logo.png
Guided Website Threat Review

Foregenix Blog

Kirsty Trainer

The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

PCI, PA-DSS and P2PE

,30/11/15 14:17

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix

The encryption key infrastructure usually used in PCI P2PE solutions is based on the DUKPT (pronounced duck-putt) model. This key hierarchy was initially designed by Visa in 1987 and is documented in ANSI x9.24. DUKPT means Derived Unique Key Per Transaction and means that every transaction iprotected using a different encryption key such that compromise of a single encryption key will not compromise the overall solution. In a P2PE solution, this works as follows:

A BDK (Base Derivation Key) is created on the HSM (Hardware Security Module). The BDK is the top level key in the hierarchy. In a P2PE solution, all encryption will take place on the PED (PIN Entry Device) and all decryption will take place on the HSM. The BDK on the HSM must be able to identify which encryption key was used to encrypt the transaction data in order to derive the appropriate key for decryption.

Once the BDK has been created, it is possible to derive an IPEK (Initial PIN Encryption Key) from the BDK by using the inputs of the BDK reference ID and the terminal serial number. We can consider the IPEK to be the second level in the key hierarchy. We have the top level BDK and we have an IPEK per payment terminal. The IPEK is injected to the payment terminal and the future keys which will be used for encryption of transaction data are derived from the IPEK. Typically this derivation will permit circa one million future keys per device.

At this point we have three levels of keys, the BDK, of which there is one, the IPEK, of which there is one per terminal and the future keys, of which there are circa one million per terminal.

Note that while the BDK is created on the HSM, the BDK will often have been transported to Key Injection Facilities in order that the IPEK can be derived from the BDK for each device and the IPEK injected to derive the future keys on the terminal. This process can also be automated for remote key distribution though the mechanisms are the same.

The above describes the general key hierarchy so how does this work in a transaction?

A terminal receives a transaction and encrypts the data with an encryption key. This key has a KSN (Key Serial Number). The message is returned to the decryption environment containing the reference of the device serial number (the input for the BDK) and the KSN. This allows the BDK to generate the appropriate IPEK (using the terminal ID input) and the future keys from that IPEK and to identify the key corresponding to the KSN provided in the transaction message. Once that key has been used, the KSN counter increments such that that key was unique for that transaction and will not be used again.

Note that the key management in a P2PE solution will also feature a number of other keys. For example, there will likely be a separate DUKPT key infrastructure for PIN (note that each key must be for its own purpose so the PAN and PIN BDKs cannot be shared). Similarly, there will likely be a key for exporting keys between devices (for keys encrypting other keys, the encrypting key must be of equivalent strength to the key it is encrypting). Finally, if the above is taking place with asymmetric key distribution, there are requirements for the management of the PKI and the specific uses of that PKI.

If you’d like more information on this topic, you may be interested in checking out this reference: ANSI X9.24-1:2009 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (available at http://webstore.ansi.org/FindStandards.aspx?SearchString=X9.24-1&SearchOption=0&PageNum=0&SearchTermsArray=null%7cX9.24-1%7cnull

Please contact us if you'd like to chat about P2PE & your business. 

Guided Website Threat ReviewGuided Website Threat Review

TRENDING POSTS

Kirsty Trainer
The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More
Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More

Cyber Security Insights

Andrew McKenna
14/09/17 11:50

Containers: Keeping You Secure

Given there’s a lot of talk about containerisation in the applications marketplace at the moment, this post is intended to provide a light ...

Read More

Jake Dennys
11/09/17 13:04

Foregenix Achieve 11 Award Nominations in 6 Months

As a UK-based cybersecurity firm, our employees and clients touch every continent on the globe. Despite the company’s small size, with only 91 ...

Read More

Zacharias Pigadas
08/09/17 15:45

Getting The Most Out Of Your Web Application Penetration Test

The purpose of this post is to help clients better prepare, digest and act upon the results of a web application penetration test. A large amount of ...

Read More

Andrew McKenna
06/09/17 09:54

An Introduction to DevOps

We’ll start at the beginning and ramp up really quickly. DevOps is a portmanteau of development and operations. We can consider it to mean automation ...

Read More

Ewan Gardner
07/08/17 14:51

Anatomy Of A Magento Attack: Froghopper

  Magento is the most popular eCommerce web application in the world, with an estimated 236,000 live web sites using the Content Management System ...

Read More