University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Making Contactless EMV Robust Against Rogue Readers Colluding With Relay Attackers

Chothia, Tom, Boureanu, Ioana and Chen, Liqun (2019) Making Contactless EMV Robust Against Rogue Readers Colluding With Relay Attackers In: 23rd  International Conference on Financial Cryptography and Data Security (FC 19), 18–22 Feb 2019, St. Kitts Marriott Resort, St. Kitts.

[img]
Preview
Text
Making Contactless EMV Robust Against Rogue Readers Colluding With Relay Attackers.pdf - Accepted version Manuscript

Download (278kB) | Preview

Abstract

It is possible to relay signals between a contactless EMV card and a shop’s EMV reader and so make a fraudulent payment without the card-owner’s knowledge. Existing countermeasures rely on proximity checking: the reader will measure round trip times in message-exchanges, and rejects replies that take longer than expected (which suggests they have been relayed). However, it is the reader that would receive the illicit payment from any relayed transaction, so a rogue reader has little incentive to enforce the required checks. Furthermore, cases of malware targeting point-of-sales systems are common.We propose three novel proximity-checking protocols that use a trusted platform module (TPM) to ensure that the reader performs the time measurements correctly. After running one of our proposed protocols, the bank can be sure that the card and reader were in close proximity, even if the reader tries to subvert the protocol. Our first protocol makes changes to the cards and readers, our second protocol modifies the readers and the banking backend, and our third protocol allows the detection of relay attacks, after they have happened, with only changes to the readers.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
NameEmailORCID
Chothia, Tom
Boureanu, Ioanai.boureanu@surrey.ac.uk
Chen, Liqunliqun.chen@surrey.ac.uk
Date : 18 February 2019
Related URLs :
Depositing User : Clive Harris
Date Deposited : 21 Feb 2019 13:45
Last Modified : 21 Mar 2019 09:41
URI: http://epubs.surrey.ac.uk/id/eprint/850544

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800