A systematic security analysis of EMV protocol

被引：0

作者：

Lan, Xiao ^{[1
,3
]}

Xu, Jing ^{[2
,3
]}

Zhang, Zhenfeng ^{[2
]}

Chen, Xingshu ^{[1
,4
]}

Luo, Yonggang ^{[1
]}

机构：

[1] Sichuan Univ, Cyber Sci Res Inst, Chengdu 610207, Peoples R China

[2] Inst Software, Chinese Acad Sci, Trusted Comp & Informat Assurance Lab, Beijing 100190, Peoples R China

[3] State Key Lab Cryptol, Beijing 100878, Peoples R China

[4] Sichuan Univ, Sch Cyber Sci & Engn, Chengdu 610207, Peoples R China

来源：

COMPUTER STANDARDS & INTERFACES | 2023年 / 84卷

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

EMV; Chip-and-PIN; Three-party security model; Provable security; Authentication; Authorization; VERIFICATION; SCHEME;

D O I：

10.1016/j.csi.2022.103700

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

EMV is the leading and widely used international standard for payment with smart cards. The EMV specification defines a highly configurable toolkit for payment protocols, which allows different combinations of card authentication, cardholder authentication and transaction authorization. Due to its complexity and its flexibility, it is difficult to comprehensively analyze the security of EMV standard, yet it is critical to obtain practical security guarantees for EMV. In this paper, we present the first systematic and formal treatment of EMV protocol. We introduce a three-party security model, covering all known kinds of combinations and providing reasonably strong security notions. Furthermore, via a modular approach, we prove that the EMV protocol with reasonable improvement can achieve our desired security. We also identify various known attacks on EMV protocol in our security model.

引用

页数：10

共 50 条

[1] Security Analysis of EMV Protocol and Approaches for Strengthening It
Shrikrishna, Khedkar
Kumar, N. V. Narendra
Shyamasundar, R. K.
DISTRIBUTED COMPUTING AND INTERNET TECHNOLOGY (ICDCIT 2018), 2018, 10722 : 69 - 85
[2] Security Analysis of EMV Channel Establishment Protocol in An Enhanced Security Model
Guo, Yanfei
Zhang, Zhenfeng
Zhang, Jiang
Hu, Xuexian
INFORMATION AND COMMUNICATIONS SECURITY, ICICS 2014, 2015, 8958 : 305 - 320
[3] An Overview of the EMV Protocol and Its Security Vulnerabilities
El Madhoun, Nour
Bertin, Emmanuel
Pujolle, Guy
PROCEEDINGS OF THE 2018 FOURTH INTERNATIONAL CONFERENCE ON MOBILE AND SECURE SERVICES (MOBISECSERV), 2018,
[4] Security Enhancements in EMV Protocol for NFC Mobile Payment
El Madhoun, Nour
Pujolle, Guy
2016 IEEE TRUSTCOM/BIGDATASE/ISPA, 2016, : 1889 - 1895
[5] Formal Analysis of the EMV Protocol Suite
de Ruiter, Joeri
Poll, Erik
THEORY OF SECURITY AND APPLICATIONS, 2012, 6993 : 113 - 129
[6] On the Security of the TLS Protocol: A Systematic Analysis
Krawczyk, Hugo
Paterson, Kenneth G.
Wee, Hoeteck
ADVANCES IN CRYPTOLOGY - CRYPTO 2013, PT I, 2013, 8042 : 429 - 448
[7] Security Enhanced EMV-Based Mobile Payment Protocol
Yang, Ming-Hour
SCIENTIFIC WORLD JOURNAL, 2014,
[8] On the Joint Security of Encryption and Signature in EMV
Degabriele, Jean Paul
Lehmann, Anja
Paterson, Kenneth G.
Smart, Nigel P.
Strefler, Mario
TOPICS IN CRYPTOLOGY - CT-RSA 2012, 2012, 7178 : 116 - +
[9] VWANALYZER: A Systematic Security Analysis Framework for the Voice over WiFi Protocol
Lee, Hyunwoo
Karim, Imtiaz
Li, Ninghui
Bertino, Elisa
ASIA CCS'22: PROCEEDINGS OF THE 2022 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2022, : 182 - 195
[10] Towards more secure EMV purchase transactionsA new security protocol formally analyzed by the Scyther tool
Nour El Madhoun
Emmanuel Bertin
Mohamad Badra
Guy Pujolle
Annals of Telecommunications, 2021, 76 : 203 - 222

← 1 2 3 4 5 →