If retailers insist on using out-of-the box operating
systems to process card payments in electronic cash registers (ECR) then the
least they can do is perform the minor calculations needed to determine that
throughput within the ECR meets nominal expectations. Microsoft has provided
various functions to monitor processing such as QueryPerformanceCounter (QPC). It
is possible to use these functions to determine if there is unusual activity within
an ECR.
ECR suppliers can create benchmarks for movement of
financial data across their platforms both before and after distribution to
customers. Timing begins before reading a port containing external financial
data and ends at the point after clearing memory containing financial data just
before returning control to a non-financial data processing application.
A terminate stay resident (TSR) application then can read
the measurements on a continual basis and determine if increased processing
time indicates a likely data scraping attack. The following rough pseudo code
gives an example of this type of countermeasure to a data scraping attack
.
Read Timer
with highest resolution possible
Process Financial Transaction
Wipe financial data from application
memory and I/O buffers
Read Timer
with highest resolution possible
Write End
timer results – Begin timer results to next position of data store for TSR
The TSR then continually looks at the values in its data
store and if the values start increasing consistently beyond a reasonable deviation
variable then the TSR performs actions based on its configuration.
This simple method comes from descriptions of data scraping
attacks in various media. The presumption that these attacks originate within the
ECR ensure that monitoring activity occurs for only one financial transaction
at a time. If the data scraping attacks occur further up stream then similar
methods of measuring throughput are possible, however the complexity of the
approach increases.
The pseudo code mentions the wipe of application memory
containing financial data. If applications do not contain this step then this
monitoring approach is futile. So please developers and ECR manufacturers, wipe
after flushing.
No comments:
Post a Comment