Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security in Computer Networks and Distributed Systems

SNDS 2014: Recent Trends in Computer Networks and Distributed Systems Security pp 192–201Cite as

Improving Test Conformance of Smart Cards versus EMV-Specification by Using on the Fly Temporal Property Verification

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 420))

Abstract

Electronic payment transactions using smart card are based on the Europay Mastercard Visa (EMV) specifications. This standard appeared in 1995 in order to ensure security and global interoperability between EMV-compliant smart cards and EMV-compliant payment terminals throughout the world. Another purpose of EMV specifications is to permit a secure control of offline credit card transaction approvals. This paper will expose a way to improve verification and validation of the payment application stored in the chip of the smart card based on temporal property verification. In fact, each issuer (e.g., MasterCard) defines its own EMV-compliant specification, allowing different implementation cases and possible errors and we discuss about a method to detect anomalies to avoid smart card vulnerabilities. The properties will be designed in conformance with EMV-specification but our goal is not to formally prove them. We consider implementations through a black-box testing approach, therefore we cannot prove the properties as we don’t have access to the source code. However, we can observe the command/response exchanges and detect, on the fly, when an expected property is violated.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. EMV Integrated Circuit Card Specifications for Payment Systems, version 4.3 EMVco (2011)

    Google Scholar 

  2. M/Chip 4 Card Application Specifications for Credit and Debit, MasterCard International (2002)

    Google Scholar 

  3. Lancia, J.: Un framework de fuzzing pour cartes a puce: application aux protocoles EMV (2011)

    Google Scholar 

  4. Vernois, S., Alimi, V.: WinSCard Tools: a software for the development and security analysis of transactions with smartcards (2010)

    Google Scholar 

  5. ISO/IEC 7816, International Organization for Standardization and the International Electrotechnical Commission

    Google Scholar 

  6. Philippaerts, P., Mhlberg, J.T., Penninckx, W., Smans, J., Jacobs, B., Piessens, F.: Software Verification with Verifast: industrial Case Studies (2013)

    Google Scholar 

  7. Distefano, D., Parkinson, M.J.: Jstar: Towards Practical Verification for Java (2009)

    Google Scholar 

  8. Foster, H.D., Krolnik, A.C., Lacey, D.J.: Assertion-Based Design (2010)

    Google Scholar 

  9. Source code of WSCT, https://github.com/wsct

  10. Vibert, B., Alimi, V., Vernois, S.: Analyse de la sécurité de transactions à puce avec le framework WinSCard Tools (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. UNICAEN, GREYC, ENSICAEN, CNRS, Normandie Univ., 6, Boulevard Marchal Juin, F-14050, Caen Cedex, France

    Germain Jolly, Sylvain Vernois & Jean-Luc Lambert

Authors
  1. Germain Jolly
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvain Vernois
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Luc Lambert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Facultad de Informatica, Campus de Espinardo, s/n, 30., 100, Murcia, Spain

    Gregorio Martínez Pérez

  2. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Faculty of Computing and Mathematical Sciences, The University of Waikato, Waikato Mail Centre, Private Bag 3105, Hamilton, New Zealand

    Ryan Ko

  4. Guangdong University of Petrochemical Technology, P.R. China

    Lei Shu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jolly, G., Vernois, S., Lambert, JL. (2014). Improving Test Conformance of Smart Cards versus EMV-Specification by Using on the Fly Temporal Property Verification. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-54525-2_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-54524-5

  • Online ISBN: 978-3-642-54525-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation