Security Analysis of EMV Protocol and Approaches for Strengthening It

  • Khedkar Shrikrishna
  • N. V. Narendra Kumar
  • R. K. Shyamasundar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10722)


Reliance on smart cards for our daily lives makes their security essential. Credit card fraud has been a major hassle for electronic commerce over the past few years. A worldwide standard for payment has been introduced by Europay, Mastercard, and Visa (EMV) with the objective of limiting the card payment frauds. The EMV standard has two main pillars, card authentication (chip) - counters skimming and counterfeiting frauds, and cardholder verification (PIN) - counters stolen or lost cards fraud. Today EMV (aka Chip-and-PIN) is the leading system for the card payments worldwide with more than 4.8 billion cards. Although EMV cards are widely adopted around the world, it is still amenable to attacks as our analysis reveals.

In this paper, we present an approach for analyzing the security of the EMV protocol using a novel information security model called the Readers-Writers Flow Model (RWFM) that explicitly captures the intentions of the protocol designer. An assessment of security of the EMV protocol by the approach automatically reveals several attacks on the EMV protocol presented in the literature, and provides implementation guidelines for realizing a secure EMV protocol w.r.t different threat models. It is experimentally illustrated that most of these attacks are overcome by using a RWFM wrapper in a prototype implementation following the guidelines. Efficacy of the approach is demonstrated by successfully preventing the software simulation of the “No-PIN” attack.


EMV Chip-and-PIN cards Secure information-flow Payment protocols 



The work was done as part of Information Security Research and Development Centre (ISRDC) at IIT Bombay, funded by MEITY, Government of India.


  1. 1.
    Adida, B., Bond, M., Clulow, J., Lin, A., Murdoch, S., Anderson, R., Rivest, R.: Phish and chips. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2006. LNCS, vol. 5087, pp. 40–48. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  2. 2.
    Barisani, A., Bianco, D.: Practical EMV PIN interception and fraud detection. In: 31th Chaos Communication Congress [31c3] of the Chaos Computer Club [CCC] (2014)Google Scholar
  3. 3.
    Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. In: 19th IEEE CSFW, pp. 139–152 (2006)Google Scholar
  4. 4.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE CSFW, pp. 82–96 (2001)Google Scholar
  5. 5.
    Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S.P., Anderson, R.J.: Chip and skim: cloning EMV cards with the pre-play attack. CoRR abs/1209.2531 (2012)Google Scholar
  6. 6.
    Degabriele, J.P., Lehmann, A., Paterson, K.G., Smart, N.P., Strefler, M.: On the joint security of encryption and signature in EMV. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 116–135. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  7. 7.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976).
  8. 8.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: Distance bounding against smartcard relay attacks. In: Provos, N. (ed.) 16th USENIX Security Symposium. USENIX Association (2007)Google Scholar
  9. 9.
    EMVCo: Book 1: Application independent ICC to terminal interface requirements v4.3 (2011).
  10. 10.
    EMVCo: Book 2: Security and key management v4.3 (2011).
  11. 11.
    EMVCo: Book 3: Application specification v4.3 (2011).
  12. 12.
    EMVCo: Book 4: Cardholder, attendant, and acquirer interface requirements v4.3 (2011).
  13. 13.
    Ferradi, H., Géraud, R., Naccache, D., Tria, A.: When organized crime applies academic results: a forensic analysis of an in-card listening device. J. Crypt. Eng. 6(1), 49–59 (2016)CrossRefGoogle Scholar
  14. 14.
    Murdoch, S.J., Drimer, S., Anderson, R.J., Bond, M.: Chip and PIN is broken. In: 31st IEEE S&P, pp. 433–446. IEEE Computer Society (2010)Google Scholar
  15. 15.
    Narendra Kumar, N.V., Shyamasundar, R.K.: Realizing purpose-based privacy policies succinctly via information-flow labels. In: 4th IEEE BDCloud, pp. 753–760. IEEE (2014)Google Scholar
  16. 16.
    Narendra Kumar, N.V., Shyamasundar, R.K.: POSTER: dynamic labelling for analyzing security protocols. In: 22nd ACM CCS, pp. 1665–1667 (2015)Google Scholar
  17. 17.
    Narendra Kumar, N.V., Shyamasundar, R.K.: Analyzing protocol security through information-flow control. In: Krishnan, P., Radha Krishna, P., Parida, L. (eds.) ICDCIT 2017. LNCS, vol. 10109, pp. 159–171. Springer, Cham (2017). CrossRefGoogle Scholar
  18. 18.
    Rodríguez, R.J.: Evolution and characterization of point-of-sale RAM scraping malware. J. Comput. Virol. Hacking Tech. 13(3), 179–192 (2017). CrossRefGoogle Scholar
  19. 19.
    Roscoe, A.W.: Intensional specifications of security protocols. In: 9th IEEE CSF, pp. 28–38 (1996)Google Scholar
  20. 20.
    de Ruiter, J.: Lessons learned in the analysis of the EMV and TLS security protocols. Ph.D. thesis, Radboud University Nijmegen, August 2015Google Scholar
  21. 21.
    de Ruiter, J., Poll, E.: Formal analysis of the EMV protocol suite. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 113–129. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  22. 22.
    Woo, T.Y.C., Lam, S.S.: A lesson on authentication protocol design. SIGOPS Oper. Syst. Rev. 28(3), 24–37 (1994)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Khedkar Shrikrishna
    • 1
  • N. V. Narendra Kumar
    • 2
  • R. K. Shyamasundar
    • 1
  1. 1.Department of Computer Science and EngineeringIndian Institute of Technology BombayMumbaiIndia
  2. 2.Centre for Payment SystemsIDRBTHyderabadIndia

Personalised recommendations