DERIVED UNIQUE TOKEN PER TRANSACTION

Transcription

1 SESSION ID: ASEC-W04 DERIVED UNIQUE TOKEN PER TRANSACTION Jeff Stapleton VP Security Architect Wells Fargo X9F4 workgroup chair

2 Application Security Solution: tokenization technology Substitute sensitive data for benign data Control: benign data is safe Data in storage Data in transit Data in process Application interoperability aware unaware Original Data App 1 aware unaware App 2 Data 2

3 Problems s data elements not well understood X9 sensitive payment card data tokens EMV payment tokens Apple Pay, Google pay, Samsung pay PCI post-authorization tokens ization process not well understood ization versus detokenization ization systems not well understood vaults 3

4 WHAT IS TOKENIZATION? Background Information

5 ization Defined 1 Random Table USV Underlying Sensitive Value ization 2 Pseudonym or alias Encryption MAC 3 1 RSA 2017 Conference PDAC-R02 Cybersecurity vs. ization 2 X9.119 Protection of Sensitive Payment Card Data Part 2: Post-Authorization ization Systems 3 ISO Banking Requirements for Message Authentication Using Symmetric Techniques 5

6 Detokenization: Encryption Method USV Need to manage keys USV Encryption Decryption Key Vault not needed 6

7 Detokenization: MAC 1 USV MAC 2 Need to manage keys Key USV Vault needed 1 Detokenization versus Verification 2 ISO Message Authentication Using Symmetric Techniques (includes MAC and HMAC) 7

8 Detokenization: Random USV No correlation between USV and tokens USV Random RNG RNG: Random Number Generator Vault needed 8

9 Detokenization: Table USV Table Static table PRNG RNG USV Table RNG: Random Number Generator PRNG: Pseudo RNG Vault not needed 9

10 Comparison of Methods Encryption Method Vulnerable to key compromise Key management MAC Method Vulnerable to key compromise Key management Vulnerable to vault attack Table Method Vulnerable to table compromise Table management Random Method Vulnerable to RNG compromise Entropy management Vulnerable to vault attack But what about EMV ization? 10

11 EMV ization Cardholder EMV Chip Card Card Authorization Issuer Merchant PAN Acquirer PAN EMV EMV Network PAN EMV EMV token (Random) PAN EMV Visa EMV TSP MasterCard PAN Amex 11

12 PCI ization Bank Identification Number Major Industry Identifier Routing BIN Primary Account Number (PAN) Receipt Luhn check digit MII 12

13 ization Issues replaces USV to protect it from disclosure or misuse Static tokens have value so might be misused Static tokens might be detokenized vaults are prime targets Application access controls Network segmentation controls ization services Who can get a token, who cannot Who can detokenize, who cannot APP ization TRI API ization Service Environment Vault 13

14 So What if? Each token is used only once No static tokens No detokenization No token vault Capabilities Unique token per transaction No residual data Ability to verify token Cryptography based DUTPT 14

15 DERIVED UNIQUE TOKEN PER TRANSACTION (DUTPT) Background Information

16 DUTPT Parameters Two different one-way functions F(x) G(x) Transaction (c = 1, 2, 3, max) counter Value (V) to be tokenized Client V Server PKI with X.509 certificates CMS-based digital signatures CMS-based encrypted data T 1 T 2 Client has unique identifier (ID) Uses value (V) once then destroys Tc 16

17 Cryptographic Message Syntax 1 (CMS) Signed Data Certificates, Signer Info Exchange Enveloped or Encrypted Data Recipient Info, Encrypted Content Info Encrypted Content Info SignCrypted Data Certificates, Signcrypters Client Client Certificates CEK Encrypt Decrypt Verify Server 1 X9.73 Cryptographic Message Syntax ASN.1 and XML Sign 17

18 DUTPT Process: x = 1 Out of network exchange V Client Server ID V F V 1 G T 1 E C 1 D T 1? T 1 G V 1 F 1 Sign KE KE Verify c = 1 Inject V using an USV Loading Facility Inject V remotely using another protocol Inject V1 initially and avoid V altogether F(x) G(x) Example: F = SHA2 and G = SHA3 F(x) or G(x) might use cryptographic keys Example: MAC or HMAC F(x) G(x) or K F K G But need to manage keys in Client & Server 18

19 DUTPT Process: x = 2 Out of network exchange V Client Server ID V F V 1 G T 1 E C 1 D T 1? T 1 G V 1 F 1 Sign KE KE Verify c = 1 F V 2 G T 2 E C 2 D T 2? G V 2 F 2 T 2 Sign KE KE Verify c = 2 19

20 DUTPT Process: x = 3 Out of network exchange V Client Server ID V F V 1 G T 1 E C 1 D T 1? T 1 G V 1 F 1 Sign KE KE Verify c = 1 F V 2 G T 2 E C 2 D T 2? G V 2 F 2 T 2 Sign KE KE Verify c = 2 F V 3 G T 3 E C 3 D T 3? G V 3 F 3 T 3 Sign KE KE Verify c = 3 20

21 DUTPT Benefits Unique token per transaction Each token (Tc) used only once Next token (Tc+1) not derivable from current token (Tc) Derived token using cryptographically sound functions Hash (SHA2, SHA3), MAC or HMAC but F(x) G(x) Client does not retain value (V) only next value (Vc) Value (V) not recoverable from intermittent values (Vc) Suitable for mobile, IoT or other remote devices 21

22 Conclusions Derived Unique Per Transaction Conceptual design schema No standards or specification at this time Thinking about application opportunities No software implementations at this time Solution looking for a problem Audience questions or comments? Any thoughts, ideas, or interest? 22

23 Appendix: References International Standards Organization American National Standards Institute Accredited Standards Committee X9 National Institute of Standards and Technology Cryptographic Algorithm Validation Program (CAVP) Cryptographic Module Validation Program (CMVP) National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme (CCEVS) 23

24 Appendix: Standards Accredited Standards Committee X9 ANSI X9.73 Cryptographic Message Syntax (CMS) ASN.1 and XML ANSI X9.82 Random Number Generation (RNG) multiple parts ANSI X9.119 Requirements for Protection of Sensitive Payment Card Data Part 2: Post-Authorization ization Systems International Standards Organization ISO/IEC 7812 Identification cards -- Identification of issuers -- Part 1: Numbering system ISO Message Authentication Using Symmetric Techniques Europay-MasterCard-Visa Company (EMVCo) EMVCo Payment isation Specification Technical Framework v1.0 March

25 Appendix: Reading Code Breakers: Story of Secret Writing by David Kahn (1967) Code Book: Science of Secrecy by Simon Singh (2000) Handbook of Applied Cryptography (HAC) by Menezes, van Oorshot, and Vanstone (1997) Security without Obscurity by Jeff Stapleton A Guide to Confidentiality, Authentication, and Integrity (2014) A Guide to Public Key Infrastructure (PKI) Operation (2016) A Guide to Cryptographic Architectures (June 2018) 25

26 How to apply this session One week Determine if your organization uses, or plans to use, tokenization Three months Determine your tokenization regime (e.g. EMV, PCI, X9, other) Determine the tokenization method (Encryption, MAC, Random, or Table) Determine if static tokens or dynamic tokens are useful Six months Determine if derived unique token per transaction (DUTPT) makes sense 26