Abstract
The protocol by which “contactless” (NFC) credit cards operate is insecure. Previous work has done much to protect this protocol from malicious third parties, e.g. eavesdroppers, credit card skimmers, etc. However, most of these defenses rely on the retailers being honest, and on their Points of Sale following the credit card protocol faithfully. In this paper, we extend the threat model to include malicious retailers, and remove any restrictions on the operation of their Points of Sale. In particular, we identify two classes of attacks which may be executed by a malicious retailer: Over-charge attacks exploiting victim customers, and Transparent Bridge attacks exploiting victim retailers. We then extend the protocol from previous work in order to defend against these attacks, protecting cardholders and honest retailers from malicious retailers.
Cite
CITATION STYLE
Jensen, O., O’Meara, T., & Gouda, M. (2016). Securing NFC credit card payments against malicious retailers. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9944 LNCS, pp. 214–228). Springer Verlag. https://doi.org/10.1007/978-3-319-46140-3_18
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
