A systematic security analysis of EMV protocol

被引：0

作者：

Lan, Xiao ^{[1
,3
]}

Xu, Jing ^{[2
,3
]}

Zhang, Zhenfeng ^{[2
]}

Chen, Xingshu ^{[1
,4
]}

Luo, Yonggang ^{[1
]}

机构：

[1] Sichuan Univ, Cyber Sci Res Inst, Chengdu 610207, Peoples R China

[2] Inst Software, Chinese Acad Sci, Trusted Comp & Informat Assurance Lab, Beijing 100190, Peoples R China

[3] State Key Lab Cryptol, Beijing 100878, Peoples R China

[4] Sichuan Univ, Sch Cyber Sci & Engn, Chengdu 610207, Peoples R China

来源：

COMPUTER STANDARDS & INTERFACES | 2023年 / 84卷

基金：

国家重点研发计划; 中国国家自然科学基金;

关键词：

EMV; Chip-and-PIN; Three-party security model; Provable security; Authentication; Authorization; VERIFICATION; SCHEME;

D O I：

10.1016/j.csi.2022.103700

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

EMV is the leading and widely used international standard for payment with smart cards. The EMV specification defines a highly configurable toolkit for payment protocols, which allows different combinations of card authentication, cardholder authentication and transaction authorization. Due to its complexity and its flexibility, it is difficult to comprehensively analyze the security of EMV standard, yet it is critical to obtain practical security guarantees for EMV. In this paper, we present the first systematic and formal treatment of EMV protocol. We introduce a three-party security model, covering all known kinds of combinations and providing reasonably strong security notions. Furthermore, via a modular approach, we prove that the EMV protocol with reasonable improvement can achieve our desired security. We also identify various known attacks on EMV protocol in our security model.

引用

页数：10

共 50 条

[21] EMV-Compatible Offline Mobile Payment Protocol with Mutual Authentication
Luo, Jia-Ning
Yang, Ming-Hour
[J]. SENSORS, 2019, 19 (21)
[22] EMV-TLS, a Secure Payment Protocol For NFC Enabled Mobiles
Urien, Pascal
[J]. PROCEEDINGS OF THE 2014 INTERNATIONAL CONFERENCE ON COLLABORATION TECHNOLOGIES AND SYSTEMS (CTS), 2014, : 203 - 210
[23] Security analysis and enhancements of an improved authentication for session initiation protocol with provable security
Farash, Mohammad Sabzinejad
[J]. PEER-TO-PEER NETWORKING AND APPLICATIONS, 2016, 9 (01) : 82 - 91
[24] The Security Analysis and Attacks Detection of OSPF Routing Protocol
Wang Ming-hao
[J]. 2014 7TH INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTATION TECHNOLOGY AND AUTOMATION (ICICTA), 2014, : 837 - 840
[25] Security and performance analysis of the SEAP authentication protocol in MANETs
Maity, Soumyadev
Hansdah, R. C.
[J]. INTERNATIONAL JOURNAL OF AD HOC AND UBIQUITOUS COMPUTING, 2017, 24 (03) : 183 - 203
[26] Application of colored petri nets in security protocol analysis
Zhang, Jialin
Miao, Xianghua
[J]. PROCEEDINGS OF INTERNATIONAL CONFERENCE ON ALGORITHMS, SOFTWARE ENGINEERING, AND NETWORK SECURITY, ASENS 2024, 2024, : 676 - 682
[27] Analysis on security of EMSR protocol in wireless sensor network
Han, Jian-Hua
Wu, Liu-Fei
[J]. Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China, 2009, 38 (03): : 401 - 405
[28] An Improved Security Protocol Formal Analysis with BAN Logic
Li Tingyuan
Liu Xiaodong
Qin Zhiguang
Zhang Xuanfang
[J]. ECBI: 2009 INTERNATIONAL CONFERENCE ON ELECTRONIC COMMERCE AND BUSINESS INTELLIGENCE, PROCEEDINGS, 2009, : 102 - +
[29] Security Analysis of the Consumer Remote SIM Provisioning Protocol
Ahmed, Abu Shohel
Peltonen, Aleksi
Sethi, Mohit
Aura, Tuomas
[J]. ACM TRANSACTIONS ON PRIVACY AND SECURITY, 2024, 27 (03)
[30] Security and Effectiveness Analysis of the Gateway Integrity Checking Protocol
de Lucena, Mateus M.
Frohlich, Antonio Augusto
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (04) : 2396 - 2404

← 1 2 3 4 5 →