Abstract
This paper looks at relay attacks against contactless payment cards, which could be used to wirelessly pickpocket money from victims. We discuss the two leading contactless EMV payment protocols (Visa’s payWave and MasterCard’s PayPass). Stopping a relay attack against cards using these protocols is hard: either the overhead of the communication is low compared to the (cryptographic) computation by the card or the messages can be cached before they are requested by the terminal. We propose a solution that fits within the EMV Contactless specification to make a payment protocol that is resistant to relay attacks from commercial off-the-shelf devices, such as mobile phones. This solution does not require significant changes to the cards and can easily be added to existing terminals. To prove that our protocol really does stop relay attacks, we develop a new method of automatically checking defences against relay attacks using the applied pi-calculus and the tool ProVerif.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
References
Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. J. ACM 52(1), 102–146 (2005)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Symposium on Principles of Programming Languages (POPL) (2001)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Computer Security Foundations Workshop (CSFW), pp. 82–96. IEEE (2001)
Blanchet, B., Smyth, B., Cheval, V.: ProVerif 1.88: automatic cryptographic protocol verifier, user manual and tutorial (2013)
Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and skim: cloning EMV cards with the pre-play attack. In: 35th IEEE Symposium on Security and Privacy (2014)
Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–68. Springer, Heidelberg (2014)
Capkun, S.: Personal communication (2012)
Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 113–127. IEEE (2012)
de Ruiter, J., Poll, E.: Formal analysis of the EMV protocol suite. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 113–129. Springer, Heidelberg (2012)
Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: USENIX Security Symposium, pp. 87–102, August 2007
Emms, M., Arief, B., Defty, T., Hannon, J., Hao, F., van Moorsel, A.: The dangers of verify PIN on contactless cards. Technical report. CS-TR-1332
Emms, M., Arief, B., Freitas, L., Hannon, J., van Moorsel, A.: Harvesting high value foreign currency transactions from emv contactless credit cards without the pin. In: 21st Conference on Computer and Communications Security (CCS) (2014)
EMVCo: EMV - Integrated Circuit Card Specifications for Payment Systems, version 4.3 (2011)
EMVCo: EMV Contactless Specifications for Payment Systems, version 2.4 (2014)
Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2011. The Internet Society (2011)
Francis, L., Hancke, G., Mayes, K.: A practical generic relay attack on contactless transactions by using NFC mobile phones. Int. J. RFID Secur. Cryprography (IJRFIDSC) 2(1–4), 92–106 (2013)
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010)
Hancke, G., Kuhn, M.: An RFID distance bounding protocol. In: 2005 First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 67–73. IEEE (2005)
Murdoch, S.J.: Defending against wedge attacks in Chip and PIN. https://www.lightbluetouchpaper.org/2009/08/25/defending-against-wedge-attacks/
Sportiello, L., Ciardulli, A.: Long distance relay attack. In: Hutter, M., Schmidt, J.-M. (eds.) RFIDsec 2013. LNCS, vol. 8262, pp. 69–85. Springer, Heidelberg (2013)
Acknowledgement
We would like to thank Chris Smith, Ben Smyth, Alexander Darer, Mandeep Daroch and a number of helpful shop staff for their assistance with developing the relay.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chothia, T., Garcia, F.D., de Ruiter, J., van den Breekel, J., Thompson, M. (2015). Relay Cost Bounding for Contactless EMV Payments. In: Böhme, R., Okamoto, T. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47854-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-662-47854-7_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-47853-0
Online ISBN: 978-3-662-47854-7
eBook Packages: Computer ScienceComputer Science (R0)