| Presentation | 2006-07-21 Security Requirements for PIN Authentication in Financial Transactions Yuko TAMURA, Masashi UNE, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Financial institutions authenticate their customers at CD/ATM terminals mainly by using an ATM card and a four-digit personal identification number (PIN). With regard to ATM cards, many Japanese financial institutions are now replacing conventional magnetic stripe cards with IC cards as one of countermeasures against counterfeit of ATM cards. Thus, we have been discussing security requirements for authentication systems using the combination of an IC card and a PIN. We adopt the following approach: we first analyze IC card based authentication systems and PIN based authentication systems separately, and then combine results of these analyses. So far, in [2], we focused on the IC card based authentication systems which confirmed whether the customer to be authenticated had a genuine IC card or not, and clarified necessary conditions required to be secure against an impersonation attack by counterfeiting an IC card. In this paper, we will focus on the PIN based authentication systems as a next target to be discussed. At first, we classify the systems into five types by referring to ISO 9564-1, and describe concrete methods of the impersonation attack. Then, we clarify necessary conditions to be secure against the impersonation attack in each type of the authentication systems. By referring to the results of this paper and [2] simultaneously, we can easily obtain security requirements for the authentication systems using the combination of an IC card and a PIN when assuming the impersonation attack. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | entity authentication / impersonation / PIN / security requirement |
| Paper # | ISEC2006-47 |
| Date of Issue |
| Conference Information | |
| Committee | ISEC |
|---|---|
| Conference Date | 2006/7/14(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Security (ISEC) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Security Requirements for PIN Authentication in Financial Transactions |
| Sub Title (in English) | |
| Keyword(1) | entity authentication |
| Keyword(2) | impersonation |
| Keyword(3) | PIN |
| Keyword(4) | security requirement |
| 1st Author's Name | Yuko TAMURA |
| 1st Author's Affiliation | Institute for Monetary and Economic Studies, Bank of Japan() |
| 2nd Author's Name | Masashi UNE |
| 2nd Author's Affiliation | National Institute of Advanced Industrial Science and Technology |
| Date | 2006-07-21 |
| Paper # | ISEC2006-47 |
| Volume (vol) | vol.106 |
| Number (no) | 176 |
| Page | pp.pp.- |
| #Pages | 8 |
| Date of Issue | |