A systematic security analysis of EMV protocol

被引：0

作者：

Lan, Xiao ^{[1
,3
]}

Xu, Jing ^{[2
,3
]}

Zhang, Zhenfeng ^{[2
]}

Chen, Xingshu ^{[1
,4
]}

Luo, Yonggang ^{[1
]}

机构：

[1] Sichuan Univ, Cyber Sci Res Inst, Chengdu 610207, Peoples R China

[2] Inst Software, Chinese Acad Sci, Trusted Comp & Informat Assurance Lab, Beijing 100190, Peoples R China

[3] State Key Lab Cryptol, Beijing 100878, Peoples R China

[4] Sichuan Univ, Sch Cyber Sci & Engn, Chengdu 610207, Peoples R China

来源：

COMPUTER STANDARDS & INTERFACES | 2023年 / 84卷

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

EMV; Chip-and-PIN; Three-party security model; Provable security; Authentication; Authorization; VERIFICATION; SCHEME;

D O I：

10.1016/j.csi.2022.103700

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

EMV is the leading and widely used international standard for payment with smart cards. The EMV specification defines a highly configurable toolkit for payment protocols, which allows different combinations of card authentication, cardholder authentication and transaction authorization. Due to its complexity and its flexibility, it is difficult to comprehensively analyze the security of EMV standard, yet it is critical to obtain practical security guarantees for EMV. In this paper, we present the first systematic and formal treatment of EMV protocol. We introduce a three-party security model, covering all known kinds of combinations and providing reasonably strong security notions. Furthermore, via a modular approach, we prove that the EMV protocol with reasonable improvement can achieve our desired security. We also identify various known attacks on EMV protocol in our security model.

引用

页数：10

共 50 条

[21] A tokenization technique for improving the security of EMV contactiess cards
Al-Maliki, Ossama
Al-Assam, Hisham
INFORMATION SECURITY JOURNAL, 2022, 31 (05): : 511 - 526
[22] On the Security of the EMV Secure Messaging API (Extended Abstract)
Adida, Ben
Bond, Mike
Clulow, Jolyon
Lin, Amerson
Anderson, Ross
Rivest, Ronald L.
SECURITY PROTOCOLS, 2010, 5964 : 147 - 149
[23] Security Failures in EMV Smart Card Payment Systems
Ahmad, Zubair
Zeki, Akram M.
Olowolayemo, Akeem
2016 6TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY FOR THE MUSLIM WORLD (ICT4M), 2016, : 240 - 243
[24] On the security of NON-RSA EMV payment cards
Trolin, M
EUROMEDIA '2005: 11th Annual Euromedia Conference, 2005, : 57 - 61
[25] On the Security of the EMV Secure Messaging API (Transcript of Discussion)
Clulow, Jolyon
SECURITY PROTOCOLS, 2010, 5964 : 150 - 151
[26] Developments in electronic payment systems security -: EMV and CEPS
Ward, M
INTEGRITY, INTERNAL CONTROL AND SECURITY IN INFORMATION SYSTEMS: CONNECTING GOVERNANCE AND TECHNOLOGY, 2002, 83 : 103 - 111
[27] Automated Reasoning for Security Protocol Analysis
Alessandro Armando
David Basin
Jorge Cuellar
Michaël Rusinowitch
Luca Viganò
Journal of Automated Reasoning, 2006, 36 : 1 - 3
[28] Hazard analysis for security protocol requirements
Foster, N
Jacob, J
ADVANCES IN NETWORK AND DISTRIBUTED SYSTEMS SECURITY, 2001, 78 : 75 - 92
[29] Security Analysis of the RaSTA Safety Protocol
Heinrich, Markus
Vieten, Jannik
Arul, Tolga
Katzenbeisser, Stefan
2018 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 2018, : 199 - 204
[30] Security analysis of routing protocol for MANET
Wang, Ying-long
Wang, Ji-zhi
Wang, Mei-qin
2006 10TH INTERNATIONAL CONFERENCE ON COMPUTER SUPPORTED COOPERATIVE WORK IN DESIGN, PROCEEDINGS, VOLS 1 AND 2, 2006, : 920 - 923

← 1 2 3 4 5 →