Abstract
This paper focuses on relay attacks against EMV based contactless payment cards. EMV is a standard for payments via smart cards. In a typical relay attack on contactless cards, the attacker launches the attack by relaying the legitimate user’s card information to another malicious device, in proximity to the verifier. This technique is used by the attacker to burglarize money from the victim’s card. Designing an efficient distance bounding protocol is a promising solution to defeat relay attacks. We study the dominant payment protocols in EMV contactless cards (Visa’s payWave, Mastercard’s PayPass, and PaySafe) and identify the existing vulnerabilities in these protocols. A practical relay attack on the latest EMV payment protocol - PaySafe is performed. Contactless payments are fast becoming a key instrument in the payment industry, and the future technologies must aim towards convenience and security. We propose a light weight protocol that suits well with the current EMV specification. Our protocol is based on LFSR, which supports exchange of a small string of bits through a time critical channel.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gurulian, I., Shepherd, C., Frank, E., Markantonakis, K., Akram, R.N., Mayes, K.: On the effectiveness of ambient sensing for detecting NFC relay attacks. In: 2017 IEEE Trustcom/BigDataSE/ICESS, 1 August 2017, pp. 41–49. IEEE (2017)
Coskun, V., Ozdenizci, B., Ok, K.: A survey on near field communication (NFC) technology. Wirel. Pers. Commun. 71(3), 2259–2294 (2013)
Akinyokun, N., Teague, V.: Security and privacy implications of NFC-enabled contactless payment systems. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, 29 August 2017, p. 47. ACM (2017)
Baddeley, D.: Identification cards-contactless integrated circuit (s) cards-proximity cards-Part 2: radio frequency power and signal interface. ISO/IEC. 1999:14443-2
Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Annual International Cryptology Conference: 23 August 1998, pp. 13–25. Springer, Heidelberg (1998)
Solat, S.: Security of Electronic Payment Systems: A Comprehensive Survey. arXiv preprint arXiv:1701.04556, 17 January 2017
Chothia, T., Garcia, F.D., De Ruiter, J., Van Den Breekel, J., Thompson, M.: Relay cost bounding for contactless EMV payments. In: International Conference on Financial Cryptography and Data Security, 26 January 2015, pp. 189–206. Springer, Heidelberg (2015)
Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: USENIX Security Symposium, 6 August 2007, vol. 312 (2007)
Brands, S., Chaum, D.: Distance-bounding protocols. In: Workshop on the Theory and Application of of Cryptographic Techniques, 23 May 1993, pp. 344–359. Springer, Heidelberg (1993)
Deepthi, P.P., Sathidevi, P.S.: Design, implementation and analysis of hardware efficient stream ciphers using LFSR based hash functions. Comput. Secur. 28(3–4), 229–241 (2009)
EMVCo LL. Integrated circuit card, specifications for payment systems. EMV 2000, p. 51, December 2000
EMV EC. integrated circuit card specification for payment systems, version 4. 1, book 1-application independent ICC to terminal interface requirements
Chothia, T., Garcia, F.D., De Ruiter, J., Van Den Breekel, J., Thompson, M.: Relay cost bounding for contactless EMV payments. In: International Conference on Financial Cryptography and Data Security, 26 January 2015, pp. 189–206. Springer, Heidelberg (2015)
van den Breekel, J., Asia, B.: Relaying EMV Contactless Transactions Using Off-the-Shelf Android Devices. BlackHat Asia, Singapore (2015)
Drimer, S., Murdoch, S.J.: Relay Attack on Card Payment-Vulnerabilities and Defences. Conference 24C3, December
Emms, M., Arief, B., Defty, T., Hannon, J., Hao, F., van Moorsel, A.: The dangers of verify PIN on contactless cards. Computing Science. Newcastle University (May 1, 2012)
Brands, S., Chaum, D.: Distance-bounding protocols. In: Workshop on the Theory and Application of of Cryptographic Techniques, 23 May 1993, pp. 344–359. Springer, Heidelberg (1993)
See How This Android App Clones Contactless Credit Cards In Seconds. https://www.forbes.com/sites/thomasbrewster/2015/02/18/android-app-clones-cards/#5fa25ae2db39. Accessed 18 Feb 2015
Shah, T., Upadhyay, D., Sharma, P.: A comparative analysis of different LFSR-based ciphers and parallel computing platforms for development of generic cipher compatible on both hardware and software platforms. In: Proceedings of the International Conference on Recent Cognizance in Wireless Communication & Image Processing 2016, pp. 305–316. Springer, New Delhi (2016)
Shah, T., Upadhyay, D.: Design analysis of an n-Bit LFSR-based generic stream cipher and its implementation discussion on hardware and software platforms. In: Proceedings of the International Congress on Information and Communication Technology 2016, pp. 607–621. Springer, Singapore (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Shah, T., Sampalli, S. (2019). Efficient LFSR Based Distance Bounding Protocol for Contactless EMV Payments. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-02683-7_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02682-0
Online ISBN: 978-3-030-02683-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)