Skip to main content
SpringerLink
Log in

A Methodology for Protocol Verification Applied to EMV® 1

  • Conference paper
  • First Online:
Formal Methods: Foundations and Applications (SBMF 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11254))

Included in the following conference series:

Abstract

The EMVCo (EMV®  is a registered trademark or trademark of EMVCo, LLC in the US and other countries.) organisation (i.e. MasterCard, Visa, etc.) protocols facilitate worldwide interoperability of secure electronic payments. Despite recent advances, it has proved difficult for academia to provide an acceptable solution to construction of secure applications within industry’s constraints. In this paper, we describe a methodology we have applied to EMV1. It involves domain specific languages and verification tools targeting different analysis of interest. We are currently collaborating with EMVCo on their upcoming EMV®  \(2^{nd}\) Generation (EMV2) specifications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Almousa, O., Mödersheim, S., Modesti, P., Viganò, L.: Typing and compositionality for security protocols: a generalization to the geometric fragment. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 209–229. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_11

    Chapter  Google Scholar 

  2. Almousa, O., Mödersheim, S., Viganò, L.: Alice and bob: reconciling formal models and implementation. In: Bodei, C., Ferrari, G.-L., Priami, C. (eds.) Programming Languages with Applications to Biology and Security. LNCS, vol. 9465, pp. 66–85. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25527-9_7

    Chapter  MATH  Google Scholar 

  3. AVISPA: Deliverable 2.3: The Intermediate Format (2003). avispa-project.org

  4. Basin, D., Mödersheim, S., Viganò, L.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3), 181–208 (2005)

    Article  Google Scholar 

  5. Basin, D., Keller, M., Radomirović, S., Sasse, R.: Alice and Bob meet equational theories. In: Martí-Oliet, N., Ölveczky, P.C., Talcott, C. (eds.) Logic, Rewriting, and Concurrency. LNCS, vol. 9200, pp. 160–180. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23165-5_7

    Chapter  MATH  Google Scholar 

  6. Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. In: IEEE Computer Security Foundations Workshop (2006)

    Google Scholar 

  7. Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Computer Security Foundations Workshop, IEEE, pp. 0082–0082. IEEE Computer Society (2001)

    Google Scholar 

  8. Blanchet, B., Smyth, B., Cheval, V.: ProVerif 2.00: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial (2018)

    Google Scholar 

  9. Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and skim: cloning EMV cards with the pre-play attack. In: S&P, pp. 49–64. IEEE (2014)

    Google Scholar 

  10. Brzuska, C., Smart, N.P., Warinschi, B., Watson, G.J.: An analysis of the EMV channel establishment protocol. In: CCS, pp. 373–386. ACM (2013)

    Google Scholar 

  11. Bugliesi, M., Modesti, P.: AnBx - security protocols design and verification. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 164–184. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16074-5_12

    Chapter  Google Scholar 

  12. Bugliesi, M., Calzavara, S., Mödersheim, S., Modesti, P.: Security protocol specification and verification with AnBx. J. Inf. Secur. Appl. 30, 46–63 (2016)

    Google Scholar 

  13. Cortet, M., Rijks, T., Nijland, S.: Psd2: the digital transformation accelerator for banks. J. Paym.S Strat. Syst. 10(1), 13–27 (2016)

    Google Scholar 

  14. Cortier, V., Filipiak, A., Florent, J., Gharout, S., Traoré, J.: Designing and proving an EMV-compliant payment protocol for mobile devices. In: EuroS&P, pp. 467–480. IEEE (2017)

    Google Scholar 

  15. de Ruiter, J., Poll, E.: Formal analysis of the EMV protocol suite. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 113–129. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27375-9_7

    Chapter  Google Scholar 

  16. Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 350–357 (1983)

    Google Scholar 

  17. Drimer, S., Murdoch, S.J., et al.: Keep your enemies close: distance bounding against smartcard relay attacks. In: USENIX Security Symposium, vol. 312 (2007)

    Google Scholar 

  18. Emms, M., Arief, B., Freitas, L., Hannon, J., van Moorsel, A.: Harvesting high value foreign currency transactions from EMV contactless credit cards without the PIN. In: CCS, pp. 716–726. ACM (2014)

    Google Scholar 

  19. Emms, M., Arief, B., Little, N., van Moorsel, A.: Risks of offline verify PIN on contactless cards. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 313–321. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_26

    Chapter  Google Scholar 

  20. Emms, M., Freitas, L., van Moorsel, A.: Rigorous design and implementation of an emulator for EMV contactless payments. Technical report, Newcastle University (2014)

    Google Scholar 

  21. Emms, M.J.: Contactless payments: usability at the cost of security? Ph.D. thesis, Newcastle University (2016)

    Google Scholar 

  22. EMVCo: EMV integrated circuit card specifications for payment systems [books 1 to 4], December 2011. https://www.emvco.com/emv-technologies/contact/

  23. EMVCo: EMV contactless specifications for payment systems [books a, b, c-1, c-2, c-3, c-4, c-5, c- 6, c-7 and d], February 2016. https://www.emvco.com/emv-technologies/contactless/

  24. Financial Fraud Action: Fraud the fact. the definitive overview of payment industry fraud and measures to prevent it (2017). https://www.financialfraudaction.org.uk/fraudfacts17/

  25. Freitas, L., Emms, M.: Formal specification of EMV protocol. Technical report, Newcastle University (2014)

    Google Scholar 

  26. Freitas, L.: VDM at large: modelling the EMV(R) 2nd generation kernel. In: Formal Methods: Foundations and Applications - 21st Brazilian Symposium, SBMF 2018, Salvador, Brazil, 28–30 November 2018, Proceedings. Lecture Notes in Computer Science, vol. 11254. Springer (2018)

    Google Scholar 

  27. Freitas, L., Jones, C.B., Velykis, A., Whiteside, I.: How to say why (in AI4FM). Technical report, Newcastle University (2013)

    Google Scholar 

  28. Freitas, L., Woodcock, J.: Mechanising mondex with Z/Eves. Form. Asp. Comput. 20(1), 117 (2008)

    Article  Google Scholar 

  29. Garcia, R., Modesti, P.: An IDE for the design, verification and implementation of security protocols. In: ISSRE Workshops, pp. 157–163. IEEE (2017)

    Google Scholar 

  30. Garrett, D., Ward, M.: Blinded Diffie-Hellman. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 79–92. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-14054-4_6

    Chapter  Google Scholar 

  31. Guttman, J.D., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Programming cryptographic protocols. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 116–145. Springer, Heidelberg (2005). https://doi.org/10.1007/11580850_8

    Chapter  Google Scholar 

  32. Hoare, C.A.R.: CSP - Communicating Sequential Processes. Prentice-Hall (1985)

    Google Scholar 

  33. Jones, C.B.: Systematic Software Development Using VDM, vol. 2. Prentice Hall, Englewood Cliffs (1990)

    MATH  Google Scholar 

  34. Lowe, G.: A hierarchy of authentication specifications. In: CSFW 1997, pp. 31–43. IEEE Computer Society Press (1997)

    Google Scholar 

  35. Maiden, J.: EMV’s Relay Resistance Protocol in MasterCard Contactless Specification. Master’s thesis, School of Computing Science, Newcastle University (2017)

    Google Scholar 

  36. Mödersheim, S.: Algebraic properties in Alice and Bob notation. In: International Conference on Availability, Reliability and Security (ARES 2009), pp. 433–440 (2009)

    Google Scholar 

  37. Modesti, P.: AnBx: Automatic generation and verification of security protocols implementations. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 156–173. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30303-1_10

    Chapter  Google Scholar 

  38. Modesti, P.: Efficient Java code generation of security protocols specified in AnB/AnBx. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 204–208. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_17

    Chapter  Google Scholar 

  39. Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and pin is broken. In: S&P, pp. 433–446. IEEE (2010)

    Google Scholar 

  40. Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: CSF, pp. 78–94. IEEE (2012)

    Google Scholar 

  41. Woodcock, J., Freitas, L.: Linking VDM and Z. In: IEEE International Conference on Engineering of Complex Computer Systems, pp. 143–152. IEEE (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing, Newcastle University, Newcastle upon Tyne, UK

    Leo Freitas & Martin Emms

  2. School of Computer Science, University of Sunderland, Sunderland, UK

    Paolo Modesti

Authors
  1. Leo Freitas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paolo Modesti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Emms
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leo Freitas .

Editor information

Editors and Affiliations

  1. Federal University of Campina Grande, Campina Grande, Brazil

    Tiago Massoni

  2. University of Leicester, Leicester, UK

    Mohammad Reza Mousavi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Freitas, L., Modesti, P., Emms, M. (2018). A Methodology for Protocol Verification Applied to EMV® 1. In: Massoni, T., Mousavi, M. (eds) Formal Methods: Foundations and Applications. SBMF 2018. Lecture Notes in Computer Science(), vol 11254. Springer, Cham. https://doi.org/10.1007/978-3-030-03044-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03044-5_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03043-8

  • Online ISBN: 978-3-030-03044-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation