Decimalization table attack

A decimalization table attack is a technique that may allow a corrupt insider at a bank to discover Personal Identification Numbers (PINs) by exploiting a design flaw in the Hardware Security Module used to protect the PIN.

PINs for payment cards are usually generated by encrypting the card number under a secret key held securely by the issuing bank. The encryption produces a hexadecimal value with digits in the range 0 to 9 and A to F. A decimalization table is then used to convert this value to a PIN with digits in the range 0 to 9, for instance mapping A to 0, B to 1, etc.

When a transaction is authorized, the PIN is verified when the bank's software sends the encrypted PIN to a hardware security module (HSM). The HSM then indicates whether the PIN was correct or not.

Some HSMs require the bank's software to send the decimalization table to the HSM. A decimalization table attack is the technique where a corrupt insider with access to the bank's HSM manipulates the decimalization table in order to guess the PIN more rapidly than should otherwise be possible.

In 2002 two PhD students at Cambridge University, Piotr Zieliński and Mike Bond, discovered a decimalization table attack in the PIN verification system of the IBM 3624, which was duplicated in most later hardware. The attack allowed someone who has access to a bank's computer system to determine the PIN for an ATM card in an average of 15 guesses, instead of the average 5000 guesses expected for a 4-digit PIN.^[1][2] This type of attack is known as an API attack because it relies on exploiting a weakness in the Application Programming Interface (API) of the HSM.

See also

• Automated teller machine

References

1. ^ Cam.ac.uk, Tech reports
2. ^ Cam.ac.uk, media coverage