Efficient LFSR Based Distance Bounding Protocol for Contactless EMV Payments

This paper focuses on relay attacks against EMV based contactless payment cards. EMV is a standard for payments via smart cards. In a typical relay attack on contactless cards, the attacker launches the attack by relaying the legitimate user's card information to another malicious device, in proximity to the verifier. This technique is used by the attacker to burglarize money from the victim's card. Designing an efficient distance bounding protocol is a promising solution to defeat relay attacks. We study the dominant payment protocols in EMV contactless cards (Visa's payWave, Mastercard's PayPass, and PaySafe) and identify the existing vulnerabilities in these protocols. A practical relay attack on the latest EMV payment protocol - PaySafe is performed. Contactless payments are fast becoming a key instrument in the payment industry, and the future technologies must aim towards convenience and security. We propose a light weight protocol that suits well with the current EMV specification. Our protocol is based on LFSR, which supports exchange of a small string of bits through a time critical channel.