Abstract
Electronic payment transactions using smart card are based on the Europay Mastercard Visa (EMV) specifications. This standard appeared in 1995 in order to ensure security and global interoperability between EMV-compliant smart cards and EMV-compliant payment terminals throughout the world. Another purpose of EMV specifications is to permit a secure control of offline credit card transaction approvals. This paper will expose a way to improve verification and validation of the payment application stored in the chip of the smart card based on temporal property verification. In fact, each issuer (e.g., MasterCard) defines its own EMV-compliant specification, allowing different implementation cases and possible errors and we discuss about a method to detect anomalies to avoid smart card vulnerabilities. The properties will be designed in conformance with EMV-specification but our goal is not to formally prove them. We consider implementations through a black-box testing approach, therefore we cannot prove the properties as we don’t have access to the source code. However, we can observe the command/response exchanges and detect, on the fly, when an expected property is violated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
EMV Integrated Circuit Card Specifications for Payment Systems, version 4.3 EMVco (2011)
M/Chip 4 Card Application Specifications for Credit and Debit, MasterCard International (2002)
Lancia, J.: Un framework de fuzzing pour cartes a puce: application aux protocoles EMV (2011)
Vernois, S., Alimi, V.: WinSCard Tools: a software for the development and security analysis of transactions with smartcards (2010)
ISO/IEC 7816, International Organization for Standardization and the International Electrotechnical Commission
Philippaerts, P., Mhlberg, J.T., Penninckx, W., Smans, J., Jacobs, B., Piessens, F.: Software Verification with Verifast: industrial Case Studies (2013)
Distefano, D., Parkinson, M.J.: Jstar: Towards Practical Verification for Java (2009)
Foster, H.D., Krolnik, A.C., Lacey, D.J.: Assertion-Based Design (2010)
Source code of WSCT, https://github.com/wsct
Vibert, B., Alimi, V., Vernois, S.: Analyse de la sécurité de transactions à puce avec le framework WinSCard Tools (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jolly, G., Vernois, S., Lambert, JL. (2014). Improving Test Conformance of Smart Cards versus EMV-Specification by Using on the Fly Temporal Property Verification. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-54525-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54524-5
Online ISBN: 978-3-642-54525-2
eBook Packages: Computer ScienceComputer Science (R0)