Abstract
The EMV® (EMV® is a registered trademark or trademark of EMVCo, LLC in the US and other countries.) organisation specify payment protocols to facilitate worldwide interoperability of secure electronic payments. This paper is about the application and scalability of formal methods to a current and complex industry application. We describe the use of VDM to model EMV® \(2^{nd}\) Generation Kernel (A preliminary version of this paper was presented at the \(16^{th}\) Overture Workshop, Oxford July 2018, where papers became a Newcastle Technical Report.). VDM is useful for both formal specification, as well as simulation, test coverage, and proof obligation generation for functional correctness.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
An example of its use can be seen in the VDMUtil library definition.
- 2.
Numbers were calculated with a mixture of string search, and Linux tools like find and wc.
- 3.
References
Battle, N.: Analysis separation without visitors. In: 15th Overture Workshop, Newcastle University (2017)
Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and Skim: cloning EMV cards with the pre-play attack. In: S&P, pp. 49–64. IEEE (2014)
Dick, J., Faivre, A.: Automating the generation and sequencing of test cases from model-based specifications. In: Woodcock, J.C.P., Larsen, P.G. (eds.) FME 1993. LNCS, vol. 670, pp. 268–284. Springer, Heidelberg (1993). https://doi.org/10.1007/BFb0024651
Drimer, S., Murdoch, S.J., et al.: Keep your enemies close: distance bounding against smartcard relay attacks. In: USENIX Security Symposium, vol. 312 (2007)
Emms, M., Arief, B., Freitas, L., Hannon, J., van Moorsel, A.: Harvesting high value foreign currency transactions from EMV contactless credit cards without the pin. In: CCS, pp. 716–726. ACM (2014)
Emms, M., Arief, B., Little, N., van Moorsel, A.: Risks of offline verify PIN on contactless cards. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 313–321. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_26
EMVCo: EMV integrated circuit card specifications for payment systems [books 1 to 4], November 2011. https://www.emvco.com/emv-technologies/contact/
EMVCo: Next generation kernel system architecture overview. Technical report, EMVCo (2014)
EMVCo: EMV contactless specifications for payment systems [books a, b, c-1, c-2, c-3, c-4, c-5, c- 6, c-7 and d], February 2016. https://www.emvco.com/emv-technologies/contactless/
Financial Fraud Action: Fraud the fact. The definitive overview of payment industry fraud and measures to prevent it (2017). https://www.financialfraudaction.org.uk/fraudfacts17/
Freitas, L., Cavalcanti, A., Woodcock, J.: Taking our own medicine: applying the refinement calculus to state-rich refinement model checking. In: Liu, Z., He, J. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 697–716. Springer, Heidelberg (2006). https://doi.org/10.1007/11901433_38
Freitas, L., Emms, M.: Formal specification of EMV protocol. Technical report, Newcastle University (2014)
Freitas, L., Modesti, P., Emms, M.: A methodology for protocol verification applied to EMV(R) 1. In: Massoni, T., Mousavi, M.R. (eds.) SBMF 2018. LNCS, vol. 11254, pp. 180–197. Springer, Cham (2018)
Freitas, L., Woodcock, J.: Mechanising mondex with Z/Eves. Form. Asp. Comput. 20(1), 117 (2008)
Jones, C.B.: Systematic Software Development Using VDM, vol. 2. Prentice Hall, Englewood Cliffs (1990)
Larsen, P.G., Lausdahl, K., Battle, N.: Combinatorial testing for VDM. In: SEFM, pp. 278–285. IEEE (2010)
Matichuck, D., Wenzel, M., Murray, T.: Eisbach User Manual. Technical University of Munich, October 2017
Modesti, P.: Efficient Java code generation of security protocols specified in AnB/AnBx. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 204–208. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_17
Modesti, P.: AnBx: automatic generation and verification of security protocols implementations. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 156–173. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30303-1_10
Acknowledgements
This work is associated with a long term collaboration with Dr. Martin Emms, an expert in EMV protocols, simulators, and hardware; and Dr. Paolo Modesti, an expert in security protocols design. We are part of a team developing the underlying methodology applied to EMV® \(2^{nd}\) Generation [13]. We are also grateful for EMV®’s support and technical discussions, specifically by Mike Ward and John Beric from the EMV® Security Working Group, and by Carlos Silvestre from the EMV® \(2^{nd}\) Generation Task Force. Finally, I am grateful for my department support, and Nick Battle and the VDM community for many interesting discussions, and patience in handling a number of issues.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Freitas, L. (2018). VDM at Large: Modelling the EMV® \(2^{nd}\) Generation Kernel. In: Massoni, T., Mousavi, M. (eds) Formal Methods: Foundations and Applications. SBMF 2018. Lecture Notes in Computer Science(), vol 11254. Springer, Cham. https://doi.org/10.1007/978-3-030-03044-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-03044-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03043-8
Online ISBN: 978-3-030-03044-5
eBook Packages: Computer ScienceComputer Science (R0)