UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Be prepared: The EMV pre-play attack

Bond, M; Choudary, O; Murdoch, SJ; Skorobogatov, S; Anderson, R; (2015) Be prepared: The EMV pre-play attack. IEEE Security & Privacy Green open access

[img] PDF
SP_SPSI-2014-08-0143.R1_Murdoch.pdf
Available under License : See the attached licence file.

Download (1MB)

Abstract

EMV, also known as “Chip and PIN”, is the leading system for smartcard-based payments worldwide; it is widely deployed in Europe and is starting to be introduced in the USA too. It replaces the familiar mag-strip cards with chip cards. A cryptographic protocol is executed between a chip card and bank servers based on a message authentication code (MAC) over transaction data, including a nonce called the unpredictable number. We discovered two protocol flaws: first, the lack of a terminal ID to identify involved parties, and second that the nonce is not generated by the relying party. Together, these make EMV vulnerable to the pre-play attack: pre-recorded transaction data from a target card can be replayed at a future location. This powerful attack can be exploited due to weak random number generators, by a man-in-the-middle between the terminal and the acquirer, or by malware in an ATM or POS terminal. Our investigation started when we discovered that EMV implementers often used counters, timestamps or home-grown algorithms to supply the nonce. We describe the survey methodology we developed to chart the scope of this weakness, evidence from ATM and terminal experiments in the field, and our proof-of-concept attack implementation. Finally, we explore why these flaws evaded detection until now.

Type: Article
Title: Be prepared: The EMV pre-play attack
Open access status: An open access version is available from UCL Discovery
Publisher version: http://www.computer.org/portal/web/computingnow/se...
Language: English
Additional information: © 2012 IEEE. Personal use of this material (accepted version) is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
UCL classification: UCL > School of BEAMS
UCL > School of BEAMS > Faculty of Engineering Science
URI: http://discovery.ucl.ac.uk/id/eprint/1452720
Downloads since deposit
712Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item