Relay Cost Bounding for Contactless EMV Payments

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8975)


This paper looks at relay attacks against contactless payment cards, which could be used to wirelessly pickpocket money from victims. We discuss the two leading contactless EMV payment protocols (Visa’s payWave and MasterCard’s PayPass). Stopping a relay attack against cards using these protocols is hard: either the overhead of the communication is low compared to the (cryptographic) computation by the card or the messages can be cached before they are requested by the terminal. We propose a solution that fits within the EMV Contactless specification to make a payment protocol that is resistant to relay attacks from commercial off-the-shelf devices, such as mobile phones. This solution does not require significant changes to the cards and can easily be added to existing terminals. To prove that our protocol really does stop relay attacks, we develop a new method of automatically checking defences against relay attacks using the applied pi-calculus and the tool ProVerif.


Mobile Phone Smart Card Reader Process Cryptographic Operation ProVerif Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We would like to thank Chris Smith, Ben Smyth, Alexander Darer, Mandeep Daroch and a number of helpful shop staff for their assistance with developing the relay.


  1. 1.
    Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. J. ACM 52(1), 102–146 (2005)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Symposium on Principles of Programming Languages (POPL) (2001)Google Scholar
  3. 3.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Computer Security Foundations Workshop (CSFW), pp. 82–96. IEEE (2001)Google Scholar
  4. 4.
    Blanchet, B., Smyth, B., Cheval, V.: ProVerif 1.88: automatic cryptographic protocol verifier, user manual and tutorial (2013)Google Scholar
  5. 5.
    Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and skim: cloning EMV cards with the pre-play attack. In: 35th IEEE Symposium on Security and Privacy (2014)Google Scholar
  6. 6.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–68. Springer, Heidelberg (2014) Google Scholar
  7. 7.
    Capkun, S.: Personal communication (2012)Google Scholar
  8. 8.
    Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 113–127. IEEE (2012)Google Scholar
  9. 9.
    de Ruiter, J., Poll, E.: Formal analysis of the EMV protocol suite. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 113–129. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: USENIX Security Symposium, pp. 87–102, August 2007Google Scholar
  11. 11.
    Emms, M., Arief, B., Defty, T., Hannon, J., Hao, F., van Moorsel, A.: The dangers of verify PIN on contactless cards. Technical report. CS-TR-1332Google Scholar
  12. 12.
    Emms, M., Arief, B., Freitas, L., Hannon, J., van Moorsel, A.: Harvesting high value foreign currency transactions from emv contactless credit cards without the pin. In: 21st Conference on Computer and Communications Security (CCS) (2014)Google Scholar
  13. 13.
    EMVCo: EMV - Integrated Circuit Card Specifications for Payment Systems, version 4.3 (2011)Google Scholar
  14. 14.
    EMVCo: EMV Contactless Specifications for Payment Systems, version 2.4 (2014)Google Scholar
  15. 15.
    Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2011. The Internet Society (2011)Google Scholar
  16. 16.
    Francis, L., Hancke, G., Mayes, K.: A practical generic relay attack on contactless transactions by using NFC mobile phones. Int. J. RFID Secur. Cryprography (IJRFIDSC) 2(1–4), 92–106 (2013)Google Scholar
  17. 17.
    Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  18. 18.
    Hancke, G., Kuhn, M.: An RFID distance bounding protocol. In: 2005 First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 67–73. IEEE (2005)Google Scholar
  19. 19.
    Murdoch, S.J.: Defending against wedge attacks in Chip and PIN.
  20. 20.
    Sportiello, L., Ciardulli, A.: Long distance relay attack. In: Hutter, M., Schmidt, J.-M. (eds.) RFIDsec 2013. LNCS, vol. 8262, pp. 69–85. Springer, Heidelberg (2013) CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.School of Computer ScienceUniversity of BirminghamBirminghamUK
  2. 2.Institute for Computing and Information SciencesRadboud University NijmegenNijmegenThe Netherlands
  3. 3.Department of Mathematics and Computer ScienceTechnical University EindhovenEindhovenThe Netherlands

Personalised recommendations