logo.png
Guided Website Threat Review

Foregenix Blog

Kirsty Trainer

The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

PCI, PA-DSS and P2PE

,30/11/15 14:17

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix

The encryption key infrastructure usually used in PCI P2PE solutions is based on the DUKPT (pronounced duck-putt) model. This key hierarchy was initially designed by Visa in 1987 and is documented in ANSI x9.24. DUKPT means Derived Unique Key Per Transaction and means that every transaction iprotected using a different encryption key such that compromise of a single encryption key will not compromise the overall solution. In a P2PE solution, this works as follows:

A BDK (Base Derivation Key) is created on the HSM (Hardware Security Module). The BDK is the top level key in the hierarchy. In a P2PE solution, all encryption will take place on the PED (PIN Entry Device) and all decryption will take place on the HSM. The BDK on the HSM must be able to identify which encryption key was used to encrypt the transaction data in order to derive the appropriate key for decryption.

Once the BDK has been created, it is possible to derive an IPEK (Initial PIN Encryption Key) from the BDK by using the inputs of the BDK reference ID and the terminal serial number. We can consider the IPEK to be the second level in the key hierarchy. We have the top level BDK and we have an IPEK per payment terminal. The IPEK is injected to the payment terminal and the future keys which will be used for encryption of transaction data are derived from the IPEK. Typically this derivation will permit circa one million future keys per device.

At this point we have three levels of keys, the BDK, of which there is one, the IPEK, of which there is one per terminal and the future keys, of which there are circa one million per terminal.

Note that while the BDK is created on the HSM, the BDK will often have been transported to Key Injection Facilities in order that the IPEK can be derived from the BDK for each device and the IPEK injected to derive the future keys on the terminal. This process can also be automated for remote key distribution though the mechanisms are the same.

The above describes the general key hierarchy so how does this work in a transaction?

A terminal receives a transaction and encrypts the data with an encryption key. This key has a KSN (Key Serial Number). The message is returned to the decryption environment containing the reference of the device serial number (the input for the BDK) and the KSN. This allows the BDK to generate the appropriate IPEK (using the terminal ID input) and the future keys from that IPEK and to identify the key corresponding to the KSN provided in the transaction message. Once that key has been used, the KSN counter increments such that that key was unique for that transaction and will not be used again.

Note that the key management in a P2PE solution will also feature a number of other keys. For example, there will likely be a separate DUKPT key infrastructure for PIN (note that each key must be for its own purpose so the PAN and PIN BDKs cannot be shared). Similarly, there will likely be a key for exporting keys between devices (for keys encrypting other keys, the encrypting key must be of equivalent strength to the key it is encrypting). Finally, if the above is taking place with asymmetric key distribution, there are requirements for the management of the PKI and the specific uses of that PKI.

If you’d like more information on this topic, you may be interested in checking out this reference: ANSI X9.24-1:2009 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (available at http://webstore.ansi.org/FindStandards.aspx?SearchString=X9.24-1&SearchOption=0&PageNum=0&SearchTermsArray=null%7cX9.24-1%7cnull

Please contact us if you'd like to chat about P2PE & your business. 

Guided Website Threat ReviewGuided Website Threat Review

TRENDING POSTS

Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More
Kirsty Trainer
The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Duncan Slater
21/07/17 10:15

Foregenix Review of the Office for National Statistics Crime Survey

Today [July 20th 2017] the Office for National Statistics in the UK released their annual Crime Survey for England and Wales (CSEW), for the twelve ...

Read More

Benjamin Hosack
10/07/17 16:40

Magento Websites: How is the security health of your website?

Cyber security is a hot topic, with articles appearing most days within the mainstream media.  As consumers, we’re all becoming more cyber-aware as ...

Read More

Kirsty Trainer
07/07/17 16:41

Take the Guesswork Out of Your Website Security

Let’s say that someone approaches you on the street one day. They point to a busy shop across the street, and they say to you, “That’s my store, and ...

Read More

Andrew McKenna
06/07/17 16:21

Why You Need To Defend Against Nation State Attacks

A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a ...

Read More

David Kirkpatrick
05/07/17 10:57

Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering ...

Read More