Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Annals of Telecommunications
Erschienen in: Annals of Telecommunications 3-4/2021

18.07.2020

Towards more secure EMV purchase transactions

A new security protocol formally analyzed by the Scyther tool

verfasst von: Nour El Madhoun, Emmanuel Bertin, Mohamad Badra, Guy Pujolle

Erschienen in: Annals of Telecommunications | Ausgabe 3-4/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

EMV is the protocol implemented to secure the communication, between a client’s payment device and a merchant’s payment device, during a contact or an NFC purchase transaction. It represents a set of security messages and rules, exchanged between the different transaction actors, guaranteeing several important security properties, such as authentication, non-repudiation and integrity. Indeed, researchers, in various studies, have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are firstly interested in presenting a general overview of the EMV protocol and secondly, in proposing a new security solution that enhances the EMV protocol by solving the two dangerous EMV vulnerabilities. We verify the accuracy of our solution by using the Scyther security verification tool.
Vorheriger Artikel Transparency of SIM profiles for the consumer remote SIM provisioning protocol
Nächster Artikel Mobile money traceability and federation using blockchain services

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
1.
EMV (2011) Book 1, Book 2, Book 3, Book 4, Version 4.3. EMVCo
2.
EMV - Level 1 Specifications for Payment Systems (2018) EMV contactless interface specification, version 3.0. EMVCo
3.
De Ruiter J, Poll E (2012) Formal analysis of the emv protocol suite. In: Springer theory of security and applications, pp 113–129
4.
van den Breekel J, Ortiz-Yepes DA, Poll E, de Ruiter J (2016) Emv in a nutshell. Technical Report
5.
6.
7.
8.
9.
Lifchitz R (2012) Hacking the nfc credit cards for fun and debit. In: Hackito Ergo Sum conference
10.
El Madhoun N, Bertin E, Pujolle G (2019) The EMV payment system: is it reliable?. In: The 3rd cyber security in networking international conference (CSNet). IEEE, pp 1–7
11.
12.
Emms MJ (2016) Contactless payments: usability at the cost of security? Ph.D. Thesis, Newcastle University
13.
Al-Ofeishat HA, Mohammad A (2012) Near field communication (nfc). Int J Comput Sci Netw Secur 12(2):93–99
14.
Dierks T (2008) The transport layer security (tls) protocol version 1.2
15.
El Madhoun N, Bertin E (2017) Magic always comes with a price: utility versus security for bank cards. In: The 1st cyber security in networking conference (CSNet). IEEE, pp 1–7
16.
El Madhoun N, Bertin E, Pujolle G (2018) An overview of the EMV protocol and its security vulnerabilities. In: The fourth international conference on mobile and secure services (MobiSecServ). IEEE, pp 1–5
17.
Murdoch SJ, Drimer S, Anderson R, Bond M (2010) Chip and pin is broken. In: IEEE symposium on security and privacy, pp 433–446
18.
Shrikrishna K, Kumar NN, Shyamasundar R (2018) Security analysis of EMV protocol and approaches for strengthening it. In: International conference on distributed computing and internet technology. Springer, Berlin, pp 69–85
19.
Emms M, Arief B, Freitas L, Hannon J, van Moorsel A (2014) Harvesting high value foreign currency transactions from emv contactless credit cards without the pin. In: Proceedings of ACM SIGSAC conference on computer and communications security, pp 716–726
20.
Coulier F, Hoornaert F, Mennes F (2014) Remote authentication and transaction signatures. Google Patents, US Patent 8,667,285
21.
Badra M, Badra RB (2016) A lightweight security protocol for nfc-based mobile payments. Elsevier, Procedia Comput Sci 83:705–711CrossRef
22.
de Ruiter JEJ (2015) Lessons learned in the analysis of the emv and tls security protocols. Ph.D Thesis, Radboud University
23.
Thammarat C, Kurutach W, Phoomvuthisarn S (2017) A secure lightweight and fair exchange protocol for nfc mobile payment based on limited-use of session keys. In: 17th international symposium on, communications and information technologies (ISCIT). IEEE, Piscataway, pp 1–6
24.
Urien P, Piramuthu S (2013) Framework and authentication protocols for smartphone, nfc, and rfid in retail transactions. In: IEEE international conference on intelligent sensors, sensor networks and information processing, pp 77–82
25.
Ceipidor UB, Medaglia CM, Marino A, Sposato S, Moroni A (2012) Kernees: a protocol for mutual authentication between nfc phones and pos terminals for secure payment transactions. In: International ISC conference on information security and cryptology (ISCISC). IEEE, Piscataway, pp 115–120
26.
Al-Fayoumi M, Nashwan S (2018) Performance analysis of sap-nfc protocol. Int J Commun Netw Inf Secur (IJCNIS) 10(1):125–130
27.
Abughazalah S, Markantonakis K, Mayes K (2014) Secure mobile payment on nfc-enabled mobile phones formally analysed using casperfdr 422–431
28.
Pourghomi P, Ghinea G et al (2013) A proposed nfc payment application. Int J Adv Comput Sci Appl 12:173–181
29.
Lee Y-S, Kim E, Jung M-S (2013) A nfc based authentication method for defense of the man in the middle attack. In: Proceedings of the 3rd international conference on computer science and information technology, pp 10–14
30.
Al-Tamimi M, Al-Haj A (2017) Online security protocol for nfc mobile payment applications. In: 8th International conference on information technology (ICIT). IEEE, Piscataway, pp 827–832
31.
Kahya N, Ghoualmi N, Lafourcade P (2012) Formal analysis of pkm using scyther tool. In: International conference on information technology and e-services. IEEE, Piscataway, pp 1–6
32.
Cremers C, Lafourcade P (2007) Comparing state spaces in automatic protocol verification. In: International workshop on automated verification of critical systems (AVoCS)
33.
Cremers C, Mauw S (2012) Operational semantics and verification of security protocols, Springer, Berlin
34.
Cremers CJ (2008) The scyther tool: verification, falsification, and analysis of security protocols. In: International conference on computer aided verification. Springer, Berlin
35.
Blanchet B, et al. (2001) An efficient cryptographic protocol verifier based on prolog rules. csfw
36.
Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma PH, Héam P-C, Kouchnarenko O, Mantovani J et al (2005) The avispa tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification. Springer, Berlin
37.
Zhang L, Ma M (2020) Secure and efficient scheme for fast initial link setup against key reinstallation attacks in IEEE 802.11 ah networks. International Journal of Communication Systems, Wiley Online Library
38.
Subramanian NV, Dehliger J (2006) Multi-protocol attack: a survey of current research
39.
Cremers CJF (2006) Scyther: semantics and verification of security protocols. Eindhoven University of Technology, Eindhoven
40.
Ahamad SS, Pathan A-SK (2019) Trusted service manager (tsm) based privacy preserving and secure mobile commerce framework with formal verification. In: Complex adaptive systems modeling. Springer, Berlin
41.
Mansour I, Lafourcade P, Chalhoub G (2014) Mécanismes d’authentification pour des réseaux de capteurs sans fil multi-sauts
42.
Naoui S, Elhdhili ME, Saidane LA (2020) Novel enhanced Lorawan framework for smart home remote control security. In: Wireless personal communications. Springer, Berlin
43.
Amin R, Lohani P, Ekka M, Chourasia S, Vollala S (2020) An enhanced anonymity resilience security protocol for vehicular ad-hoc network with scyther simulation. In: Computers & electrical engineering. Elsevier, Amsterdam
44.
Huang J, Huang C-T (2016) Design and verification of secure mutual authentication protocols for mobile multihop relay wimax networks against rogue base/relay stations. J Electr Comput Eng Hindawi, vol. 2016:1–12
45.
Kotzanikolaou P (2016) Cryptographic protocol analysis—a short introduction to the scyther tool Presentation at FOSSCOMM 2016-University of Piraeus
46.
Mohammad Z (2020) Cryptanalysis and improvement of the yak protocol with formal security proof and security verification via scyther. International Journal of Communication Systems, Wiley
47.
Cremers C (2011) Key exchange in ipsec revisited: formal analysis of ikev1 and ikev2. In: European symposium on research in computer security. Springer, Berlin
48.
Cremers C, Horvat M (2014) Improving the iso/iec 11770 standard for key management techniques. In: International conference on research in security standardisation. Springer, Berlin
49.
Cremers C, Horvat M (2016) Improving the iso/iec 11770 standard for key management techniques. International Journal of Information Security. Springer
50.
Basin D, Cremers C (2011) Evaluation of iso/iec 9798 protocols: Version 2.0. ETH Zurich
51.
Basin D, Cremers C, Meier S (2013) Provably repairing the iso/iec 9798 standard for entity authentication 1. J Comput Secur 21(6):817–846CrossRef
52.
Lu S, Zhao J, Cheng Q (2016) Cryptanalysis and improvement of an efficient authenticated key exchange protocol with tight security reduction. International Journal of Communication Systems, Wiley Online Library
53.
Cheng Q, Lu S, Ma J (2017) Analysis and improvement of the internet-draft ikev3 protocol. International Journal of Communication Systems, Wiley Online Library
54.
Kahya N, Ghoualmi N, Lafourcade P (2012) Secure key management protocol in wimax. International Journal of Network Security & Its Applications. Academy & Industry Research Collaboration Center (AIRCC)
55.
Yang H, Oleshchuk VA, Prinz A (2016) Verifying group authentication protocols by scyther. JoWUA
56.
Lavanya M, Natarajan V (2017) Lwdsa: light-weight digital signature algorithm for wireless sensor networks. Sādhanā. Springer
57.
Nikooghadam M, Amintoosi H (2020) An improved secure authentication and key agreement scheme for healthcare applications. In: 2020 25th International computer conference, computer society of Iran (CSICC). IEEE
58.
Binu S, Misbahuddin M, Paulose J (2020) A signature-based mutual authentication protocol for remote health monitoring. SN Computer Science. Springer, Berlin
59.
Lowe G (1997) A hierarchy of authentication specifications. In: Proceedings 10th computer security foundations workshop. IEEE
Metadaten
Titel
Towards more secure EMV purchase transactions
A new security protocol formally analyzed by the Scyther tool
verfasst von
Nour El Madhoun
Emmanuel Bertin
Mohamad Badra
Guy Pujolle
Publikationsdatum
18.07.2020
Verlag
Springer International Publishing
Erschienen in
Annals of Telecommunications / Ausgabe 3-4/2021
Print ISSN: 0003-4347
Elektronische ISSN: 1958-9395
DOI
https://doi.org/10.1007/s12243-020-00784-1

Weitere Artikel der Ausgabe 3-4/2021

Annals of Telecommunications 3-4/2021 Zur Ausgabe

OriginalPaper

Novel user authentication method based on body composition analysis

Editorial

Security and trust in ubiquitous systems

OriginalPaper

Toward unified trust and reputation messaging in ubiquitous systems

OriginalPaper

Transparency of SIM profiles for the consumer remote SIM provisioning protocol

OriginalPaper

Mobile money traceability and federation using blockchain services

OriginalPaper

A decision tree for building IT applications

Neuer Inhalt

    Bildnachweise