A systematic security analysis of EMV protocol

被引:0
|
作者
Lan, Xiao [1 ,3 ]
Xu, Jing [2 ,3 ]
Zhang, Zhenfeng [2 ]
Chen, Xingshu [1 ,4 ]
Luo, Yonggang [1 ]
机构
[1] Sichuan Univ, Cyber Sci Res Inst, Chengdu 610207, Peoples R China
[2] Inst Software, Chinese Acad Sci, Trusted Comp & Informat Assurance Lab, Beijing 100190, Peoples R China
[3] State Key Lab Cryptol, Beijing 100878, Peoples R China
[4] Sichuan Univ, Sch Cyber Sci & Engn, Chengdu 610207, Peoples R China
来源
COMPUTER STANDARDS & INTERFACES | 2023年 / 84卷
基金
中国国家自然科学基金; 国家重点研发计划;
关键词
EMV; Chip-and-PIN; Three-party security model; Provable security; Authentication; Authorization; VERIFICATION; SCHEME;
D O I
10.1016/j.csi.2022.103700
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
EMV is the leading and widely used international standard for payment with smart cards. The EMV specification defines a highly configurable toolkit for payment protocols, which allows different combinations of card authentication, cardholder authentication and transaction authorization. Due to its complexity and its flexibility, it is difficult to comprehensively analyze the security of EMV standard, yet it is critical to obtain practical security guarantees for EMV. In this paper, we present the first systematic and formal treatment of EMV protocol. We introduce a three-party security model, covering all known kinds of combinations and providing reasonably strong security notions. Furthermore, via a modular approach, we prove that the EMV protocol with reasonable improvement can achieve our desired security. We also identify various known attacks on EMV protocol in our security model.
引用
收藏
页数:10
相关论文
共 50 条
  • [31] Security Analysis on InfiniBand Protocol Implementations
    Subedi, Kul Prasad
    Dasgupta, Dipankar
    Chen, Bo
    PROCEEDINGS OF 2016 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (SSCI), 2016,
  • [32] Automated reasoning for security protocol analysis
    Armando, Alessandro
    Basin, David
    Cuellar, Jorge
    Rusinowitch, Michael
    Vigano, Luca
    JOURNAL OF AUTOMATED REASONING, 2006, 36 (1-2) : 1 - 3
  • [33] A security analysis of LOADng routing protocol
    Glissa, Ghada
    Meddeb, Aref
    2017 IEEE/ACS 14TH INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS (AICCSA), 2017, : 1070 - 1074
  • [34] INTERROGATOR: PROTOCOL SECURITY ANALYSIS.
    Millen, Jonathan K.
    Clark, Sidney C.
    Freedman, Sheryl B.
    IEEE Transactions on Software Engineering, 1987, SE-13 (02) : 274 - 288
  • [35] Security Analysis and Configuration of SSL Protocol
    Liu Niansheng
    Yang Guohao
    Wang Yu
    Guo Donghui
    2008 2ND INTERNATIONAL CONFERENCE ON ANTI-COUNTERFEITING, SECURITY AND IDENTIFICATION, 2008, : 216 - +
  • [36] Security Analysis on dBFT Protocol of NEO
    Wang, Qin
    Yu, Jiangshan
    Peng, Zhiniang
    Bui, Van Cuong
    Chen, Shiping
    Ding, Yong
    Xiang, Yang
    FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, FC 2020, 2020, 12059 : 20 - 31
  • [37] An abstract model for security protocol analysis
    Bela, Genge
    Ignat, Iosif
    WSEAS Transactions on Computers, 2007, 6 (02): : 207 - 214
  • [38] Formal Security Analysis of the MaCAN Protocol
    Bruni, Alessandro
    Sojka, Michal
    Nielson, Flemming
    Nielson, Hanne Riis
    INTEGRATED FORMAL METHODS, IFM 2014, 2014, 8739 : 241 - 255
  • [39] Analysis of the DoIP Protocol for Security Vulnerabilities
    Wachter, Patrick
    Kleber, Stephan
    PROCEEDINGS OF 6TH ACM COMPUTER SCIENCE IN CARS SYMPOSIUM, CSCS 2022, 2022,
  • [40] Security Analysis of Shadowsocks(R) Protocol
    Ji, Qingbing
    Rao, Zhihong
    Chen, Man
    Luo, Jie
    SECURITY AND COMMUNICATION NETWORKS, 2022, 2022
12345