Remote ATM Terminal Master Key Initialisation
Traditionally the loading of an ATMs initial Terminal Master Key is performed during installation or maintenance by trusted engineers. Typically the value of the key is protected using a split knowledge system. Usually two engineers are needed.
Each may know a plaintext component of the key, or they may carry a token such as a magnetic stripe or smart card on which a key component is stored. These methods for initial key loading are labour intensive and high risk. Remote Terminal Master Key Initialisation uses public key techniques to enable the secure delivery of Terminal Master Keys to ATMs or other terminals. This removes the requirement for trusted engineers to be present, which can represent a significant cost saving. It also allows the process to be automated; thereby enabling the Terminal Master Keys to be regularly replaced for increased security.
Today there are approximately 1 million ATMs in use around the world, at which around 40 billion transactions take place every year. These transactions may be for a variety of services such as:
– Balance Inquiry
– Bill Payment
A fundamental characteristic of all ATM transactions is that they are protected by a PIN. The security and integrity of that PIN is provided by the use of cryptography, and cryptographic keys. Every ATM must store a cryptographic key to enable it to encrypt the PIN. Typically an ATM will use a minimum of two keys:
– A Terminal Master Key
– A PIN Encrypting Key
The Terminal Master Key (TMK) has only one purpose; to enable a bank’s ATM Management System to encrypt PIN Encrypting Keys or other types of key for electronic transmission to the ATM. The ATM will use its copy of the TMK to decrypt these keys in order to use them for protecting PINs etc.
While the PIN Encrypting Keys are communicated between the bank and ATM electronically, the Terminal Master Keys are usually installed manually during installation or maintenance. Typically the value of the key is protected using a split knowledge system. Usually two trusted engineers are needed. Each may know a plaintext component of the key, or they may carry a token such as a magnetic stripe or smart card on which a key component is stored. These manual methods are labour intensive and high risk. Remote Terminal Master Key Initialisation uses public key techniques to enable the secure delivery of Terminal Master Keys to ATMs or other terminals. This removes the requirement for trusted engineers to be present, which can represent a significant cost saving for the banks owning the ATMs. It also allows the process to be automated; thereby enabling the Terminal Master Keys to be regularly replaced for increased security.
The paper concentrates on the application of remote key initialisation principles in the ATM environment. However, these techniques may be applied to many other environments in which terminal or zone master keys need to be established. This presents opportunities for payment terminal manufacturers, systems integrators and application developers to improve the efficiency and security of their zone key management.
The main business drivers for the introduction of remote key initialisation are:
– Reducing ATM maintenance costs
– Maximising benefit from investment in Triple-DES
– Compliance with Card Scheme and ANSI requirements
– Increased Security
Reducing ATM maintenance costs
The current methods for installing initial keys in ATMs is labour intensive and therefore costly, as two trusted engineers are required in order to securely load the Terminal Master Keys. Remote Terminal Master Key Initialisation removes the responsibility of key loading from these engineers.
It is therefore no longer necessary for two engineers to attend ATM installations. This can significantly reduce labour costs and means that engineers can be more efficiently utilised, which can result in increased ATM availability.
Maximising benefit from investment in Triple-DES
The security of many banking systems, including ATM systems, depends upon the use of cryptography. The effectiveness of a cryptographic system depends both upon the strength of the algorithm and upon the management and length of the key.
For many years the standard cryptographic algorithm used in financial systems has been DES, the Data Encryption Standard, using keys of 56 bits in length. In recent years it has been recognised that 56-bit keys no longer provide an adequate level of security for financial systems. Exhaustive key searches on single DES keys have been widely publicised: in January 1999 a 56 bit DES key was successfully cracked in 22 hours.
Consequently, banks around the world are migrating their systems away from Single-DES to Triple-DES, either on their own initiative or encouraged by mandates from the global card payment schemes. The Thales HSM has always used Triple-DES keys for the top level Local Master Keys. Triple-DES capability for all other types of key was introduced in the 5.05 base firmware release.
The cryptographic capability of most ATMs is provided by an Encrypting PIN Pad (EPP) device. To support banks in their migration to Triple-DES, ATM vendors have developed Triple-DES capable EPPs. These may be retrofitted into existing ATMs, to provide Triple-DES encryption of PINs etc. Many banks are now planning the replacement of their old Single-DES EPPs with the new Triple-DES models.
ATM vendors, such as NCR and Diebold, have recognised that these banks will expect the EPPs to operate for ten years or more, so the EPPs must be capable of supporting any new functionality planed during this time. They have therefore taken the opportunity to introduce Remote Terminal Master Key Initialisation support into their new Triple-DES capable EPPs. This capability may remain dormant until ATM and host software has been updated to support it, but it means that the potential reduction in ATM maintenance costs (see section 2.1) can be considered in their business case for the migration to Triple-DES.
“Any key resident in a transaction originating device MUST exist only in that device and those facilities which are authorized to receive and/or transmit encrypted or authenticated data from or to that device”
“Any key used by a communicating pair must be unique (other than by chance)”
“Effective August 31 1998, the use of unique encryption keys per ATM is required ”
These requirements do not mandate the use of a method such as Remote Terminal Master Key Initialisation, however this provides an efficient and secure method of satisfying them. Secondly, while the use of unique data encrypting keys per terminal is becoming more commonplace, it is not always true that this uniqueness extends to key encrypting keys such as Terminal Master Keys. The requirements stated above do not distinguish between these different types of keys; in fact the ANSI requirements explicitly state that any key used in a terminal must be unique.
In addition to eliminating reliance on trusted engineers, and satisfying the key management requirements of ANSI and Visa/Plus described above, Remote Terminal Master Key Initialisation can enable a bank to augment their security policies for ATM key management. As well as providing benefits during an ATMs initial installation, the new technology introduces the possibility of regularly replacing an ATMs master keys. This can be achieved using the same automated and secure process that was used to load the initial keys.