Your Money or Your Life—Modeling and Analyzing the Security of Electronic Payment in the UC Framework

  • Dirk Achenbach
  • Roland Gröll
  • Timon Hackenjos
  • Alexander Koch
  • Bernhard Löwe
  • Jeremias Mechler
  • Jörn Müller-Quade
  • Jochen RillEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11598)


EMV, also known as Chip and PIN, is the world-wide standard for card-based electronic payment. Its security wavers: over the past years, researchers have demonstrated various practical attacks, ranging from using stolen cards by disabling PIN verification to cloning cards by pre-computing transaction data. Most of these attacks rely on violating certain unjustified and not explicitly stated core assumptions upon which EMV is built, namely that the input device (e.g. the ATM) is trusted and all communication channels are non-interceptable. In addition, EMV lacks a comprehensive formal description of its security.

In this work we give a formal model for the security of electronic payment protocols in the Universal Composability (UC) framework. A particular challenge for electronic payment is that one participant of a transaction is a human who cannot perform cryptographic operations. Our goal is twofold. First, we want to enable a transition from the iterative engineering of such protocols to using cryptographic security models to argue about a protocol’s security. Second, we establish a more realistic adversarial model for payment protocols in the presence of insecure devices and channels.

We prove a set of necessary requirements for secure electronic payment with regards to our model. We then discuss the security of current payment protocols based on these results and find that most are insecure or require unrealistically strong assumptions. Finally, we give a simple payment protocol inspired by chipTAN and photoTAN and prove its security.

Our model captures the security properties of electronic payment protocols with human interaction. We show how to use this to reason about necessary requirements for secure electronic payment and how to develop a protocol based on the resulting guidelines. We hope that this will facilitate the development of new protocols with well-understood security properties.


EMV Universal Composability Security models Human-server-interaction Electronic payment 


  1. 1.
    Achenbach, D., et al.: Your Money or Your Life-Modeling and Analyzing the Security of Electronic Payment in the UC Framework, Full version of the paper (2019).
  2. 2.
    Anderson, R., Bond, M., Choudary, O., Murdoch, S.J., Stajano, F.: Might financial cryptography kill financial innovation? – the curious case of EMV. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 220–234. Springer, Heidelberg (2012). Scholar
  3. 3.
    Basin, D.A., Radomirovic, S., Schläpfer, M.: A complete characterization of secure human-server communication. In: Fournet, C., Hicks, M.W., Viganó, L. (eds.) IEEE 28th Computer Security Foundations Symposium, CSF 2015, pp. 199–213. IEEE Computer Society (2015)Google Scholar
  4. 4.
    Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S.P., Anderson, R.J.: Chip and skim: cloning EMV cards with the pre-play attack. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 49–64. IEEE Computer Society (2014)Google Scholar
  5. 5.
    Borchert IT-Sicherheit UG: Display-TAN Mobile Banking: Secure and Mobile (2018). Accessed 18 Sep 2018
  6. 6.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, pp. 136–145. IEEE Computer Society (2001)Google Scholar
  7. 7.
    Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). Scholar
  8. 8.
    Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002). Scholar
  9. 9.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, New York (1990). Scholar
  10. 10.
    Chothia, T., Garcia, F.D., de Ruiter, J., van den Breekel, J., Thompson, M.: Relay cost bounding for contactless EMV payments. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 189–206. Springer, Heidelberg (2015). Scholar
  11. 11.
  12. 12.
    Commonwealth Bank of Australia: Cardless Cash (2018). Accessed 25 Sep 2018
  13. 13.
    Cortier, V., Filipiak, A., Florent, J., Gharout, S., Traoré, J.: Designing and proving an EMV-compliant payment protocol for mobile devices. In: 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, pp. 467–480. IEEE (2017)Google Scholar
  14. 14.
    Degabriele, J.P., Lehmann, A., Paterson, K.G., Smart, N.P., Strefler, M.: On the joint security of encryption and signature in EMV. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 116–135. Springer, Heidelberg (2012). Scholar
  15. 15.
    Denzel, M., Bruni, A., Ryan, M.D.: Smart-guard: defending user input from malware. In: 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), pp. 502–509. IEEE Computer Society (2016)Google Scholar
  16. 16.
    Deutsche Bank: photoTAN - schnell und einfach aktiviert. Accessed 13 Dec 2018
  17. 17.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Provos, N. (ed.) Proceedings of the 16th USENIX Security Symposium 2007. USENIX Association (2007)Google Scholar
  18. 18.
    Emms, M., Arief, B., Freitas, L., Hannon, J., van Moorsel, A.P.A.: Harvesting high value foreign currency transactions from EMV contactless credit cards without the PIN. In: Ahn, G., Yung, M., Li, N. (eds.) 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 716–726. ACM (2014)Google Scholar
  19. 19.
    EMV: Integrated Circuit Card Specifications for Payment Systems: Book 1. Application Independent ICC to Terminal Interface Requirements, Version 4.3 (2011)Google Scholar
  20. 20.
    EMV: Integrated Circuit Card Specifications for Payment Systems: Book 2. Security and Key Management, Version 4.3 (2011)Google Scholar
  21. 21.
    EMV: Integrated Circuit Card Specifications for Payment Systems: Book 3. Application Specification, Version 4.3 (2011)Google Scholar
  22. 22.
    Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). Scholar
  23. 23.
    Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). Scholar
  24. 24.
    Murdoch, S.J., Drimer, S., Anderson, R.J., Bond, M.: Chip and PIN is broken. In: 31st IEEE Symposium on Security and Privacy, S&P 2010, pp. 433–446. IEEE Computer Society (2010)Google Scholar
  25. 25.
    Old Bailey Proceedings Online (ed.): Trial of J. Buckley, T. Shenton, version 8.0. (1781). Accessed 22 Sep 2018
  26. 26.
    Postbank: Postbank chipTAN comfort (2018). Accessed Sep 25 2018
  27. 27.
    RedTeam Pentesting GmbH: Man-in-the-Middle Attacks against the chipTAN comfort Online Banking System (2009). Accessed 25 Sep 2018
  28. 28.
    Smart Card Alliance: Contactless EMV Payments: Benefits for Consumers, Merchants and Issuers. Accessed 17 Dec 2018
  29. 29.
    Tamarin: Tamarin prover (2018). Accessed 19 Dec 2018
  30. 30.
  31. 31.
    Volksbank Mittelhessen eG: VR-mobileCash: Geld abheben ohne Karte. Accessed 25 Sep 2018

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  • Dirk Achenbach
    • 2
  • Roland Gröll
    • 2
  • Timon Hackenjos
    • 2
  • Alexander Koch
    • 1
  • Bernhard Löwe
    • 1
  • Jeremias Mechler
    • 1
  • Jörn Müller-Quade
    • 1
  • Jochen Rill
    • 2
    Email author
  1. 1.Karlsruhe Institute of Technology (KIT)KarlsruheGermany
  2. 2.FZI Research Center for Information TechnologyKarlsruheGermany

Personalised recommendations