1 / 20

Grammar Based Off line Generation of Disposable Credit Card Numbers

Grammar Based Off line Generation of Disposable Credit Card Numbers. Authors Abhishek Singh Andre Santos (Georgia Institute of Technology) Publication -ACM 2002 Presented by : Avinash Patil (2005H103016). Topics of Discussion. Fixed credit card number system Design requirements

gwen
Download Presentation

Grammar Based Off line Generation of Disposable Credit Card Numbers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grammar Based Off line Generation of Disposable Credit Card Numbers Authors Abhishek Singh Andre Santos (Georgia Institute of Technology) Publication-ACM 2002 Presented by : Avinash Patil (2005H103016)

  2. Topics of Discussion • Fixed credit card number system • Design requirements • Prime concept • Context free grammars • Protocol • Pseudo code for token generation, validation and resynchronization • Possible attacks • Conclusion Grammar based off line generation of disposable Credit cards

  3. Fixed Credit card number system • Participants -Card Issuer -Card holder -Merchant • Threats -Malicious merchants -Employees of merchant -Merchants Database Grammar based off line generation of disposable Credit cards

  4. Requirements for design • Security • User friendliness • Number of steps • Storage overhead • Computational complexity Grammar based off line generation of disposable Credit cards

  5. Prime Concept Property of Context free grammar Its is easy to generate and validate strings from a given grammar ,however it is hard to identify a grammar given only the strings generated by it . Grammar based off line generation of disposable Credit cards

  6. One way functions • Given x it is easy to find f(x). However given f(x) it is hard to find x. • Turing proved that it is impossible to device any algorithm to solve undecidable problems. • Given only set of strings generated from a CFL identifying grammar that generated it is a undecidable problem. Grammar based off line generation of disposable Credit cards

  7. Context Free Grammars A context free grammar is a quadruple (V, ∑, R, S) where • V is a set of variables • ∑ is a set of terminals • R is a set of rules α→β where α and β are strings on V U ∑. α has at least one symbol from V • S is a starting symbol Grammar based off line generation of disposable Credit cards

  8. Design Considerations for using CFG for Authentication • Alice and Bob share not one but N languages • All languages must be mutually exclusive i.e. if w € L1,then w ¢ L2 • All rules must be written in Chomsky Normal Form. • CNF – Every node has atmost two descendents ,either two internal vertices or a single leaf Grammar based off line generation of disposable Credit cards

  9. Protocol Card holder carries Set of grammars {G(1),G(2)…...G (k)} Set of history tokens {HT(1)…..HT (s + n)} A sequence number SNO Card holder and card issuer are synchronized TT=(token generated by grammar) SXOR (history token) Grammar based off line generation of disposable Credit cards

  10. Pseudo code for SXOR operation Procedure SXOR operation Input: key K of size i and token T of size j Begin 1. if (i >j) XOR K of size j with T of size j 2. If (i<j) divide token T into tokens of length i XOR each block with K 3. If (i==j) XOR K with T End Grammar based off line generation of disposable Credit cards

  11. Generation of Transaction Tokens Procedure Generation of TT 1. Choose random number I (size between 16 -30). 2. Calculate p = l mod k , m = (l mod n) + s. 3. Generate token T of length l from grammar at index p (G(p)) by randomly selecting rules. 4. Get the key K = HT(m) from the history. 5. If K==T start generation of transaction process again. 6. Calculate C = T SXOR K. 7. Calculate Transaction Token TT = C XOR SNO. 8. Send TT over the channel to merchant. 9. Update history token set Delete HT(s+n) for all i from 1 to s+n -1, HT(i+1) = HT(i) HT(I) = T I0. Rotate Grammar set such that for all j from 2 to k, G(j-1) = G(j) and G(k) = G(1) 11. Increment SNO. Grammar based off line generation of disposable Credit cards

  12. Validation of Transaction Tokens Procedure AuthenticationProcedure 1. Get the length l of transaction token TT. 2. Calculate p = l mod k , m = (l mod n) + s 3. Calculate key K = HT(m) 4. Calculate D = TT XOR SNO. 5. Calculate T = D SXOR K. 6. Pass T through grammar G(p). 7. If valid a. Approve Transaction b. Update history token set for all i from 1 to s+n-1, HT(i+ 1 ) = HT(i) Delete HT(s+n). HT(I) = T c. Rotate Grammar set such that for all j from 2 to k, G(j-I) =G(j). and G(k) = G(I) d. Increment SNO 8. Else Disapprove Transaction. Grammar based off line generation of disposable Credit cards

  13. Resynchronization procedure Procedure Outoforder 1. count =1 2. Till token is authenticated or count == s rounds 3. Increment SNO. a. for all j from 2 to k, G(j-I) = G(j) and G(K) = G(I). b. for all j from 1 to s+n, HT(j+1) = HT(j). c. call AuthenticationProcedure d. increment count 4. if token is authenticated a. confirm from user. b. Reset and set reset flag. c. Approve transaction. 5. else a. Restore old configuration of Grammar set, History set and SNO. b. Challenge (Could be error, noise) c. If response is ok then ask for retransmission and start whole procedure again. d. Possibility of security compromise or attack. Grammar based off line generation of disposable Credit cards

  14. Possible Attacks • Case I Grammars positions ,history set ,SNO are secret Card issuer will gets TT(j+1)performs XOR with serial number SNO(j+1) and gets C(j+1) Will get wrong C(j+1) as SNO is incorrect. Grammar based off line generation of disposable Credit cards

  15. Possible Attacks (cont..) • Case II Grammars positions ,history set are secret SNO is known Card issuer will calculate D = TT XOR SNO But when she will calculate m = (l mod n) + s and K = HT(m) HT(m) will return wrong history token as history token set was updated. Grammar based off line generation of disposable Credit cards

  16. Possible Attacks (cont..) • Case III Grammars are secret history set ,SNO are known Eve can produce a TT using the right SNO and history set . But this TT will not pass through the grammar indexed at l mod k since the position of grammar has changed. Grammar based off line generation of disposable Credit cards

  17. Conclusion The paper proposes a new base for one way functions ,namely CFGs. History set and sequence numbers are used to provide additional security layer. The protocol is secure even if sequence numbers and history sets are compromised. Grammar based off line generation of disposable Credit cards

  18. References [1] Abhishek Singh, A.Santos "Grammar Based Off line Generation of Disposable Credit Card Numbers",ACM,2002. [2] A.Aho, J.Ullman, Principles of Compiler Design. Grammar based off line generation of disposable Credit cards

  19. Grammar based off line generation of disposable Credit cards

  20. Grammar based off line generation of disposable Credit cards

More Related