On the Security of the EMV Secure Messaging

نویسندگان

  • Ben Adida
  • Mike Bond
  • Jolyon Clulow
  • Amerson Lin
  • Ross Anderson
  • Ronald L. Rivest
چکیده

We present new attacks against the EMV financial transaction security system (known in Europe as “Chip and PIN”), specifically on the back-end API support for sending secure messages to EMV smartcards. EMV is the new electronic payment system designed by VISA and Mastercard and widely deployed throughout Europe in the last 12 months. It aims to eventually supersede magnetic-stripe systems. Customers carry smartcards which, upon payment, engage in cryptographic protocols to authenticate themselves to their issuing bank. At the issuing bank (the “back end” for short), the Hardware Security Modules (HSMs), which are tasked with PIN storage and verification for ATM networks, have been extended to provide new EMV security functionality. The HSMs now authenticate and manage the massive card base, ensuring security in an environment particularly wary of insider attack. The back-end HSMs expose a security Application Programming Interface (security API), which the untrusted banking application layer uses to perform cryptographic operations, and which enforces a security policy on the usage of the secret data it handles. In the last five years, the security of HSM APIs has come under close scrutiny from the academic community, and, recently, a number of HSM manufacturers have made their EMV functionality available for study. The new EMV functionality includes three basic classes of commands: firstly, those to verify authorisation requests and produce responses or denials; secondly, those to manage the personalisation of smartcards during the issue process; and thirdly those to produce secure command messages, which are decrypted, verified and executed by smartcards for the purpose of updating security parameters in the field. This paper concentrates on this last class. Such secure messaging commands are used for many purposes: to change the PIN on a card, adjust the offline spending limits, replace cryptographic keys, or toggle international roaming. We present two attacks, which, together, completely undermine the security of EMV secure messaging, assuming a corrupt insider with access to the HSM API for a brief period. Our first attack allows the injection of chosen plaintext into the encrypted field of a secure message destined for an EMV smartcard (this could be used to update the card’s PIN or session key). The second attack discloses any card-exportable secret data, for instance a unique card authentication key. Only one of the two devices, the IBM 4758 CCA, was found vulnerable to this second class of attack, but it is particularly significant, because it is passive with respect to the card. Therefore, if such an attack were used to defraud a bank, it would be much harder to trace. Both attacks exploit the malleability of the CBC

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On the Security of the EMV Secure Messaging API (Extended Abstract)

We present new attacks against the EMV financial transaction security system (known in Europe as “Chip and PIN”), specifically on the back-end API support for sending secure messages to EMV smartcards. We examine how secure messaging is implemented in two major Hardware Security Modules (HSMs). We show how to inject chosen plaintext into encrypted traffic between HSM and smartcard. In the case ...

متن کامل

Extending EMV to support Murabaha transactions

Conventional credit card transactions are not consistent with Islamic principles, as exemplified by the Islamic banking system and the ‘Murabaha sale’. On the other hand, EMV-compliant IC (Integrated Circuit) cards have been developed to secure traditional Point of Sale (POS) transactions. Thus, if Islamic principles are to be applied to card payments, a new and secure card payment process is r...

متن کامل

Security of Electronic Payment Systems: A Comprehensive Survey

This comprehensive survey deliberated over the security of electronic payment systems. In our research, we focused on either dominant systems or new attempts and innovations to improve the level of security of the electronic payment systems. This survey consists of the Card-present (CP) transactions and a review of its dominant system i.e. EMV including several researches at Cambridge universit...

متن کامل

Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing

Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...

متن کامل

Computationally secure multiple secret sharing: models, schemes, and formal security analysis

A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010