Chip and Skim: cloning EMV cards with the pre-play attack

EMV, also known as "Chip and PIN", is the leading system for card payments worldwide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. We have discovered that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this number. This exposes them to a "pre-play" attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically (in the sense of extracting the key material and loading it into another card). Card cloning is the very type of fraud that EMV was supposed to prevent. We describe how we detected the vulnerability, a survey methodology we developed to chart the scope of the weakness, evidence from ATM and terminal experiments in the field, and our implementation of proof-of-concept attacks. We found flaws in widely-used ATMs from the largest manufacturers. We can now explain at least some of the increasing number of frauds in which victims are refused refunds by banks which claim that EMV cards cannot be cloned and that a customer involved in a dispute must therefore be mistaken or complicit. Pre-play attacks may also be carried out by malware in an ATM or POS terminal, or by a man-in-the-middle between the terminal and the acquirer. We explore the design and implementation mistakes that enabled the flaw to evade detection until now: shortcomings of the EMV specification, of the EMV kernel certification process, of implementation testing, formal analysis, or monitoring customer complaints. Finally we discuss countermeasures

Dynamics of hybrid PM/EM electromagnetic valve in SI engines

Some previous studies demonstrated the advantages of electromagnetic valve train (EMV) for controlling variable valve timing (VVT) in SI engines. EMV allows valve timings and duration events are optimized in wide operating ranges. However, conventional EMV with solenoid actuator consumes a larger amount of energy in catching the valve at engine start and in keeping valve at open or closed position. A new EMV with hybrid permanent magnet and electromagnetic coil (PM/EM) has been proposed in this paper. An engine model with new EMV has been built to simulate the valve dynamics. Additionally, the effects of the flow gas resistance and damp coefficient have also been examined and analyzed. The results show that the new EMV can satisfy the valve dynamics in transition time, valve velocity, acceleration, energy consumption, etc. in controlling valve timing for SI engines

Solving Daniel Bernoulli's St Petersburg Paradox: The Paradox which is not and never was

It has been accepted for over 270 years that the expected monetary value (EMV)of the St Petersburg game is infinite. Accepting this leads to a paradox; no reasonable person is prepared to pay the predicted large sum to play the game but will only pay, comparatively speaking, a very moderate amount. This paradox was 'solved' using cardinal utility. This article demonstrates that the EMV of the St Petersburg game is a function of the number ofgames played and is infmite only when an infinite number of games is played. Generally, the EMV is a very moderate amount, even when a large number of games is played. It is of the same order as people are prepared to offer to play the game. There is thus no paradox. Cardinal utility is not required to explain the behaviour of the reasonable person offering to play the game.St Petersburg paradox; St Petersburg game; expected utility; decision theory