Improving Test Conformance of Smart Cards versus EMV-Specification by Using on the Fly Temporal Property Verification

Abstract

Electronic payment transactions using smart card are based on the Europay Mastercard Visa (EMV) specifications. This standard appeared in 1995 in order to ensure security and global interoperability between EMV-compliant smart cards and EMV-compliant payment terminals throughout the world. Another purpose of EMV specifications is to permit a secure control of offline credit card transaction approvals. This paper will expose a way to improve verification and validation of the payment application stored in the chip of the smart card based on temporal property verification. In fact, each issuer (e.g., MasterCard) defines its own EMV-compliant specification, allowing different implementation cases and possible errors and we discuss about a method to detect anomalies to avoid smart card vulnerabilities. The properties will be designed in conformance with EMV-specification but our goal is not to formally prove them. We consider implementations through a black-box testing approach, therefore we cannot prove the properties as we don't have access to the source code. However, we can observe the command/response exchanges and detect, on the fly, when an expected property is violated. © Springer-Verlag Berlin Heidelberg 2014.