From: kcha205@ec.auckland.ac.nz

Security upgrade for bank account


Abstract

For several decades, PIN is the main security of bank account. However, 
cambridge researchers have documented a worrying PIN cracking technique against 
the hardware security modules commonly used by bank ATMs. Mike Bond published a 
report about how to get an ATM PIN in 15 guesses, and he strongly suggested to 
abandon the decimalization tables used to translate between a card PIN and the 
hexadecimal value of a PIN generated when the hardware security module checks 
the validity of a number. Meanwhile, A new international payments security 
standard is to be adopted by South African banks, in line with standards 
worldwide, which will make the encryption on host-to-host PIN communication 
virtually impossible to crack. In this paper, I firstly describe the flaw by 
using decimalization tables in traditional IBM 3624 ATM, then research the 
triple DES (T-DES)-based standard used for host-to-host PIN communication in 
ATM, how it works in security system, how improve security. Finally give the 
conclusion about T-DES.

Outline:
1.	Introduction: how tradition decimalization table works
2.	the risks by using the table
3.	triple DES
4.	how to convert T-DES
5.	why is it secure?
6.	conclusion