Relay Cost Bounding for Contactless EMV Payments

Chothia, Tom; Garcia, Flavio D.; Ruiter, Joeri de; Breekel, Jordi van den; Thompson, Matthew

doi:10.1007/978-3-662-47854-7_11

Cited by 32 publications

(43 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section will illustrate how Visa's contactless protocol works. The protocol is as shown below [1].…”

Section: Published Researchmentioning

confidence: 99%

Analysis on Apple Pay transaction

Meng¹,

Chothia²,

Du³

2017

Proceedings of the 2017 2nd International Conference on Automation, Mechanical Control and Computational Engineering (AMCCE 201

Self Cite

View full text Add to dashboard Cite

Abstract. This paper is to illustrate how Apple Pay works and what the protocol follows during the transaction. This process verified EMV Visa payWave protocol, and then, Apple Pay bounded with Visa card was lead to be discovered by NFC Reader and talk to Java Applet via NFC Reader. The results would be analyzed to see how Apple Pay protocol goes through and the difference between Apple Pay and EMV contactless cards.

show abstract

“…This section will illustrate how Visa's contactless protocol works. The protocol is as shown below [1].…”

Section: Published Researchmentioning

confidence: 99%

Analysis on Apple Pay transaction

Meng¹,

Chothia²,

Du³

2017

Proceedings of the 2017 2nd International Conference on Automation, Mechanical Control and Computational Engineering (AMCCE 201

Self Cite

View full text Add to dashboard Cite

show abstract

“…Timed conditionals can be used to specify the duration of operations, such as checking whether some message is of a given form. In practice, the duration of these operations can be measured empirically to obtain a finer analysis of the protocol [6].…”

Section: Time Expressionsmentioning

confidence: 99%

“…The number of states traversed is quite small for finding these. The distance bounding protocol scheme is used by many other protocols, such as the protocol described in [21] (NSL + Distance Bounding) and the lack of its use leads to an attack on the Paywave protocol [6]. We implemented these to check how our tool scales to larger protocols.…”

Section: Prototype Implementationmentioning

confidence: 99%

“…Chothia et al [6] investigate empirically the execution times of commands of CPSP which are carried out by limited resource devices and then, based on these measurements, they propose the inclusion of a distance bounding session to mitigate relay attacks. They proved the security of CPSP by modeling the protocol in different phases.…”

Section: Related and Future Workmentioning

confidence: 99%

See 1 more Smart Citation

Towards the Automated Verification of Cyber-Physical Security Protocols: Bounding the Number of Timed Intruders

Nigam

Talcott

Urquiza

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Timed Intruder Models have been proposed for the verification of Cyber-Physical Security Protocols (CPSP) amending the traditional Dolev-Yao intruder to obey the physical restrictions of the environment. Since to learn a message, a Timed Intruder needs to wait for a message to arrive, mounting an attack may depend on where Timed Intruders are. It may well be the case that in the presence of a great number of intruders there is no attack, but there is an attack in the presence of a small number of well placed intruders. Therefore, a major challenge for the automated verification of CPSP is to determine how many Timed Intruders to use and where should they be placed. This paper answers this question by showing it is enough to use the same number of Timed Intruders as the number of participants. We also report on some preliminary experimental results in discovering attacks in CPSP.

show abstract

“…If the RTT is within a given bound, then there is a low likelihood that a relay attack occurred. As such, the contactless version of the EMV protocol has recently been enhanced with such a relay-counteraction mechanism [5] (see Figure 2), in the style of a previously proposed DB protocol [4].…”

Section: Introductionmentioning

confidence: 99%

Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers

Chothia

Boureanu

Chen

2019

Financial Cryptography and Data Security

Self Cite

View full text Add to dashboard Cite

It is possible to relay signals between a contactless EMV card and a shop's EMV reader and so make a fraudulent payment without the card-owner's knowledge. Existing countermeasures rely on proximity checking: the reader will measure round trip times in message-exchanges, and rejects replies that take longer than expected (which suggests they have been relayed). However, it is the reader that would receive the illicit payment from any relayed transaction, so a rogue reader has little incentive to enforce the required checks. Furthermore, cases of malware targeting point-of-sales systems are common. We propose three novel proximity-checking protocols that use a trusted platform module (TPM) to ensure that the reader performs the time measurements correctly. After running one of our proposed protocols, the bank can be sure that the card and reader were in close proximity, even if the reader tries to subvert the protocol. Our first protocol makes changes to the cards and readers, our second protocol modifies the readers and the banking backend, and our third protocol allows the detection of relay attacks, after they have happened, with only changes to the readers. ReaderCard P ubCA, UN ∈R {0, 1} 32 KM , NC ∈R {0, 1} 32 P vC, CertP vCA(P ubC) RELAY DAT A UN

show abstract

Relay Cost Bounding for Contactless EMV Payments

Cited by 32 publications

References 13 publications

Analysis on Apple Pay transaction

Analysis on Apple Pay transaction

Towards the Automated Verification of Cyber-Physical Security Protocols: Bounding the Number of Timed Intruders

Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers

Contact Info

Product

Resources

About