The Community for Technology Leaders
RSS Icon
Issue No.06 - November/December (2007 vol.5)
pp: 25-31
Kjell J. Hole , University of Bergen, Norway
Vebjørn Moen , University of Bergen, Norway
André N. Klingsheim , University of Bergen, Norway
Knut M. Tande , University of Bergen, Norway
This case study focuses on real-world ATM card misuse, illustrating how too much secrecy led to a deterioration of PIN-based authentication procedures, and why a bank's refusal to share technical information is a threat to a customer during a conflict.
ATM system, DES encryption, PIN codes, security
Kjell J. Hole, Vebjørn Moen, André N. Klingsheim, Knut M. Tande, "Lessons from the Norwegian ATM System", IEEE Security & Privacy, vol.5, no. 6, pp. 25-31, November/December 2007, doi:10.1109/MSP.2007.168
1. S.T. Kent and L.I. Millett, eds., Who Goes There? National Academies Press, 2003.
2. Verdict from Trondheim Tingrett,24 Sept. 2005, case number 04-016794TVI-TRON (in Norwegian).
3. US Nat'l Inst. Standards and Technology, DES (Data Encryption Standard), US Commerce Dept., Oct. 1999; fips46-3.pdf.
4. K.J. Hole, V. Moen, and T. Tjøstheim, "Case Study: Online Banking Security," IEEE Security and Privacy, vol. 4, no. 2, 2006, pp. 14–20.
5. R. Anderson et al., "Cryptographic Processors—A Survey," tech. report 641, Computer Lab., Univ. of Cambridge, 2005; .
6. R. Anderson, "Why Cryptosystems Fail," Proc. 1st ACM Conf. Computer and Comm. Security, ACM Press, 1993, pp. 215–227.
7. Electronic Frontier Foundation, Cracking DES, 1998; .
8. RSA Laboratories, RSA DES Challenge III, 1999;
9. M. Bond and R. Clayton, Extracting a 3DES Key from an IBM 4758, Computer Lab, Univ. of Cambridge, 2001;
10. O. Berkman and O.M. Ostrovsky, "The Unbearable Lightness of PIN Cracking," Algorithmic Research Ltd., 2006; .
50 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool