Assignment 1: ATM Card Authentication
Logistics
This assignment must be submitted by 1:30 PM on Tuesday 15 February.
Submit your solution by emailing it (as an attachment) to submit496-1@felten.com.
Your solution should be a zip-file containing three things: your source
code (AtmCardAuth.java), your compiled code (AtmCardAuth.class),
and a report that describes what you did and why. The report should
be an HTML file named index.html. (It may contain links
to other files, if you include those files in your submission.)
You must work by yourself on this assignment. You may not collaborate
with anybody else.
Introduction
At present, the bank's ATM cards are terribly insecure. The PIN number
for every account is equal to the account number, and that number is printed
on the card. As a result, a criminal can forge cards or use
a stolen card.
Your goal in this assignment is to improve the security of the ATM card
authentication. You will decide what information to encode on the
card and how to check the validity of an entered PIN.
You will implement your solution by modifying the file AtmCardAuth.java,
which has been provided in the bank's software.
ATM Cards
There is an ATM card for every bank account; the ATM card is issued when
the account is created.
An ATM card has two things encoded on it: an account number and some
check bytes. The account number is just the number of the bank account
to which the card corresponds. The check bytes are 32 bytes of arbitrary
data. You must decide how the check bytes are generated and used.
The Code
When an ATM card is issued, the card's PIN is entered, and the AtmCard.createCheckBytes
method is called. Its job is to decide what the card's check
bytes should be. It is given the account number and the pin, and
it returns an array of 32 bytes which will become the check bytes of the
card. These check bytes are written on the card, along with the account
number.
Later, when the customer inserts the card into an ATM and enters the
PIN, the AtmCardAuth.checkPin method is called, to check whether
the customer entered the correct PIN. It is given the account number,
the entered PIN, and the check bytes from the card, and it returns true
if the entered PIN is correct and false otherwise.
The implementation of AtmCardAuth that we gave you is terribly insecure.
It puts the same check bytes on every card (the byte values 0, 1, 2,
..., 31), and it accepts the entered PIN if it is equal to the account
number. Your task in this assignment is to design a better way of
choosing the check bytes and using them to check entered PINs, and to implement
your design by rewriting the AtmCardAuth.java file.
Your solution must validate entered PINs in an offline fashion.
This means that PINs must be verified using just the information stored
on the card and in the AtmCardAuth class. You may store
information in static variables of the AtmCardAuth class, but
that information must be created at compile time. (As a result, you
may not store information about issued cards in the AtmCardAuth
class.)
Threat Model
The adversary's goal is to use an ATM to gain access to an account other
than his own. Your goal is to prevent him from doing so. Of
course, youmust not prevent legitimate users from gaining ATM access to
their accounts.
You should make the following assumptions about the adversary:
-
The adversary can create one or more "forged" ATM cards containing any
information he chooses.
-
The adversary knows how many accounts there are and what their account
numbers are.
-
The adversary can open one or more accounts. For each account he
opens, he can choose the PIN and then observe the information encoded on
the card.
-
For each account other than his own, the adversary can either learn the
check bytes encoded on the card, or learn the PIN, but not both.
For each account, assume that the adversary gets to choose whether he will
learn the check bytes or the PIN.
-
The adversary knows what algorithm you are using. He can observe
all of the code in your AtmCardAuth.java file, but he cannot see the values
of any static variables you create.
(Note that you are not required to lock out an adversary who learns
both the check bytes and the PIN. Indeed, there is no way
to tell such an adversary from the legitimate account holder.)
Your Report
Your report should describe your solution, explain why it allows legitimate
users to access their accounts, and justify why it prevents the adversary
from gaining illegitimate access under the assumptions listed above.
Your report should be concise but should be as convincing as you can make
it. The quality of your report will be a very important component
of your grade, so pay at least as much attention to your report as to your
code.
Helpful Hints
We have provided you with a PseudoRandomFunc class, which implements a
pseudorandom function. If x is an array of 32 bytes, then
PseudoRandomFunc.r(x) will return a 32-byte array that is the
result of applying a pseudorandom function to x.
Copyright 2000, Edward W. Felten.