life
Dr. Omer Hameed1.2M Aufrufe
CAREER FORWARD - THE TOOLS YOU NEED TO START MOVINGCAREER FORWARD - THE TOOLS YOU NEED TO START MOVING
CAREER FORWARD - THE TOOLS YOU NEED TO START MOVING
Kelly Services3K Aufrufe
Top 5 Skills for Project ManagersTop 5 Skills for Project Managers
Top 5 Skills for Project Managers
LinkedIn Learning Solutions22.9K Aufrufe
Mind-Blowing Facts About National ParksMind-Blowing Facts About National Parks
Mind-Blowing Facts About National Parks
Ethos343.3K Aufrufe
8 Easy Ways to Relieve Stress At Work (Backed By Science)8 Easy Ways to Relieve Stress At Work (Backed By Science)
8 Easy Ways to Relieve Stress At Work (Backed By Science)
True Stress Management2.8K Aufrufe
ChatGPT What It Is and How Writers Can Use It.pdfChatGPT What It Is and How Writers Can Use It.pdf
ChatGPT What It Is and How Writers Can Use It.pdf
Adsy32.2K Aufrufe
Anzeige

When organized crime applies academic results powerpoint

  1. When Organized Crime Applies Academic Results A Forensic Analysis of an In-Card Listening Device Assia Tria assia.tria@cea.fr David Naccache, Houda Ferradi, Rémi Géraud Toulouse : 27 janvier 2016 Assia Tria , Toulouse : 27 janvier 2016
  2. 15867 techniciens, ingénieurs, chercheurs et collaborateurs 10 centres de recherche 4,3 Mds € de budget 1608 brevets prioritaires délivrés et en vigueur en portefeuille >650 dépôts de brevets prioritaires 150 start-up depuis 1984 dans le secteur des technologies innovantes 45 Unités mixtes de recherche (UMR) 25 Laboratoires de recherche correspondants Le Commissariat à l’Energie Atomique et aux Energies Alternatives Technologies Clés Génériques Direction de la Recherche Technologique Direction Générale du CEA TechnologieScience Défense Sécurité Direction des Applications Militaires Energie Nucléaire Direction de l’Energie Nucléaire Mission DAM : indépendance stratégique de la France Mission DEN : indépendance énergétique de la France Mission DRT : ré-industrialisation de la France par l’innovation Recherche fondamentale Direction des Sciences de la Matière Direction des Sciences du Vivant Assia Tria , Toulouse : 27 janvier 2016
  3. 3 Instituts thématiques 1 Institut de diffusion en régions (2003) Saclay (1967) Grenoble (2005) Grenoble / Chambéry 280 M€ - 2100 pers. (1800 CEA) 80 M€ - 1000 pers. ( 800 CEA) 180 M€ - 1200 pers. (1000 CEA) CEA Tech Régions (2012) CEA-Tech acteur français majeur en recherche technologique Assia Tria , Toulouse : 27 janvier 2016
  4. Teams • ITSEF (CESTI) – Evaluations (15p) • LSOC laboratory – 20p, Security for applications • CMP – Gardanne: ENMSE – LETI – Components Security (30p incl 6 CEA) • Resources from other LETI’s dpts (1500 p) – Design, Technology, Characterization Assia Tria , Toulouse : 27 janvier 2016
  5. Security in LETI and CEA-TECH PACA  Characterization of the Threats • Implementing attacks on device  Evaluation of the security • Common criteria, EMVCo evaluations  Improvement of the security • Technology, architectures and software protections Physical devices with physical access from the attacker: Crypto boards, HSM Biometrics Phones, smartphones TPM, Trusted computing Smarcards, e-passports, E-Id, RIFD Assia Tria , Toulouse : 27 janvier 2016
  6. Goal of This Presentation • Illustrate to what length white collar criminals can go to hack embedded electronic devices. • To date, the following is the most sophisticated smart card fraud encountered in the field. • Goal: raise awareness to the level of resistance that IoT devices must have to resist real attacks in the field. Assia Tria , Toulouse : 27 janvier 2016
  7. Context • A forensic assignments. Assia Tria , Toulouse : 27 janvier 2016
  8. The Judicial Seizure Assia Tria , Toulouse : 27 janvier 2016
  9. The Judicial Seizure • What appears as an ISO/IEC 7816 smart card. • The plastic body indicates that this is a VISA card issued by Caisse d’Épargne (a French bank). • Embossed details are: – PAN5= 4978***********89; – expiry date in 2013; – and a cardholder name, hereafter abridged as P.S. – The forgery’s backside shows a normally looking CVV. • PAN corresponds to a Caisse d’Épargne VISA card. PAN=Permanent Account Number (partially anonymized here). CVV=Card Verification Value. Assia Tria , Toulouse : 27 janvier 2016
  10. The backside is deformed around the chip area. Such a deformation is typically caused by heating. Heating (around 80°C) allows melting the potting glue to detach the card module. Visual Inspection Assia Tria , Toulouse : 27 janvier 2016
  11. Visual Inspection The module looks unusual in two ways: • it is engraved with the inscription “FUN”; • glue traces (in red) clearly show that a foreign module was implanted to replace the **89 card’s original chip Assia Tria , Toulouse : 27 janvier 2016
  12. FUNCards Assia Tria , Toulouse : 27 janvier 2016
  13. FUNCard’s Inner Schematics Assia Tria , Toulouse : 27 janvier 2016
  14. Side-views show that forgery is somewhat thicker than a standard card (0.83mm). Extra thickness varies from 0.4 to 0.7mm suggesting the existence of more components under the card module, besides the FUNcard. Assia Tria , Toulouse : 27 janvier 2016
  15. FUNCard Under X-Ray  External memory (AT24C64)  µ-controller (AT90S85515A) Connection wires  Connection grid Assia Tria , Toulouse : 27 janvier 2016
  16. FunCard vs. Forgery X-Ray Assia Tria , Toulouse : 27 janvier 2016
  17. Forgery vs. FunCard  Stolen card module  Connection wires added by fraudster  Welding points added by the fraudster Assia Tria , Toulouse : 27 janvier 2016
  18. Pseudo-Color Analysis Materials may have the same color in the visible region of the EM spectrum and thus be indistinguishable to the Human eye. However, these materials may have different properties in other EM spectrum parts. The reflectance or transmittance spectra of these materials may be similar in the visible region, but differ in other regions. Pseudo-coloring uses information included in the near- infrared region (NIR) i.e. 800-1000nm to discriminate materials beyond the visible region. Assia Tria , Toulouse : 27 janvier 2016
  19. Pseudo-Color Analysis Assia Tria , Toulouse : 27 janvier 2016
  20. Pseudo-Color Analysis Stolen chip now clearly appears in green. Assia Tria , Toulouse : 27 janvier 2016
  21. Forgery Structure Suggested so Far Assia Tria , Toulouse : 27 janvier 2016
  22. Forgery Structure Suggested so Far Stolen card speaks to reader but instead of the reader the communication Is intercepted by the fun card Assia Tria , Toulouse : 27 janvier 2016
  23. Forgery Structure Suggested so Far What the stolen card says goes into the FUNcard Assia Tria , Toulouse : 27 janvier 2016
  24. Forgery Structure Suggested so Far FUNCard talks to the reader Assia Tria , Toulouse : 27 janvier 2016
  25. Electronic Analysis Attempt It is possible to read-back FunCard code. If the card is not locked Attempted read-back failed. Device locked. Anti-forensic protection by fraudster. Assia Tria , Toulouse : 27 janvier 2016
  26. Magnetic Stripe Analysis The magnetic stripe was read and decoded. ISO1 and ISO2 tracks perfectly agree with embossed data. ISO3 is empty, as is usual for European cards. Assia Tria , Toulouse : 27 janvier 2016
  27. Electronic Information Query Data exchanges between the forgery and the PoS were monitored. – The forgery responded with the following information: – PAN = 4561**********79; – expiry date in 2011; – cardholder name henceforth referred to as H.D. All this information is in blatant contradiction with data embossed on the card. The forgery is hence a combination of two genuine cards Assia Tria , Toulouse : 27 janvier 2016
  28. Flashback 2010 Assia Tria , Toulouse : 27 janvier 2016
  29. Flashback 2010 Assia Tria , Toulouse : 27 janvier 2016
  30. The problem is here! Assia Tria , Toulouse : 27 janvier 2016
  31. Flashback 2010 Assia Tria , Toulouse : 27 janvier 2016
  32. Flashback 2010 Assia Tria , Toulouse : 27 janvier 2016
  33. Flashback 2010 Assia Tria , Toulouse : 27 janvier 2016
  34. Modus Operandi Hypothesis Assia Tria , Toulouse : 27 janvier 2016
  35. Problem with Hypothesis! no visible signal activity here! Assia Tria , Toulouse : 27 janvier 2016
  36. Back to X-Ray: Solution to Riddle! no visible signal activity here! Assia Tria , Toulouse : 27 janvier 2016
  37. Anti-Forensic Protection by Fraudster Assia Tria , Toulouse : 27 janvier 2016
  38. Using Power Consumption Analysis Assia Tria , Toulouse : 27 janvier 2016
  39.  PoS sends the ISO command 00 A4 04 00 07  Command echoed to the stolen card by the FunCard  Stolen card sends the procedure byte A4 to the FunCard  FunCard retransmits the procedure byte to the PoS  PoS sends data to FunCard  FunCard echoes data to stolen card  Stolen card sends SW to FunCard  FunCard transmits SW to PoS Color Code: PoS FunCard FunCard Stolen Card Stolen Card FunCard FunCard PoS Assia Tria , Toulouse : 27 janvier 2016
  40. Power Consuption During GetData Confirms the modus operandi Assia Tria , Toulouse : 27 janvier 2016
  41. Power trace of the forgery during VerifyPIN command. Note the absence of retransmission on the power trace before the sending of the SW VerifyPIN Power Trace Analysis Assia Tria , Toulouse : 27 janvier 2016
  42. Having Finished All Experiments We can ask the judge’s authorization to perform invasive analysis. Authorization granted. Assia Tria , Toulouse : 27 janvier 2016
  43.  Connection grid  Stolen card module (outlined in blue) Stolen card’s chip  FunCard module  Welding of connection wires Invasive Analysis Assia Tria , Toulouse : 27 janvier 2016
  44.  FunCard module  Genuine stolen card Welded wire Invasive Analysis Assia Tria , Toulouse : 27 janvier 2016
  45. Original EMV Chip Clipped by Fraudster Cut-out pattern over laid Assia Tria , Toulouse : 27 janvier 2016
  46. Wiring Diagram of the Forgery Assia Tria , Toulouse : 27 janvier 2016
  47. In Conclusion Attackers of modern embedded IoT devices • Use advanced tools • Are very skilled engineers • Are well aware of academic publications • Use s/w and h/w anti-forensic countermeasures If you do not design your IoT device with that in mind and if stakes are high enough, the device will be broken. Assia Tria , Toulouse : 27 janvier 2016
  48. Economical Damage Cost of device replacement in the field Cost of fraud (stolen money) Damage to reputation plus: Forensic analysis cost. Here: 3 months of full time work. Assia Tria , Toulouse : 27 janvier 2016
  49. Thank for your attention Assia Tria , Toulouse : 27 janvier 2016
Anzeige