Abstract
EMV, also known as Chip and PIN, is the world-wide standard for card-based electronic payment. Its security wavers: over the past years, researchers have demonstrated various practical attacks, ranging from using stolen cards by disabling PIN verification to cloning cards by pre-computing transaction data. Most of these attacks rely on violating certain unjustified and not explicitly stated core assumptions upon which EMV is built, namely that the input device (e.g. the ATM) is trusted and all communication channels are non-interceptable. In addition, EMV lacks a comprehensive formal description of its security.
In this work we give a formal model for the security of electronic payment protocols in the Universal Composability (UC) framework. A particular challenge for electronic payment is that one participant of a transaction is a human who cannot perform cryptographic operations. Our goal is twofold. First, we want to enable a transition from the iterative engineering of such protocols to using cryptographic security models to argue about a protocol’s security. Second, we establish a more realistic adversarial model for payment protocols in the presence of insecure devices and channels.
We prove a set of necessary requirements for secure electronic payment with regards to our model. We then discuss the security of current payment protocols based on these results and find that most are insecure or require unrealistically strong assumptions. Finally, we give a simple payment protocol inspired by chipTAN and photoTAN and prove its security.
Our model captures the security properties of electronic payment protocols with human interaction. We show how to use this to reason about necessary requirements for secure electronic payment and how to develop a protocol based on the resulting guidelines. We hope that this will facilitate the development of new protocols with well-understood security properties.
R. Gröll and J. Rill—This work was supported by grants from the Federal Ministry for Economic Affairs and Energy of Germany (BMWi) for the EDV Project.
A. Koch and B. Löwe—This work was supported by the German Federal Ministry of Education and Research within the framework of the projects KASTEL_IoE, KASTEL_SVI and KASTEL_Base in the Competence Center for Applied Security Technology (KASTEL).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Note that our results hold for arbitrary I.
References
Achenbach, D., et al.: Your Money or Your Life-Modeling and Analyzing the Security of Electronic Payment in the UC Framework, Full version of the paper (2019). https://crypto.iti.kit.edu/fileadmin/User/Mechler/AGHKLMMQR19.pdf
Anderson, R., Bond, M., Choudary, O., Murdoch, S.J., Stajano, F.: Might financial cryptography kill financial innovation? – the curious case of EMV. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 220–234. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_18
Basin, D.A., Radomirovic, S., Schläpfer, M.: A complete characterization of secure human-server communication. In: Fournet, C., Hicks, M.W., Viganó, L. (eds.) IEEE 28th Computer Security Foundations Symposium, CSF 2015, pp. 199–213. IEEE Computer Society (2015)
Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S.P., Anderson, R.J.: Chip and skim: cloning EMV cards with the pre-play attack. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 49–64. IEEE Computer Society (2014)
Borchert IT-Sicherheit UG: Display-TAN Mobile Banking: Secure and Mobile (2018). http://www.display-tan.com/. Accessed 18 Sep 2018
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, pp. 136–145. IEEE Computer Society (2001)
Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_4
Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_22
Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_25
Chothia, T., Garcia, F.D., de Ruiter, J., van den Breekel, J., Thompson, M.: Relay cost bounding for contactless EMV payments. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 189–206. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_11
Commerzbank: Das photoTAN-Lesegerät. https://www.commerzbank.de/portal/media/a-30-sonstige-medien/pdf/themen/sicherheit-1/Flyer_Lesegeraet.pdf. Accessed 13 Dec 2018
Commonwealth Bank of Australia: Cardless Cash (2018). https://www.commbank.com.au/digital-banking/cardless-cash.html. Accessed 25 Sep 2018
Cortier, V., Filipiak, A., Florent, J., Gharout, S., Traoré, J.: Designing and proving an EMV-compliant payment protocol for mobile devices. In: 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, pp. 467–480. IEEE (2017)
Degabriele, J.P., Lehmann, A., Paterson, K.G., Smart, N.P., Strefler, M.: On the joint security of encryption and signature in EMV. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 116–135. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27954-6_8
Denzel, M., Bruni, A., Ryan, M.D.: Smart-guard: defending user input from malware. In: 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), pp. 502–509. IEEE Computer Society (2016)
Deutsche Bank: photoTAN - schnell und einfach aktiviert. https://www.deutschebank.de/pfb/data/docs/Photo_TAN_Smartphone_2.pdf. Accessed 13 Dec 2018
Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Provos, N. (ed.) Proceedings of the 16th USENIX Security Symposium 2007. USENIX Association (2007)
Emms, M., Arief, B., Freitas, L., Hannon, J., van Moorsel, A.P.A.: Harvesting high value foreign currency transactions from EMV contactless credit cards without the PIN. In: Ahn, G., Yung, M., Li, N. (eds.) 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 716–726. ACM (2014)
EMV: Integrated Circuit Card Specifications for Payment Systems: Book 1. Application Independent ICC to Terminal Interface Requirements, Version 4.3 (2011)
EMV: Integrated Circuit Card Specifications for Payment Systems: Book 2. Security and Key Management, Version 4.3 (2011)
EMV: Integrated Circuit Card Specifications for Payment Systems: Book 3. Application Specification, Version 4.3 (2011)
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_27
Murdoch, S.J., Drimer, S., Anderson, R.J., Bond, M.: Chip and PIN is broken. In: 31st IEEE Symposium on Security and Privacy, S&P 2010, pp. 433–446. IEEE Computer Society (2010)
Old Bailey Proceedings Online (ed.): Trial of J. Buckley, T. Shenton, version 8.0. (1781). https://www.oldbaileyonline.org/browse.jsp?div=t17810912-37. Accessed 22 Sep 2018
Postbank: Postbank chipTAN comfort (2018). https://www.postbank.de/privatkunden/chiptan-comfort.html. Accessed Sep 25 2018
RedTeam Pentesting GmbH: Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System (2009). https://www.redteam-pentesting.de/publications/2009-11-23-MitM-chipTAN-comfort_RedTeam-Pentesting_EN.pdf. Accessed 25 Sep 2018
Smart Card Alliance: Contactless EMV Payments: Benefits for Consumers, Merchants and Issuers. http://www.emv-connection.com/downloads/2016/06/Contactless-2-0-WP-FINAL-June-2016.pdf. Accessed 17 Dec 2018
Tamarin: Tamarin prover (2018). https://tamarin-prover.github.io/. Accessed 19 Dec 2018
Visa: Visa Token Service. https://usa.visa.com/partner-with-us/paymenttechnology/visa-token-service.html. Accessed 17 Dec 2018
Volksbank Mittelhessen eG: VR-mobileCash: Geld abheben ohne Karte. https://www.vb-mittelhessen.de/privatkunden/girokonto-kreditkarten/infosbanking/geld-abheben-ohne-karte.html. Accessed 25 Sep 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 International Financial Cryptography Association
About this paper
Cite this paper
Achenbach, D. et al. (2019). Your Money or Your Life—Modeling and Analyzing the Security of Electronic Payment in the UC Framework. In: Goldberg, I., Moore, T. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11598. Springer, Cham. https://doi.org/10.1007/978-3-030-32101-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-32101-7_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32100-0
Online ISBN: 978-3-030-32101-7
eBook Packages: Computer ScienceComputer Science (R0)