Being a responsible corporate citizen and member of the local community is at the core of Control Gap’s daily operations. We believe in making work a rewarding experience by incorporating fun team events within our corporate culture, and supporting cause-related and local organizations.

Blog

WP_Query Object ( [query] => Array ( [post_type] => post [post_status] => publish [cat] => 14, 134, 1 [orderby] => date [order] => desc [posts_per_page] => 3 [paged] => 9 [ignore_sticky_posts] => 1 ) [query_vars] => Array ( [post_type] => post [post_status] => publish [cat] => 14 [orderby] => date [order] => DESC [posts_per_page] => 3 [paged] => 9 [ignore_sticky_posts] => 1 [error] => [m] => [p] => 0 [post_parent] => [subpost] => [subpost_id] => [attachment] => [attachment_id] => 0 [name] => [static] => [pagename] => [page_id] => 0 [second] => [minute] => [hour] => [day] => 0 [monthnum] => 0 [year] => 0 [w] => 0 [category_name] => charity [tag] => [tag_id] => [author] => [author_name] => [feed] => [tb] => [meta_key] => [meta_value] => [preview] => [s] => [sentence] => [title] => [fields] => [menu_order] => [embed] => [category__in] => Array ( ) [category__not_in] => Array ( ) [category__and] => Array ( ) [post__in] => Array ( ) [post__not_in] => Array ( ) [post_name__in] => Array ( ) [tag__in] => Array ( ) [tag__not_in] => Array ( ) [tag__and] => Array ( ) [tag_slug__in] => Array ( ) [tag_slug__and] => Array ( ) [post_parent__in] => Array ( ) [post_parent__not_in] => Array ( ) [author__in] => Array ( ) [author__not_in] => Array ( ) [update_post_term_cache] => 1 [suppress_filters] => [cache_results] => 1 [lazy_load_term_meta] => 1 [update_post_meta_cache] => 1 [nopaging] => [comments_per_page] => 50 [no_found_rows] => ) [tax_query] => WP_Tax_Query Object ( [queries] => Array ( [0] => Array ( [taxonomy] => category [terms] => Array ( [0] => 14 [1] => 134 [2] => 1 ) [field] => term_id [operator] => IN [include_children] => 1 ) ) [relation] => AND [table_aliases:protected] => Array ( [0] => wpcm_term_relationships ) [queried_terms] => Array ( [category] => Array ( [terms] => Array ( [0] => 14 [1] => 134 [2] => 1 ) [field] => term_id ) ) [primary_table] => wpcm_posts [primary_id_column] => ID ) [meta_query] => WP_Meta_Query Object ( [queries] => Array ( ) [relation] => [meta_table] => [meta_id_column] => [primary_table] => [primary_id_column] => [table_aliases:protected] => Array ( ) [clauses:protected] => Array ( ) [has_or_relation:protected] => ) [date_query] => [request] => SELECT SQL_CALC_FOUND_ROWS wpcm_posts.ID FROM wpcm_posts LEFT JOIN wpcm_term_relationships ON (wpcm_posts.ID = wpcm_term_relationships.object_id) WHERE 1=1 AND ( wpcm_term_relationships.term_taxonomy_id IN (1,14,134) ) AND wpcm_posts.post_type = 'post' AND ((wpcm_posts.post_status = 'publish')) GROUP BY wpcm_posts.ID ORDER BY wpcm_posts.menu_order, wpcm_posts.post_date DESC LIMIT 24, 3 [posts] => Array ( [0] => WP_Post Object ( [ID] => 1448 [post_author] => 2 [post_date] => 2017-04-26 14:24:03 [post_date_gmt] => 2017-04-26 14:24:03 [post_content] => Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has been broken. Since FPE is actively deployed within the payment industry this will have implications for payment security and users of this technology. But how bad is the problem? And if you happen to be affected, what can you do?

A Closer Look At NIST and FPE

We've written about FPE on this blog before (see Learn More below). Our initial interest in FPE arose because, at first glance, it seemed to be too good to be true. We also wrote about some potential compliance issues that arise that have nothing to do with the strength of the cryptography used. When we first looked at FPE, NIST's backing provided much of the credibility. Frankly, we're not entirely surprised to see a break into FPE but we are surprised at how fast it happened. NIST originally considered three FPE modes called FF1, FF2, and FF3, or generically FFx. FF2 did not survive to publication and now FF3 has been broken by researchers Betül Durak (Rutgers University) and Serge Vaudenay (Ecole Polytechnique Fédérale de Lausanne). A paper is expected to follow later this year. The attack they developed is more effective on shorter data and should be computationally feasible on FPE-PAN. It remains to be seen if it will be feasible in real-world payment security use cases. From the NIST announcement:
  • NIST has concluded that FF3 is no longer suitable as a general-purpose FPE method.
  • FF3 clearly does not achieve the intended 128-bit security level
  • The researchers proposed a straightforward modification (i.e. fix) to FF3
  • NIST expects to revise 800-38G either to change the FF3 specification, or to withdraw the approval of FF3.
Recent years have seen changes over RSA-1024, RC4, SSL and early-TLS, and SHA-1 mandated by organizations like the PCI Council and the Certificate and Browser Authority which rely on NIST. Because PCI standards rely heavily upon NIST for guidance on strong cryptography and unless FF3 can be fixed, we expect its use will have to be phased out. This will impact merchants, 3rd party service providers, payment application vendors, and payment terminal manufacturers.

What To Do Next

Here are 7 things you should do if you are using any FPE solutions in your payment environment:
  1. Don't panic!
  2. Understand how you are using FPE so that you can analyze the risk in your particular use case(s)
  3. Contact and involve your encryption solution provider
  4. Understand which FPE algorithm you are using including key lengths and modes
  5. Plan for potential contingencies such as patching, logistics, costs, and timelines
  6. Monitor for new developments on this issue
  7. Update risk assessments and plans accordingly
So what are we concerned and not concerned about?
  • Based on the announcement, solutions using (randomized) format-preserving tokens won't be affected by a cryptographic problem.
  • The non-cryptographic compliance problem of FPE data remains unchanged. It's not a show stopper but it can be messy.
  • Currently, AES-FF1 is the only approved FPE mode.
  • Given that both FF2 and FF3 have been broken and broken relatively quickly, we can't help but wonder about future attacks on a fixed-FF3 or FF1.

Learn More

_______________________________________________________________ Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant. [post_title] => 7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => 7-things-to-do-with-fpe-break [to_ping] => [pinged] => https://controlgap.com/blog/format-preserving-encryption-and-cardholder-data/ https://controlgap.com/blog/format-preserving-encryption/ https://controlgap.com/blog/sha-1-is-dead/ [post_modified] => 2019-03-04 18:11:07 [post_modified_gmt] => 2019-03-04 18:11:07 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1448 [menu_order] => 158 [post_type] => post [post_mime_type] => [comment_count] => 2 [filter] => raw ) [1] => WP_Post Object ( [ID] => 1387 [post_author] => 7 [post_date] => 2017-04-11 20:01:06 [post_date_gmt] => 2017-04-11 20:01:06 [post_content] => New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to maintain compliance. Many organizations build their PCI compliance around DSS requirements and how they use cardholder data.  A common strategy to simplify compliance uses Primary Account Number (PAN) truncation to make cardholder data unreadable. PAN truncation rules haven't changed much since the early DSS.  Today, organizations can keep the first 6 and last 4 digits of PAN (6-4/*). So, any rule changes could affect merchants, service providers, and many others.

PCI Truncation Today

Before considering changes, stakeholders should also be aware of all current truncation requirements:
  • PCI truncation keeps the first 6 and last 4 digits. This works for all major card brands (see FAQ #1091).
  • Other regulations have truncation rules. Microsoft was recently fined by the FTC for violating FACTA which allows only the last 5 digits in customer receipts (this doesn't apply to internal reports). As FTC rules also apply to non-US companies doing business with US citizens, they and can apply to companies headquartered in Canada, Europe, and the rest of the world. This is an example of a law trumping PCI.
Recently the card brands proposed two changes to help card issuers. The first extended the length of PAN to 19 digits.  The second allowed for longer 8-digit BINs. These proposals will change PCI truncation rules. Masking rules shouldn't change as they deal with displays and not a storage. When we originally saw these, we expected straightforward and easy to implement truncation rules. We imagined combining today’s rules with a first 8 and last 4 rule for the new 19-digit PAN (8-4/19). However, these proposals aren't linked and the possibility of 8-digit BIN with 16-digit PAN could create implementation and compliance challenges. Notably Visa's bulletin on page 6 contains the following on the continued use of 16-digit PAN and PCI (note the underlined text):
Data Presented on Screens and Reports:
  • PCI DSS provisions already allow users with a legitimate business need to see any or all of the PAN digits. No changes are expected to accommodate the expansion of the BIN length.
Data at Rest:
  • Clients that use truncation as their only method of complying with the PCI requirement for protecting data at rest will need to add one or more of the other acceptable methods for data protection, such as encryption, hashing or tokenization.
Today's truncation rule destroys 6 digits. So, an attacker has a 1 in 100,000 chance of guessing the original PAN (the other 900,000 numbers fail the Luhn test). These odds permeate most PCI guidance and set a risk threshold. The table below shows how fictional PAN truncated under different rules would look:
PAN Rule Truncation Strength Compliance
9234567890123455 6-4/16 923456xxxxxx3455 1 : 100,000 PCI 3.2
923456789012349 6-4/15 923456xxxxx2349 1 : 10,000 PCI 3.2
9234567890120 6-4/13 923456xxx0120 1 : 100 PCI 3.2
9234567890123455 0-4/16 xxxxxxxxxxxx3455 1 : 50,000,000,000 PCI 3.2 and FTC (customer receipts)
9234567890123456787 6-4/19 923456xxxxxxxxx6787 1 : 10,000,000 PCI 3.2 compliant
9234567890123455 8-4/16 92345678xxxx3455 1 : 1,000 Not PCI 3.2 compliant
9234567890123456787 8-4/19 92345678xxxxxxx6787 1 : 1,000,000 Visa, MasterCard, but not PCI 3.2 compliant

Possible Updates And Changes

Clearly either the rules for truncation or the risk tolerance of the card brands must change.  If so, some key questions include:
  1. Implementation uncertainty raises stakeholder concerns.  Could PAN truncated under today's rules, come back into scope under new rules? Would stakeholders need to clean up old data?
  2. How will this affect applications that rely upon truncated data? New truncation rules could break applications that rely upon characteristics (e.g. a low collision rate) of today's truncated values.
Consider these possible rule changes (see update note for 2017-5-10 below):
  • Last 4 might break applications.
  • First 6 and last 4 cuts off new BINs. Full 8-digit BINs might be considered cardholder data needing DSS protection.
  • First 8 and last 4 might be too risky for the card brands to accept.
Many of these possible rules could be disruptive and have unforeseen and costly implications to:
  • Format preserving encryption and tokenization
  • Payment applications and middle-ware including customized and approved PA-DSS applications
  • Back-end systems
  • Analytic systems
  • Databases and reporting systems
  • Payment Terminal applications
Changing payment terminals can be expensive. Recent examples include:
  • Ongoing retirement of  PTS v1.0 terminals starting 2014
  • Forced deprecation of RSA 1024 certificates in 2014
  • Ongoing SSL and early TLS migration for vulnerable terminals staring 2015
  • Forced migration from SHA-1 certificates 2016
  • Upcoming retirement of  PTS v2.0 terminals starting 2017
We believe the payments industry needs to look at this important change as soon as possible.  Stakeholders must understand the impact of any new truncation rules. In our opinion, the rules need to clear, simple, and easy to implement with a minimum of ambiguity and impact. We hope this article leads to further industry discussion, analysis, and consensus. Note: Updated 2017-4-21 to cite Visa Bulletin on Data at Rest Note: Update: 2017-5-10 The PCI Council today clarified the truncation rules but issues and risks remain.

Learn More

_______________________________________________________________ Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant. [post_title] => 3 Ways 8-Digit BIN Ranges May Impact PCI Compliance [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => new-bin-ranges-and-pci-truncation [to_ping] => [pinged] => http://controlgap.com/blog/masking-and-truncation-in-pci-compliance/ http://controlgap.com/blog/sha-1-is-dead/ http://controlgap.com/blog/pci-truncation-rules-clarified/ [post_modified] => 2018-05-02 02:49:15 [post_modified_gmt] => 2018-05-02 02:49:15 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1387 [menu_order] => 161 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 1401 [post_author] => 7 [post_date] => 2017-03-14 14:50:57 [post_date_gmt] => 2017-03-14 14:50:57 [post_content] => In recent news, WikiLeaks exposed a huge trove of CIA documents.  Journalists and bloggers will of course have a field day with this and the general public will be spectators to another ongoing drama. From our perspective, thankfully, it sounds like WikiLeaks intends to work with vendors to fix vulnerabilities which will hopefully spare everyone from a shooting gallery of zero-day exploitation.

WikiLeaks and PCI Compliance

We, like many of you, were curious. We wondered what useful things might be gleaned from this.  In particular, how might PCI DSS, PA-DSS, PIN, and P2PE guidance hold up against the CIA’s guidance? What we found interesting was that after casting off the spy craft stuff like misdirection, misattribution, and uber-stealthy techniques, what was left could easily be taken from a PCI compliance and best practices document:
  • Don’t use proprietary crypto
  • Don’t use deprecated crypto e.g. SHA-1
  • Don’t rely solely on SSL/TLS
  • Don’t write plain text to disk
  • Don’t keep data in memory longer than needed
  • Do use end to end encryption
  • Do compress data prior to encryption
  • Do use standardized crypto libraries
  • Do use strong crypto like AES 256 in an appropriate operational mode
  • Do use strong HMAC’s and Hashes e.g. SHA-256 or better
  • Do use HMACs not hashes for integrity
  • Do use strong key management
  • Don’t use asymmetric crypto for bulk data encryption
  • Do use asymmetric crypto to exchange secret keys
  • Do use a good source of entropy for key generation
  • Don’t reuse keys for different purposes
  • Don’t use related keys
  • Do securely delete data from disk
  • Do testing against the requirements of best practice
  • Do testing on all supported program variants

Learn more

_______________________________________________________________ Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant. [post_title] => What The CIA WikiLeaks Dump Has In Common With PCI Compliance [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => wikileaks-cia-and-pci-compliance [to_ping] => [pinged] => [post_modified] => 2018-05-02 02:49:54 [post_modified_gmt] => 2018-05-02 02:49:54 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1401 [menu_order] => 164 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 3 [current_post] => -1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 1448 [post_author] => 2 [post_date] => 2017-04-26 14:24:03 [post_date_gmt] => 2017-04-26 14:24:03 [post_content] => Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has been broken. Since FPE is actively deployed within the payment industry this will have implications for payment security and users of this technology. But how bad is the problem? And if you happen to be affected, what can you do?

A Closer Look At NIST and FPE

We've written about FPE on this blog before (see Learn More below). Our initial interest in FPE arose because, at first glance, it seemed to be too good to be true. We also wrote about some potential compliance issues that arise that have nothing to do with the strength of the cryptography used. When we first looked at FPE, NIST's backing provided much of the credibility. Frankly, we're not entirely surprised to see a break into FPE but we are surprised at how fast it happened. NIST originally considered three FPE modes called FF1, FF2, and FF3, or generically FFx. FF2 did not survive to publication and now FF3 has been broken by researchers Betül Durak (Rutgers University) and Serge Vaudenay (Ecole Polytechnique Fédérale de Lausanne). A paper is expected to follow later this year. The attack they developed is more effective on shorter data and should be computationally feasible on FPE-PAN. It remains to be seen if it will be feasible in real-world payment security use cases. From the NIST announcement:
  • NIST has concluded that FF3 is no longer suitable as a general-purpose FPE method.
  • FF3 clearly does not achieve the intended 128-bit security level
  • The researchers proposed a straightforward modification (i.e. fix) to FF3
  • NIST expects to revise 800-38G either to change the FF3 specification, or to withdraw the approval of FF3.
Recent years have seen changes over RSA-1024, RC4, SSL and early-TLS, and SHA-1 mandated by organizations like the PCI Council and the Certificate and Browser Authority which rely on NIST. Because PCI standards rely heavily upon NIST for guidance on strong cryptography and unless FF3 can be fixed, we expect its use will have to be phased out. This will impact merchants, 3rd party service providers, payment application vendors, and payment terminal manufacturers.

What To Do Next

Here are 7 things you should do if you are using any FPE solutions in your payment environment:
  1. Don't panic!
  2. Understand how you are using FPE so that you can analyze the risk in your particular use case(s)
  3. Contact and involve your encryption solution provider
  4. Understand which FPE algorithm you are using including key lengths and modes
  5. Plan for potential contingencies such as patching, logistics, costs, and timelines
  6. Monitor for new developments on this issue
  7. Update risk assessments and plans accordingly
So what are we concerned and not concerned about?
  • Based on the announcement, solutions using (randomized) format-preserving tokens won't be affected by a cryptographic problem.
  • The non-cryptographic compliance problem of FPE data remains unchanged. It's not a show stopper but it can be messy.
  • Currently, AES-FF1 is the only approved FPE mode.
  • Given that both FF2 and FF3 have been broken and broken relatively quickly, we can't help but wonder about future attacks on a fixed-FF3 or FF1.

Learn More

_______________________________________________________________ Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant. [post_title] => 7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => 7-things-to-do-with-fpe-break [to_ping] => [pinged] => https://controlgap.com/blog/format-preserving-encryption-and-cardholder-data/ https://controlgap.com/blog/format-preserving-encryption/ https://controlgap.com/blog/sha-1-is-dead/ [post_modified] => 2019-03-04 18:11:07 [post_modified_gmt] => 2019-03-04 18:11:07 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1448 [menu_order] => 158 [post_type] => post [post_mime_type] => [comment_count] => 2 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 57 [max_num_pages] => 19 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => 1 [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => 1 [is_tag] => [is_tax] => [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => 1 [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => 6cc0af5baab8f43c44ef5632f0aeedf7 [query_vars_changed:WP_Query:private] => 1 [thumbnails_cached] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) )
WP_Query Object ( [query] => Array ( [post_type] => post [post_status] => publish [cat] => 14, 134, 1 [orderby] => date [order] => desc [posts_per_page] => 3 [paged] => 9 [ignore_sticky_posts] => 1 ) [query_vars] => Array ( [post_type] => post [post_status] => publish [cat] => 14 [orderby] => date [order] => DESC [posts_per_page] => 3 [paged] => 9 [ignore_sticky_posts] => 1 [error] => [m] => [p] => 0 [post_parent] => [subpost] => [subpost_id] => [attachment] => [attachment_id] => 0 [name] => [static] => [pagename] => [page_id] => 0 [second] => [minute] => [hour] => [day] => 0 [monthnum] => 0 [year] => 0 [w] => 0 [category_name] => charity [tag] => [tag_id] => [author] => [author_name] => [feed] => [tb] => [meta_key] => [meta_value] => [preview] => [s] => [sentence] => [title] => [fields] => [menu_order] => [embed] => [category__in] => Array ( ) [category__not_in] => Array ( ) [category__and] => Array ( ) [post__in] => Array ( ) [post__not_in] => Array ( ) [post_name__in] => Array ( ) [tag__in] => Array ( ) [tag__not_in] => Array ( ) [tag__and] => Array ( ) [tag_slug__in] => Array ( ) [tag_slug__and] => Array ( ) [post_parent__in] => Array ( ) [post_parent__not_in] => Array ( ) [author__in] => Array ( ) [author__not_in] => Array ( ) [update_post_term_cache] => 1 [suppress_filters] => [cache_results] => 1 [lazy_load_term_meta] => 1 [update_post_meta_cache] => 1 [nopaging] => [comments_per_page] => 50 [no_found_rows] => ) [tax_query] => WP_Tax_Query Object ( [queries] => Array ( [0] => Array ( [taxonomy] => category [terms] => Array ( [0] => 14 [1] => 134 [2] => 1 ) [field] => term_id [operator] => IN [include_children] => 1 ) ) [relation] => AND [table_aliases:protected] => Array ( [0] => wpcm_term_relationships ) [queried_terms] => Array ( [category] => Array ( [terms] => Array ( [0] => 14 [1] => 134 [2] => 1 ) [field] => term_id ) ) [primary_table] => wpcm_posts [primary_id_column] => ID ) [meta_query] => WP_Meta_Query Object ( [queries] => Array ( ) [relation] => [meta_table] => [meta_id_column] => [primary_table] => [primary_id_column] => [table_aliases:protected] => Array ( ) [clauses:protected] => Array ( ) [has_or_relation:protected] => ) [date_query] => [request] => SELECT SQL_CALC_FOUND_ROWS wpcm_posts.ID FROM wpcm_posts LEFT JOIN wpcm_term_relationships ON (wpcm_posts.ID = wpcm_term_relationships.object_id) WHERE 1=1 AND ( wpcm_term_relationships.term_taxonomy_id IN (1,14,134) ) AND wpcm_posts.post_type = 'post' AND ((wpcm_posts.post_status = 'publish')) GROUP BY wpcm_posts.ID ORDER BY wpcm_posts.menu_order, wpcm_posts.post_date DESC LIMIT 24, 3 [posts] => Array ( [0] => WP_Post Object ( [ID] => 1448 [post_author] => 2 [post_date] => 2017-04-26 14:24:03 [post_date_gmt] => 2017-04-26 14:24:03 [post_content] => Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has been broken. Since FPE is actively deployed within the payment industry this will have implications for payment security and users of this technology. But how bad is the problem? And if you happen to be affected, what can you do?

A Closer Look At NIST and FPE

We've written about FPE on this blog before (see Learn More below). Our initial interest in FPE arose because, at first glance, it seemed to be too good to be true. We also wrote about some potential compliance issues that arise that have nothing to do with the strength of the cryptography used. When we first looked at FPE, NIST's backing provided much of the credibility. Frankly, we're not entirely surprised to see a break into FPE but we are surprised at how fast it happened. NIST originally considered three FPE modes called FF1, FF2, and FF3, or generically FFx. FF2 did not survive to publication and now FF3 has been broken by researchers Betül Durak (Rutgers University) and Serge Vaudenay (Ecole Polytechnique Fédérale de Lausanne). A paper is expected to follow later this year. The attack they developed is more effective on shorter data and should be computationally feasible on FPE-PAN. It remains to be seen if it will be feasible in real-world payment security use cases. From the NIST announcement:
  • NIST has concluded that FF3 is no longer suitable as a general-purpose FPE method.
  • FF3 clearly does not achieve the intended 128-bit security level
  • The researchers proposed a straightforward modification (i.e. fix) to FF3
  • NIST expects to revise 800-38G either to change the FF3 specification, or to withdraw the approval of FF3.
Recent years have seen changes over RSA-1024, RC4, SSL and early-TLS, and SHA-1 mandated by organizations like the PCI Council and the Certificate and Browser Authority which rely on NIST. Because PCI standards rely heavily upon NIST for guidance on strong cryptography and unless FF3 can be fixed, we expect its use will have to be phased out. This will impact merchants, 3rd party service providers, payment application vendors, and payment terminal manufacturers.

What To Do Next

Here are 7 things you should do if you are using any FPE solutions in your payment environment:
  1. Don't panic!
  2. Understand how you are using FPE so that you can analyze the risk in your particular use case(s)
  3. Contact and involve your encryption solution provider
  4. Understand which FPE algorithm you are using including key lengths and modes
  5. Plan for potential contingencies such as patching, logistics, costs, and timelines
  6. Monitor for new developments on this issue
  7. Update risk assessments and plans accordingly
So what are we concerned and not concerned about?
  • Based on the announcement, solutions using (randomized) format-preserving tokens won't be affected by a cryptographic problem.
  • The non-cryptographic compliance problem of FPE data remains unchanged. It's not a show stopper but it can be messy.
  • Currently, AES-FF1 is the only approved FPE mode.
  • Given that both FF2 and FF3 have been broken and broken relatively quickly, we can't help but wonder about future attacks on a fixed-FF3 or FF1.

Learn More

_______________________________________________________________ Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant. [post_title] => 7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => 7-things-to-do-with-fpe-break [to_ping] => [pinged] => https://controlgap.com/blog/format-preserving-encryption-and-cardholder-data/ https://controlgap.com/blog/format-preserving-encryption/ https://controlgap.com/blog/sha-1-is-dead/ [post_modified] => 2019-03-04 18:11:07 [post_modified_gmt] => 2019-03-04 18:11:07 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1448 [menu_order] => 158 [post_type] => post [post_mime_type] => [comment_count] => 2 [filter] => raw ) [1] => WP_Post Object ( [ID] => 1387 [post_author] => 7 [post_date] => 2017-04-11 20:01:06 [post_date_gmt] => 2017-04-11 20:01:06 [post_content] => New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to maintain compliance. Many organizations build their PCI compliance around DSS requirements and how they use cardholder data.  A common strategy to simplify compliance uses Primary Account Number (PAN) truncation to make cardholder data unreadable. PAN truncation rules haven't changed much since the early DSS.  Today, organizations can keep the first 6 and last 4 digits of PAN (6-4/*). So, any rule changes could affect merchants, service providers, and many others.

PCI Truncation Today

Before considering changes, stakeholders should also be aware of all current truncation requirements:
  • PCI truncation keeps the first 6 and last 4 digits. This works for all major card brands (see FAQ #1091).
  • Other regulations have truncation rules. Microsoft was recently fined by the FTC for violating FACTA which allows only the last 5 digits in customer receipts (this doesn't apply to internal reports). As FTC rules also apply to non-US companies doing business with US citizens, they and can apply to companies headquartered in Canada, Europe, and the rest of the world. This is an example of a law trumping PCI.
Recently the card brands proposed two changes to help card issuers. The first extended the length of PAN to 19 digits.  The second allowed for longer 8-digit BINs. These proposals will change PCI truncation rules. Masking rules shouldn't change as they deal with displays and not a storage. When we originally saw these, we expected straightforward and easy to implement truncation rules. We imagined combining today’s rules with a first 8 and last 4 rule for the new 19-digit PAN (8-4/19). However, these proposals aren't linked and the possibility of 8-digit BIN with 16-digit PAN could create implementation and compliance challenges. Notably Visa's bulletin on page 6 contains the following on the continued use of 16-digit PAN and PCI (note the underlined text):
Data Presented on Screens and Reports:
  • PCI DSS provisions already allow users with a legitimate business need to see any or all of the PAN digits. No changes are expected to accommodate the expansion of the BIN length.
Data at Rest:
  • Clients that use truncation as their only method of complying with the PCI requirement for protecting data at rest will need to add one or more of the other acceptable methods for data protection, such as encryption, hashing or tokenization.
Today's truncation rule destroys 6 digits. So, an attacker has a 1 in 100,000 chance of guessing the original PAN (the other 900,000 numbers fail the Luhn test). These odds permeate most PCI guidance and set a risk threshold. The table below shows how fictional PAN truncated under different rules would look:
PAN Rule Truncation Strength Compliance
9234567890123455 6-4/16 923456xxxxxx3455 1 : 100,000 PCI 3.2
923456789012349 6-4/15 923456xxxxx2349 1 : 10,000 PCI 3.2
9234567890120 6-4/13 923456xxx0120 1 : 100 PCI 3.2
9234567890123455 0-4/16 xxxxxxxxxxxx3455 1 : 50,000,000,000 PCI 3.2 and FTC (customer receipts)
9234567890123456787 6-4/19 923456xxxxxxxxx6787 1 : 10,000,000 PCI 3.2 compliant
9234567890123455 8-4/16 92345678xxxx3455 1 : 1,000 Not PCI 3.2 compliant
9234567890123456787 8-4/19 92345678xxxxxxx6787 1 : 1,000,000 Visa, MasterCard, but not PCI 3.2 compliant

Possible Updates And Changes

Clearly either the rules for truncation or the risk tolerance of the card brands must change.  If so, some key questions include:
  1. Implementation uncertainty raises stakeholder concerns.  Could PAN truncated under today's rules, come back into scope under new rules? Would stakeholders need to clean up old data?
  2. How will this affect applications that rely upon truncated data? New truncation rules could break applications that rely upon characteristics (e.g. a low collision rate) of today's truncated values.
Consider these possible rule changes (see update note for 2017-5-10 below):
  • Last 4 might break applications.
  • First 6 and last 4 cuts off new BINs. Full 8-digit BINs might be considered cardholder data needing DSS protection.
  • First 8 and last 4 might be too risky for the card brands to accept.
Many of these possible rules could be disruptive and have unforeseen and costly implications to:
  • Format preserving encryption and tokenization
  • Payment applications and middle-ware including customized and approved PA-DSS applications
  • Back-end systems
  • Analytic systems
  • Databases and reporting systems
  • Payment Terminal applications
Changing payment terminals can be expensive. Recent examples include:
  • Ongoing retirement of  PTS v1.0 terminals starting 2014
  • Forced deprecation of RSA 1024 certificates in 2014
  • Ongoing SSL and early TLS migration for vulnerable terminals staring 2015
  • Forced migration from SHA-1 certificates 2016
  • Upcoming retirement of  PTS v2.0 terminals starting 2017
We believe the payments industry needs to look at this important change as soon as possible.  Stakeholders must understand the impact of any new truncation rules. In our opinion, the rules need to clear, simple, and easy to implement with a minimum of ambiguity and impact. We hope this article leads to further industry discussion, analysis, and consensus. Note: Updated 2017-4-21 to cite Visa Bulletin on Data at Rest Note: Update: 2017-5-10 The PCI Council today clarified the truncation rules but issues and risks remain.

Learn More

_______________________________________________________________ Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant. [post_title] => 3 Ways 8-Digit BIN Ranges May Impact PCI Compliance [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => new-bin-ranges-and-pci-truncation [to_ping] => [pinged] => http://controlgap.com/blog/masking-and-truncation-in-pci-compliance/ http://controlgap.com/blog/sha-1-is-dead/ http://controlgap.com/blog/pci-truncation-rules-clarified/ [post_modified] => 2018-05-02 02:49:15 [post_modified_gmt] => 2018-05-02 02:49:15 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1387 [menu_order] => 161 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 1401 [post_author] => 7 [post_date] => 2017-03-14 14:50:57 [post_date_gmt] => 2017-03-14 14:50:57 [post_content] => In recent news, WikiLeaks exposed a huge trove of CIA documents.  Journalists and bloggers will of course have a field day with this and the general public will be spectators to another ongoing drama. From our perspective, thankfully, it sounds like WikiLeaks intends to work with vendors to fix vulnerabilities which will hopefully spare everyone from a shooting gallery of zero-day exploitation.

WikiLeaks and PCI Compliance

We, like many of you, were curious. We wondered what useful things might be gleaned from this.  In particular, how might PCI DSS, PA-DSS, PIN, and P2PE guidance hold up against the CIA’s guidance? What we found interesting was that after casting off the spy craft stuff like misdirection, misattribution, and uber-stealthy techniques, what was left could easily be taken from a PCI compliance and best practices document:
  • Don’t use proprietary crypto
  • Don’t use deprecated crypto e.g. SHA-1
  • Don’t rely solely on SSL/TLS
  • Don’t write plain text to disk
  • Don’t keep data in memory longer than needed
  • Do use end to end encryption
  • Do compress data prior to encryption
  • Do use standardized crypto libraries
  • Do use strong crypto like AES 256 in an appropriate operational mode
  • Do use strong HMAC’s and Hashes e.g. SHA-256 or better
  • Do use HMACs not hashes for integrity
  • Do use strong key management
  • Don’t use asymmetric crypto for bulk data encryption
  • Do use asymmetric crypto to exchange secret keys
  • Do use a good source of entropy for key generation
  • Don’t reuse keys for different purposes
  • Don’t use related keys
  • Do securely delete data from disk
  • Do testing against the requirements of best practice
  • Do testing on all supported program variants

Learn more

_______________________________________________________________ Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant. [post_title] => What The CIA WikiLeaks Dump Has In Common With PCI Compliance [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => wikileaks-cia-and-pci-compliance [to_ping] => [pinged] => [post_modified] => 2018-05-02 02:49:54 [post_modified_gmt] => 2018-05-02 02:49:54 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1401 [menu_order] => 164 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 3 [current_post] => -1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 1448 [post_author] => 2 [post_date] => 2017-04-26 14:24:03 [post_date_gmt] => 2017-04-26 14:24:03 [post_content] => Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has been broken. Since FPE is actively deployed within the payment industry this will have implications for payment security and users of this technology. But how bad is the problem? And if you happen to be affected, what can you do?

A Closer Look At NIST and FPE

We've written about FPE on this blog before (see Learn More below). Our initial interest in FPE arose because, at first glance, it seemed to be too good to be true. We also wrote about some potential compliance issues that arise that have nothing to do with the strength of the cryptography used. When we first looked at FPE, NIST's backing provided much of the credibility. Frankly, we're not entirely surprised to see a break into FPE but we are surprised at how fast it happened. NIST originally considered three FPE modes called FF1, FF2, and FF3, or generically FFx. FF2 did not survive to publication and now FF3 has been broken by researchers Betül Durak (Rutgers University) and Serge Vaudenay (Ecole Polytechnique Fédérale de Lausanne). A paper is expected to follow later this year. The attack they developed is more effective on shorter data and should be computationally feasible on FPE-PAN. It remains to be seen if it will be feasible in real-world payment security use cases. From the NIST announcement:
  • NIST has concluded that FF3 is no longer suitable as a general-purpose FPE method.
  • FF3 clearly does not achieve the intended 128-bit security level
  • The researchers proposed a straightforward modification (i.e. fix) to FF3
  • NIST expects to revise 800-38G either to change the FF3 specification, or to withdraw the approval of FF3.
Recent years have seen changes over RSA-1024, RC4, SSL and early-TLS, and SHA-1 mandated by organizations like the PCI Council and the Certificate and Browser Authority which rely on NIST. Because PCI standards rely heavily upon NIST for guidance on strong cryptography and unless FF3 can be fixed, we expect its use will have to be phased out. This will impact merchants, 3rd party service providers, payment application vendors, and payment terminal manufacturers.

What To Do Next

Here are 7 things you should do if you are using any FPE solutions in your payment environment:
  1. Don't panic!
  2. Understand how you are using FPE so that you can analyze the risk in your particular use case(s)
  3. Contact and involve your encryption solution provider
  4. Understand which FPE algorithm you are using including key lengths and modes
  5. Plan for potential contingencies such as patching, logistics, costs, and timelines
  6. Monitor for new developments on this issue
  7. Update risk assessments and plans accordingly
So what are we concerned and not concerned about?
  • Based on the announcement, solutions using (randomized) format-preserving tokens won't be affected by a cryptographic problem.
  • The non-cryptographic compliance problem of FPE data remains unchanged. It's not a show stopper but it can be messy.
  • Currently, AES-FF1 is the only approved FPE mode.
  • Given that both FF2 and FF3 have been broken and broken relatively quickly, we can't help but wonder about future attacks on a fixed-FF3 or FF1.

Learn More

_______________________________________________________________ Becoming PCI Compliant can be difficult, so why not let Control Gap guide you. We are the largest dedicated PCI compliance company in Canada. Contact us today and learn more about how we can help you: Get PCI Compliant. Stay PCI Compliant. [post_title] => 7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => 7-things-to-do-with-fpe-break [to_ping] => [pinged] => https://controlgap.com/blog/format-preserving-encryption-and-cardholder-data/ https://controlgap.com/blog/format-preserving-encryption/ https://controlgap.com/blog/sha-1-is-dead/ [post_modified] => 2019-03-04 18:11:07 [post_modified_gmt] => 2019-03-04 18:11:07 [post_content_filtered] => [post_parent] => 0 [guid] => http://controlgap.com/?p=1448 [menu_order] => 158 [post_type] => post [post_mime_type] => [comment_count] => 2 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 57 [max_num_pages] => 19 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => 1 [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => 1 [is_tag] => [is_tax] => [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => 1 [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => 6cc0af5baab8f43c44ef5632f0aeedf7 [query_vars_changed:WP_Query:private] => 1 [thumbnails_cached] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) )
7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise
April 26 2017

Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they’ve issued a news release that one of the approved modes has been broken. Since FPE is actively deployed within the payment industry this will have implications for payment security and users of this technology. But how bad is the problem? And if

Read More
3 Ways 8-Digit BIN Ranges May Impact PCI Compliance
April 11 2017

New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to maintain compliance. Many organizations build their PCI compliance around DSS requirements and how they use cardholder data.  A common strategy to simplify compliance uses Primary Account Number (PAN) truncation to make cardholder data unreadable. PAN truncation

Read More
What The CIA WikiLeaks Dump Has In Common With PCI Compliance
March 14 2017

In recent news, WikiLeaks exposed a huge trove of CIA documents.  Journalists and bloggers will of course have a field day with this and the general public will be spectators to another ongoing drama. From our perspective, thankfully, it sounds like WikiLeaks intends to work with vendors to fix vulnerabilities which will hopefully spare everyone

Read More

e-newsletter

Want important PCI information delivered to you? Sign-up to our e-newsletter and be the first one to know about industry news and trend, offers and promotions.

×

Contact

×

PCI Pilot™ is coming soon!

Our highly-anticipated online tool will be launching very soon to make your PCI SAQ process quick and seamless.

Sign-up today and be among the first to know when PCI Pilot™ is live!