Mobile Banking and Payment App Hardening: Anti-Tamper

The security of mobile banking and payment applications is deeply linked to their capacities in preventing attackers from tampering with them.

Read more

ANSI X9.24-1-2017: An Introduction into Key Blocks

Key Blocks have been invented as a standard way for protecting the integrity of symmetric cryptographic keys and for identifying what the keys can be used for. Key Blocks are used to protect Triple-DES keys (Key Blocks can be used as 3DES key bundles), but also AES keys (often using AES key wrapping).

Read more

Migrating Business-Critical Cryptography to the Cloud - Considerations for the Banking Sector

Today, financial institutions are driven by a strategic question: How can they embrace the benefits from the cloud’s flexible and scalable on-demand services, while perpetuating a trustworthy, banking-grade level of cryptographic security? This article looks at some of the trends, challenges and security concerns that financial institutions face when considering whether to migrate their business-critical applications and cryptography to the cloud.

Read more

PCI Requirements on Implementing Key Blocks - Migration Phases and Key Management Solutions

In June 2019, the PCI Security Standards Council issued an information supplement titled PCI PIN Security Requirement 18-3 – Key Blocks, which requires that encrypted symmetric keys be managed in structures called “Key Blocks.”

Read more

App Hardening for Mobile Banking and Payment Apps: Emulator Detection

Attacks against mobile banking & payment applications often start by using an emulator for the mobile operating system where the targeted application will be run and analyzed.

Read more

The SHA-1 Attack Further Emphasizes the Need for Crypto-Agility 

The first practical chosen-prefix collision attack on SHA-1 was announced in January 2020 by researchers Gaëtan Leurent and Thomas Peyrin: “SHA-1 is a Shambles”.  

Read more

SHA-1 is Practical and Cost-Effective to Crack Now

This article discusses recent warnings that a chosen-prefix collision attack on SHA-1 is now practical and cost-effective for attackers.

Read more

ANSI X9.24-1-2017: The General Key Management Requirements

The ANSI X9.24-1-2017 norm details how symmetric cryptographic keys should be managed and handled by the relevant actors of the retail financial services companies. Here we outline the general techniques and methodologies that are required or suggested by the standard.

Read more

Application Hardening for Mobile Banking Apps: Root and Jailbreak Detection

Unlike other operating systems like Windows, Linux, or OSX, both Android and iOS operating systems are usually shipped with built-in user rights restrictions. The process of removing such restrictions, which is not supported by either Google or Apple, is named rooting and jailbreaking, respectively for Android and iOS.

Read more