Abstract
The EMVCo (EMV® is a registered trademark or trademark of EMVCo, LLC in the US and other countries.) organisation (i.e. MasterCard, Visa, etc.) protocols facilitate worldwide interoperability of secure electronic payments. Despite recent advances, it has proved difficult for academia to provide an acceptable solution to construction of secure applications within industry’s constraints. In this paper, we describe a methodology we have applied to EMV1. It involves domain specific languages and verification tools targeting different analysis of interest. We are currently collaborating with EMVCo on their upcoming EMV® \(2^{nd}\) Generation (EMV2) specifications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Almousa, O., Mödersheim, S., Modesti, P., Viganò, L.: Typing and compositionality for security protocols: a generalization to the geometric fragment. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 209–229. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_11
Almousa, O., Mödersheim, S., Viganò, L.: Alice and bob: reconciling formal models and implementation. In: Bodei, C., Ferrari, G.-L., Priami, C. (eds.) Programming Languages with Applications to Biology and Security. LNCS, vol. 9465, pp. 66–85. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25527-9_7
AVISPA: Deliverable 2.3: The Intermediate Format (2003). avispa-project.org
Basin, D., Mödersheim, S., Viganò, L.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3), 181–208 (2005)
Basin, D., Keller, M., Radomirović, S., Sasse, R.: Alice and Bob meet equational theories. In: Martí-Oliet, N., Ölveczky, P.C., Talcott, C. (eds.) Logic, Rewriting, and Concurrency. LNCS, vol. 9200, pp. 160–180. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23165-5_7
Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. In: IEEE Computer Security Foundations Workshop (2006)
Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Computer Security Foundations Workshop, IEEE, pp. 0082–0082. IEEE Computer Society (2001)
Blanchet, B., Smyth, B., Cheval, V.: ProVerif 2.00: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial (2018)
Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and skim: cloning EMV cards with the pre-play attack. In: S&P, pp. 49–64. IEEE (2014)
Brzuska, C., Smart, N.P., Warinschi, B., Watson, G.J.: An analysis of the EMV channel establishment protocol. In: CCS, pp. 373–386. ACM (2013)
Bugliesi, M., Modesti, P.: AnBx - security protocols design and verification. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 164–184. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16074-5_12
Bugliesi, M., Calzavara, S., Mödersheim, S., Modesti, P.: Security protocol specification and verification with AnBx. J. Inf. Secur. Appl. 30, 46–63 (2016)
Cortet, M., Rijks, T., Nijland, S.: Psd2: the digital transformation accelerator for banks. J. Paym.S Strat. Syst. 10(1), 13–27 (2016)
Cortier, V., Filipiak, A., Florent, J., Gharout, S., Traoré, J.: Designing and proving an EMV-compliant payment protocol for mobile devices. In: EuroS&P, pp. 467–480. IEEE (2017)
de Ruiter, J., Poll, E.: Formal analysis of the EMV protocol suite. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 113–129. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27375-9_7
Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 350–357 (1983)
Drimer, S., Murdoch, S.J., et al.: Keep your enemies close: distance bounding against smartcard relay attacks. In: USENIX Security Symposium, vol. 312 (2007)
Emms, M., Arief, B., Freitas, L., Hannon, J., van Moorsel, A.: Harvesting high value foreign currency transactions from EMV contactless credit cards without the PIN. In: CCS, pp. 716–726. ACM (2014)
Emms, M., Arief, B., Little, N., van Moorsel, A.: Risks of offline verify PIN on contactless cards. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 313–321. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_26
Emms, M., Freitas, L., van Moorsel, A.: Rigorous design and implementation of an emulator for EMV contactless payments. Technical report, Newcastle University (2014)
Emms, M.J.: Contactless payments: usability at the cost of security? Ph.D. thesis, Newcastle University (2016)
EMVCo: EMV integrated circuit card specifications for payment systems [books 1 to 4], December 2011. https://www.emvco.com/emv-technologies/contact/
EMVCo: EMV contactless specifications for payment systems [books a, b, c-1, c-2, c-3, c-4, c-5, c- 6, c-7 and d], February 2016. https://www.emvco.com/emv-technologies/contactless/
Financial Fraud Action: Fraud the fact. the definitive overview of payment industry fraud and measures to prevent it (2017). https://www.financialfraudaction.org.uk/fraudfacts17/
Freitas, L., Emms, M.: Formal specification of EMV protocol. Technical report, Newcastle University (2014)
Freitas, L.: VDM at large: modelling the EMV(R) 2nd generation kernel. In: Formal Methods: Foundations and Applications - 21st Brazilian Symposium, SBMF 2018, Salvador, Brazil, 28–30 November 2018, Proceedings. Lecture Notes in Computer Science, vol. 11254. Springer (2018)
Freitas, L., Jones, C.B., Velykis, A., Whiteside, I.: How to say why (in AI4FM). Technical report, Newcastle University (2013)
Freitas, L., Woodcock, J.: Mechanising mondex with Z/Eves. Form. Asp. Comput. 20(1), 117 (2008)
Garcia, R., Modesti, P.: An IDE for the design, verification and implementation of security protocols. In: ISSRE Workshops, pp. 157–163. IEEE (2017)
Garrett, D., Ward, M.: Blinded Diffie-Hellman. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 79–92. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-14054-4_6
Guttman, J.D., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Programming cryptographic protocols. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 116–145. Springer, Heidelberg (2005). https://doi.org/10.1007/11580850_8
Hoare, C.A.R.: CSP - Communicating Sequential Processes. Prentice-Hall (1985)
Jones, C.B.: Systematic Software Development Using VDM, vol. 2. Prentice Hall, Englewood Cliffs (1990)
Lowe, G.: A hierarchy of authentication specifications. In: CSFW 1997, pp. 31–43. IEEE Computer Society Press (1997)
Maiden, J.: EMV’s Relay Resistance Protocol in MasterCard Contactless Specification. Master’s thesis, School of Computing Science, Newcastle University (2017)
Mödersheim, S.: Algebraic properties in Alice and Bob notation. In: International Conference on Availability, Reliability and Security (ARES 2009), pp. 433–440 (2009)
Modesti, P.: AnBx: Automatic generation and verification of security protocols implementations. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 156–173. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30303-1_10
Modesti, P.: Efficient Java code generation of security protocols specified in AnB/AnBx. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 204–208. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_17
Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and pin is broken. In: S&P, pp. 433–446. IEEE (2010)
Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: CSF, pp. 78–94. IEEE (2012)
Woodcock, J., Freitas, L.: Linking VDM and Z. In: IEEE International Conference on Engineering of Complex Computer Systems, pp. 143–152. IEEE (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Freitas, L., Modesti, P., Emms, M. (2018). A Methodology for Protocol Verification Applied to EMV® 1. In: Massoni, T., Mousavi, M. (eds) Formal Methods: Foundations and Applications. SBMF 2018. Lecture Notes in Computer Science(), vol 11254. Springer, Cham. https://doi.org/10.1007/978-3-030-03044-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-03044-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03043-8
Online ISBN: 978-3-030-03044-5
eBook Packages: Computer ScienceComputer Science (R0)