Time filter

Source Type

Souvignet T.,Institute Of Recherche Criminelle Of La Gendarmerie Nationale Ircgn | Souvignet T.,Pantheon-Assas Paris II University | Prufer T.,Kriminaltechnisches Institute KTI des Bundeskriminalamtes BKA | Frinken J.,Kriminaltechnisches Institute KTI des Bundeskriminalamtes BKA | Kricsanowits R.,Kriminaltechnisches Institute KTI des Bundeskriminalamtes BKA
Digital Investigation | Year: 2014

Since mid-2012, France and Germany have had to deal with a new form of payment card skimming. This fraud consists of adding a wireless embedded system into a point-of-sale payment terminal with the fraudulent goal of collecting payment card data and personal identification numbers (PIN). This case study details the strategy adopted to conduct the digital forensic examination of these skimmers. Advanced technologies and analyses were necessary to reveal the skimmed data and provide useful information to investigators for their cross-case analysis. To go further than a typical digital forensic examination, developments based on embedded systems were made to help investigators find compromised payment terminals and identify criminals. Finally, this case study provides possible reactive and proactive new roles for forensic experts in combating payment card fraud. © 2014 Elsevier Ltd.


Souvignet T.,French Gendarmerie National Forensics Laboratory IRCGN | Souvignet T.,Pantheon-Assas Paris II University | Frinken J.,Kriminaltechnisches Institute KTI des Bundeskriminalamtes BKA
Forensic Science International | Year: 2013

Electronic payment fraud is considered a serious international crime by Europol. An important part of this fraud comes from payment card data skimming. This type of fraud consists of an illegal acquisition of payment card details when a user is withdrawing cash at an automated teller machine (ATM) or paying at a point of sale (POS).Modern skimming devices, also known as skimmers, use secure crypto-algorithms (e.g. Advanced Encryption Standard (AES)) to protect skimmed data stored within their memory. In order to provide digital evidence in criminal cases involving skimmers, law enforcement agencies (LEAs) must retrieve the plaintext skimmed data, generally without having knowledge of the secret key.This article proposes an alternative to the current solution at the Bundeskriminalamt (BKA) to reveal the secret key. The proposed solution is non-invasive, based on Power Analysis Attack (PAA). This article first describes the structure and the behaviour of an AES skimmer, followed by the proposal of the full operational PAA process, from power measurements to attack computation. Finally, it presents results obtained in several cases, explaining the latest improvements and providing some ideas for further developments. © 2013 Elsevier Ireland Ltd.

Loading Kriminaltechnisches Institute KTI des Bundeskriminalamtes BKA collaborators
Loading Kriminaltechnisches Institute KTI des Bundeskriminalamtes BKA collaborators