Reducing HSM Reliance in Payments through Proxy Re-Encryption

Credit and debit-card payments are typically authenticated with PINs. Once entered into a terminal, the PIN is sent as an encrypted PIN block across a payments network to the destination bank, which decrypts and verifies the PIN block. Each node in the payments network routes the PIN block to the next node by decrypting the block with its own key, and then re-encrypting the PIN block with the next node’s key; nodes establish shared secret keys with their neighbors to do so. This decrypt-then-encrypt operation over PIN blocks is known as PIN translation, and it is currently performed in Hardware Security Modules (HSMs) to avoid possible PIN exposure. However, HSMs incur heavy acquisition and operational expenses. Introduced at EUROCRYPT’98, proxy re-encryption (PRE) is a cryptographic primitive which can re-encrypt without exposing sensitive data. We perform an extensive study of PRE as applied to PIN translation, and show through formalization, security analysis, and an implementation study that PRE is a practical alternative to HSMs. With PRE, we eliminate the need for HSMs during re-encryption of a PIN, thus greatly reducing the number of HSMs needed by each participant in the payments ecosystem. Along the way we conduct practiceoriented PRE research, with novel theoretical contributions to resolve issues in comparing so-called honest re-encryption to chosen-ciphertext PRE security, and a new efficient PRE scheme achieving a type of chosen-ciphertext security.

[1]  Graham Steel Formal analysis of PIN block attacks , 2006, Theor. Comput. Sci..

[2]  Mihir Bellare,et al.  Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography , 2000, ASIACRYPT.

[3]  Hugo Krawczyk,et al.  Relaxing Chosen-Ciphertext Security , 2003, CRYPTO.

[4]  Aloni Cohen What about Bob? The Inadequacy of CPA Security for Proxy Reencryption , 2017, IACR Cryptol. ePrint Arch..

[5]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.

[6]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[7]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[8]  Ahmad-Reza Sadeghi,et al.  Anonymous Fingerprinting with Direct Non-repudiation , 2000, ASIACRYPT.

[9]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[10]  Paul C. van Oorschot,et al.  Weighing Down "The Unbearable Lightness of PIN Cracking" , 2008, Financial Cryptography.

[11]  Eike Kiltz,et al.  Hybrid Encryption in a Multi-user Setting, Revisited , 2018, Public Key Cryptography.

[12]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[13]  Paul C. van Oorschot,et al.  Reducing threats from flawed security APIs: The banking PIN case , 2009, Comput. Secur..

[14]  Patrick Traynor,et al.  Fear the Reaper: Characterization and Fast Detection of Card Skimmers , 2018, USENIX Security Symposium.

[15]  Konstantinos Rantos,et al.  Enhancing EMV Online PIN Verification , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[16]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[17]  Steven Myers,et al.  Efficient Hybrid Proxy Re-Encryption for Practical Revocation and Key Rotation , 2017, IACR Cryptol. ePrint Arch..

[18]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[19]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[20]  Omer Berkman,et al.  The Unbearable Lightness of PIN Cracking , 2007, Financial Cryptography.

[21]  Georg Fuchsbauer,et al.  Adaptively Secure Proxy Re-encryption , 2019, IACR Cryptol. ePrint Arch..

[22]  Graham Steel,et al.  Type-Based Analysis of PIN Processing APIs , 2009, ESORICS.

[23]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.