Abstract
This paper looks at relay attacks against contactless payment cards, which could be used to wirelessly pickpocket money from victims. We discuss the two leading contactless EMV payment protocols (Visa’s payWave and MasterCard’s PayPass). Stopping a relay attack against cards using these protocols is hard: either the overhead of the communication is low compared to the (cryptographic) computation by the card or the messages can be cached before they are requested by the terminal. We propose a solution that fits within the EMV Contactless specification to make a payment protocol that is resistant to relay attacks from commercial off-the-shelf devices, such as mobile phones. This solution does not require significant changes to the cards and can easily be added to existing terminals. To prove that our protocol really does stop relay attacks, we develop a new method of automatically checking defences against relay attacks using the applied pi-calculus and the tool ProVerif.
Cite
CITATION STYLE
Chothia, T., Garcia, F. D., De Ruiter, J., Van Den Breekel, J., & Thompson, M. (2015). Relay cost bounding for contactless EMV payments. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8975, pp. 189–206). Springer Verlag. https://doi.org/10.1007/978-3-662-47854-7_11
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
