13,660 research outputs found
Chip and Skim: cloning EMV cards with the pre-play attack
EMV, also known as "Chip and PIN", is the leading system for card payments
worldwide. It is used throughout Europe and much of Asia, and is starting to be
introduced in North America too. Payment cards contain a chip so they can
execute an authentication protocol. This protocol requires point-of-sale (POS)
terminals or ATMs to generate a nonce, called the unpredictable number, for
each transaction to ensure it is fresh. We have discovered that some EMV
implementers have merely used counters, timestamps or home-grown algorithms to
supply this number. This exposes them to a "pre-play" attack which is
indistinguishable from card cloning from the standpoint of the logs available
to the card-issuing bank, and can be carried out even if it is impossible to
clone a card physically (in the sense of extracting the key material and
loading it into another card). Card cloning is the very type of fraud that EMV
was supposed to prevent. We describe how we detected the vulnerability, a
survey methodology we developed to chart the scope of the weakness, evidence
from ATM and terminal experiments in the field, and our implementation of
proof-of-concept attacks. We found flaws in widely-used ATMs from the largest
manufacturers. We can now explain at least some of the increasing number of
frauds in which victims are refused refunds by banks which claim that EMV cards
cannot be cloned and that a customer involved in a dispute must therefore be
mistaken or complicit. Pre-play attacks may also be carried out by malware in
an ATM or POS terminal, or by a man-in-the-middle between the terminal and the
acquirer. We explore the design and implementation mistakes that enabled the
flaw to evade detection until now: shortcomings of the EMV specification, of
the EMV kernel certification process, of implementation testing, formal
analysis, or monitoring customer complaints. Finally we discuss
countermeasures
Dynamics of hybrid PM/EM electromagnetic valve in SI engines
Some previous studies demonstrated the advantages of electromagnetic valve train (EMV) for controlling variable valve timing (VVT) in SI engines. EMV allows valve timings and duration events are optimized in wide operating ranges. However, conventional EMV with solenoid actuator consumes a larger amount of energy in catching the valve at engine start and in keeping valve at open or closed position. A new EMV with hybrid permanent magnet and electromagnetic coil (PM/EM) has been proposed in this paper. An engine model with new EMV has been built to simulate the valve dynamics. Additionally, the effects of the flow gas resistance and damp coefficient have also been examined and analyzed. The results show that the new EMV can satisfy the valve dynamics in transition time, valve velocity, acceleration, energy consumption, etc. in controlling valve timing for SI engines
Solving Daniel Bernoulli's St Petersburg Paradox: The Paradox which is not and never was
It has been accepted for over 270 years that the expected monetary value (EMV)of the St Petersburg game is infinite. Accepting this leads to a paradox; no reasonable person is prepared to pay the predicted large sum to play the game but will only pay, comparatively speaking, a very moderate amount. This paradox was 'solved' using cardinal utility. This article demonstrates that the EMV of the St Petersburg game is a function of the number ofgames played and is infmite only when an infinite number of games is played. Generally, the EMV is a very moderate amount, even when a large number of games is played. It is of the same order as people are prepared to offer to play the game. There is thus no paradox. Cardinal utility is not required to explain the behaviour of the reasonable person offering to play the game.St Petersburg paradox; St Petersburg game; expected utility; decision theory
- …