A systematic security analysis of EMV protocol

被引:0
|
作者
Lan, Xiao [1 ,3 ]
Xu, Jing [2 ,3 ]
Zhang, Zhenfeng [2 ]
Chen, Xingshu [1 ,4 ]
Luo, Yonggang [1 ]
机构
[1] Sichuan Univ, Cyber Sci Res Inst, Chengdu 610207, Peoples R China
[2] Inst Software, Chinese Acad Sci, Trusted Comp & Informat Assurance Lab, Beijing 100190, Peoples R China
[3] State Key Lab Cryptol, Beijing 100878, Peoples R China
[4] Sichuan Univ, Sch Cyber Sci & Engn, Chengdu 610207, Peoples R China
来源
COMPUTER STANDARDS & INTERFACES | 2023年 / 84卷
基金
国家重点研发计划; 中国国家自然科学基金;
关键词
EMV; Chip-and-PIN; Three-party security model; Provable security; Authentication; Authorization; VERIFICATION; SCHEME;
D O I
10.1016/j.csi.2022.103700
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
EMV is the leading and widely used international standard for payment with smart cards. The EMV specification defines a highly configurable toolkit for payment protocols, which allows different combinations of card authentication, cardholder authentication and transaction authorization. Due to its complexity and its flexibility, it is difficult to comprehensively analyze the security of EMV standard, yet it is critical to obtain practical security guarantees for EMV. In this paper, we present the first systematic and formal treatment of EMV protocol. We introduce a three-party security model, covering all known kinds of combinations and providing reasonably strong security notions. Furthermore, via a modular approach, we prove that the EMV protocol with reasonable improvement can achieve our desired security. We also identify various known attacks on EMV protocol in our security model.
引用
收藏
页数:10
相关论文
共 50 条
  • [1] Security Enhancements in EMV Protocol for NFC Mobile Payment
    El Madhoun, Nour
    Pujolle, Guy
    2016 IEEE TRUSTCOM/BIGDATASE/ISPA, 2016, : 1889 - 1895
  • [2] Towards more secure EMV purchase transactionsA new security protocol formally analyzed by the Scyther tool
    Nour El Madhoun
    Emmanuel Bertin
    Mohamad Badra
    Guy Pujolle
    Annals of Telecommunications, 2021, 76 : 203 - 222
  • [3] Towards more secure EMV purchase transactions A new security protocol formally analyzed by the Scyther tool
    El Madhoun, Nour
    Bertin, Emmanuel
    Badra, Mohamad
    Pujolle, Guy
    ANNALS OF TELECOMMUNICATIONS, 2021, 76 (3-4) : 203 - 222
  • [4] Fingerprint Security for Protecting EMV Payment Cards
    Vats, Himanshu
    Ruhl, Ron
    Aghili, Shaun
    2015 10TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2015, : 95 - 101
  • [5] Security Analysis of SKI Protocol
    Babvey, Pouria
    Yajam, Habib Allah
    Eghlidos, Taraneh
    2014 11TH INTERNATIONAL ISC CONFERENCE ON INFORMATION SECURITY AND CRYPTOLOGY (ISCISC), 2014, : 199 - 203
  • [6] Security Analysis of the SASI Protocol
    Cao, Tianjie
    Bertino, Elisa
    Lei, Hong
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2009, 6 (01) : 73 - 77
  • [7] Security Failures in EMV Smart Card Payment Systems
    Ahmad, Zubair
    Zeki, Akram M.
    Olowolayemo, Akeem
    2016 6TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY FOR THE MUSLIM WORLD (ICT4M), 2016, : 240 - 243
  • [8] Comparing State Spaces in Automatic Security Protocol Analysis
    Cremers, Cas J. F.
    Lafourcade, Pascal
    Nadeau, Philippe
    FORMAL TO PRACTICAL SECURITY, 2009, 5458 : 70 - +
  • [9] Distributed temporal logic for the analysis of security protocol models
    Basin, David
    Caleiro, Carlos
    Ramos, Jaime
    Vigano, Luca
    THEORETICAL COMPUTER SCIENCE, 2011, 412 (31) : 4007 - 4043
  • [10] A tokenization technique for improving the security of EMV contactiess cards
    Al-Maliki, Ossama
    Al-Assam, Hisham
    INFORMATION SECURITY JOURNAL, 2022, 31 (05): : 511 - 526
12345