ABSTRACT
We report on experience using Tamarin, a security protocol model checker, to find numerous, serious exploitable vulnerabilities in EMV payment protocols. EMV is the international protocol standard for smartcard payment that is used in over 9 billion payment cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages.
We have formalized a comprehensive model of EMV in Tamarin. We use our model to automatically discover new flaws that lead to critical attacks on EMV. In particular, an attacker can use a victim’s EMV card (e.g., Mastercard or Visa Card) for high-valued purchases without the victim’s PIN. We describe these attacks, their repair, and more generally why using formal methods is essential for critical protocols like payment protocols.
- David Basin, Cas Cremers, and Catherine Meadows. 2018. Model Checking Security Protocols. Springer, Chapter 24, 727–762.Google Scholar
- David A. Basin, Cas J. F. Cremers, Kunihiko Miyazaki, Sasa Radomirovic, and Dai Watanabe. 2015. Improving the Security of Cryptographic Protocol Standards. IEEE Security & Privacy 13, 3 (2015), 24–31. https://doi.org/10.1109/MSP.2013.162Google ScholarDigital Library
- David A. Basin, Ralf Sasse, and Jorge Toro-Pozo. 2021. Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 179–194. https://www.usenix.org/conference/usenixsecurity21/presentation/basinGoogle Scholar
- David A. Basin, Ralf Sasse, and Jorge Toro-Pozo. 2021. The EMV Standard: Break, Fix, Verify. In 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24-27 May 2021. IEEE, 1766–1781. https://doi.org/10.1109/SP40001.2021.00037Google ScholarCross Ref
- Jannik Dreier David Basin, Cas Cremers and Ralf Sasse. 2017. Symbolically Analyzing Security Protocols using TAMARIN. SIGLOG News 4, 4 (October 2017), 19–30. https://doi.org/10.1145/3157831.3157835Google ScholarDigital Library
- Patrick Schaller David Basin and Jorge Toro-Pozo. 2023. Inducing Authentication Failures to Bypass Credit Card PINs. In 32th USENIX Security Symposium, USENIX Security 2023. USENIX Association. To appear.Google Scholar
- Guillaume Girol, Lucca Hirschi, Ralf Sasse, Dennis Jackson, Cas Cremers, and David Basin. 2020. A Spectral Analysis of Noise: A Comprehensive, Automated, Formal Analysis of Diffie-Hellman Protocols. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020. USENIX Association, 1857–1874.Google Scholar
Index Terms
- Formal Methods for Payment Protocols
Recommendations
A novel verification method for payment card systems
Security plays a crucial role in payment systems; however, some implementations of payment card security rely on weak cardholder verification methods, such as card and a signature, or use the card without having any cardholder verification process at ...
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards Without the PIN
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityIn this paper we present an attack, which allows fraudulent transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, ...
Towards More Secure Cardholder Verification in Payment Systems
WASA 2014: Proceedings of the 9th International Conference on Wireless Algorithms, Systems, and Applications - Volume 8491This paper introduces a new cardholder verification method using a multi possession-factor authentication with a distance bounding technique. It adds an extra level of security to the verification process and utilizes the idea of distance bounding which ...
Comments