I recently had the good fortune to be invited to speak on a panel hosted by the IT GRC forum on the topic "Why EMV Is Not The Only Answer to Payment Security" (on-demand replay of the session is available here.) The audience submitted questions and the panel addressed as many as time allowed. However, we did not have time to address them all, nor the opportunity for each panelist to weigh in on every question. Follow this blog over the next few days to see our response to some of the most intriguing; starting with "Is the algorithm used to encrypt the data stored on the chip in "Chip & PIN" cards a standard? If yes, would it not be a huge risk if someone is able to crack that algorithm and spreads the knowledge to the hacking community?" The direct answers to those questions are "yes" and "yes, but..." with some expansion that provides useful illustration of the EMV process and encryption for data protection in general...
Regarding the first question, the answer is necessarily yes, the encryption algorithms used to encrypt the data stored on the integrated circuit chips of EMV-compliant payment cards are documented in the standard. This is a requirement for the standard to be successful -- all the parties involved with handling payment transactions must be aware of what to expect, in terms of the encryption algorithms used to protect data. Otherwise, the opportunity for a mismatch would be so great that processing of payment transactions would slow to a crawl or fail altogether, leading to an unacceptable cardholder experience. Some view into the EMV algorithm specifications is found in "Annex B, Approved Cryptographic Algorithms" of EMVCo's "Integrated Circuit Card Specifications for Payment Systems, Book 2, Security and Key Management" (copy available here). The EMV specification illustrates a particularly interesting encryption use case.
That specification shows that triple DES (aka 3DES) and AES (Advanced Encryption Standard) as the approved symmetric encipherment (aka encryption) algorithms (section B1). Symmetric algorithms require that the same key be used for both the encryption and decryption operations. For asymmetric encryption (aka public key cryptography, where the key used to decrypt is different than that used to encrypt), section B2 specifies RSA, and the section closes with B.3 stating that SHA-1 is the approved hashing algorithm.
So, the encryption algorithms are very public and thoroughly documented, and that forces us to examine the second question "...would it not be a huge risk if someone is able to crack that algorithm...?" Clearly, it would be a huge risk if anyone could prove a practical crack of any of the algorithms mentioned. This points to the fundamental design requirements of acceptable algorithms -- they have been thoroughly vetted through peer review to be unbreakable, within practical assumptions regarding work effort required and projected computing capacity available. All of the algorithms mentioned are not unique to EMV but are, instead, approved standards used broadly across many markets and use cases.
The National Institutes of Standards (NIST) oversees the Federal Information Processing Standards (FIPS), the body of work focused on this area. It originally approved Data Encryption Standard (DES) as an appropriately strong encryption algorithm in 1977 as FIPS 46. As the speed and capacity of computing evolved, the work effort (calculations per second x anticipated parallel processing threads) required to crack DES dropped to a level that NIST was obliged to replace it with something stronger, leading to adoption of Triple DES (aka 3DES or3 key DES), formalized with the publication of FIPS 46-3 in 1999. That standard has subsequently been superseded by Advanced Encryption Standard (AES) with NIST's publication of FIPS 197 in 2001.
In all these cases, the confidence in the algorithm is founded on the mathematically projected work effort required to decrypt data without having prior access to the encryption key. So, the EMV standard is effective even though the encryption algorithms user are publicly documented, as it also requires extremely high standards of cryptographic key protection in the manufacture and personalization of EMV-compliant payment cards. It necessarily shifts the focus from the mathematical durability of the encryption algorithms used to the integrity and protection of an EMV key management system. The methods and degree of protection applied to the cryptographic keys is a fundamental component of all encryption use cases.
This foundation also speaks to one of the other questions asked "What happens if a warehouse of EMV card blanks is broken into?" Subscribe to this blog for our response to that question later this week.
You may also find two of the prior entries, "14 Signs You Should Add a Cryptographic Key Management System" or "Encryption Key Management Use Cases: Keys & the Cloud" worthwhile reading.
For more information about the importance of key management in data protection, click on the image below to register for a copy of "Five Key Management Fundamentals for Encryption Success.