When organized crime applies academic results: a forensic analysis of an in-card listening device

Ferradi, Houda; Géraud, Rémi; Naccache, David; Tria, Assia

doi:10.1007/s13389-015-0112-3

Cited by 12 publications

(9 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even though Murdoch et al's attack comes with some engineering challenges, such as miniaturizing the MITM infrastructure, these challenges appear to have been overcome as observed in the aforementioned forgery of credit cards in France and Belgium [10]. Our analysis demonstrates that this attack still exists in old cards that support neither asymmetric cryptography nor online PIN verification (see Section V-A).…”

Section: Related Workmentioning

confidence: 79%

“…The MITM attack reported by Murdoch et al [1] is believed to have been used by criminals in 2010 -11 in France and Belgium to carry out fraudulent transactions for ca. 600,000 Euros [10]. The underlying flaw of Murdoch et al's attack is that the card's response to the terminal's offline PIN verification request is not authenticated.…”

Section: Emv: 20 Years Of Vulnerabilitiesmentioning

confidence: 99%

See 1 more Smart Citation

The EMV Standard: Break, Fix, Verify

Basin

Sasse

Toro-Pozo

2021

2021 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard's advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV's lengthy and complex specification, running over 2,000 pages.We formalize a comprehensive symbolic model of EMV in Tamarin, a state-of-the-art protocol verifier. Our model is the first that supports a fine-grained analysis of all relevant security guarantees that EMV is intended to offer. We use our model to automatically identify flaws that lead to two critical attacks: one that defrauds the cardholder and another that defrauds the merchant. First, criminals can use a victim's Visa contactless card for high-value purchases, without knowledge of the card's PIN. We built a proof-of-concept Android application and successfully demonstrated this attack on real-world payment terminals. Second, criminals can trick the terminal into accepting an unauthentic offline transaction, which the issuing bank should later decline, after the criminal has walked away with the goods. This attack is possible for implementations following the standard, although we did not test it on actual terminals for ethical reasons. Finally, we propose and verify improvements to the standard that prevent these attacks, as well as any other attacks that violate the considered security properties. The proposed improvements can be easily implemented in the terminals and do not affect the cards in circulation.

show abstract

Section: Related Workmentioning

confidence: 79%

Section: Emv: 20 Years Of Vulnerabilitiesmentioning

confidence: 99%

The EMV Standard: Break, Fix, Verify

Basin

Sasse

Toro-Pozo

2021

2021 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…Do not mix italics and quotes for emphasis, because this confuses the reader. 16 Generally, we recommend avoiding scare quotes. 17 Some authors use scare quotes to signal that they are using a word in a non-standard, ironic, or otherwise special sense (cf.…”

Section: Typographymentioning

confidence: 99%

Guidelines for Writing a High-Quality Thesis with the PSIThesis Template

Herrmann¹

2020

View full text Add to dashboard Cite

amongst the text. For instance, if you want to use italic text for emphasis, you write the \emph{text} command and put the text you want in italics in between the curly braces.This template comes as a single ZIP file that expands out to several files and folders. The folder names are mostly self-explanatory: Appendices -this is the folder where you put the appendices. Each appendix should go into a separate .tex file. You have to include your appendix files in main.tex.Chapters -this is the folder where you put the thesis chapters. Each chapter should go into a separate .tex file that is included from main.tex. 10 Examples -this folder contains a Python script to generate a figure used in this guide. You do not need that folder for your thesis.

show abstract

“…Therefore the system, and the consistency of the measured and exchanged voltage and current data with known cable parameters and model, can be checked continuously and deterministically without destroying these data, which is totally different from the case of a quantum key distribution. The same defense method provides natural immunity against the man-in-the-middle attack [11], which was part of the successful credit card attack described before [1].…”

Section: The Kljn Key Exchange Schemementioning

confidence: 99%

Unconditionally Secure Credit/Debit Card Chip Scheme and Physical Unclonable Function

et al. 2017

View full text Add to dashboard Cite

Abstract. The statistical-physics-based Kirchhoff-law-Johnson-noise (KLJN) key exchange offers a new and simple unclonable system for credit/debit card chip authentication and payment. The key exchange, the authentication and the communication are unconditionally secure so that neither mathematics-nor statistics-based attacks are able to crack the scheme. The ohmic connection and the short wiring lengths between the chips in the card and the terminal constitute an ideal setting for the KLJN protocol, and even its simplest versions offer unprecedented security and privacy for credit/debit card chips and applications of physical unclonable functions.

show abstract

When organized crime applies academic results: a forensic analysis of an in-card listening device

Cited by 12 publications

References 3 publications

The EMV Standard: Break, Fix, Verify

The EMV Standard: Break, Fix, Verify

Guidelines for Writing a High-Quality Thesis with the PSIThesis Template

Unconditionally Secure Credit/Debit Card Chip Scheme and Physical Unclonable Function

Contact Info

Product

Resources

About