Bond, M;
Choudary, O;
Murdoch, SJ;
Skorobogatov, S;
Anderson, R;
(2014)
Chip and Skim: cloning EMV cards with the pre-play attack.
In:
Proceedings of the 35th IEEE Symposium on Security and Privacy 2014.
(pp. pp. 49-64).
IEEE: San Jose, CA, USA.
Preview |
Text
oakland14chipandskim.pdf - Accepted Version Download (3MB) | Preview |
Abstract
EMV, also known as "Chip and PIN", is the leading system for card payments worldwide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. We have discovered two serious problems: a widespread implementation flaw and a deeper, more difficult to fix flaw with the EMV protocol itself. The first flaw is that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this nonce. This exposes them to a "pre-play" attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically. Card cloning is the very type of fraud that EMV was supposed to prevent. We describe how we detected the vulnerability, a survey methodology we developed to chart the scope of the weakness, evidence from ATM and terminal experiments in the field, and our implementation of proof-of-concept attacks. We found flaws in widely-used ATMs from the largest manufacturers. We can now explain at least some of the increasing number of frauds in which victims are refused refunds by banks which claim that EMV cards cannot be cloned and that a customer involved in a dispute must therefore be mistaken or complicit. The second problem was exposed by the above work. Independent of the random number quality, there is a protocol failure: the actual random number generated by the terminal can simply be replaced by one the attacker used earlier when capturing an authentication code from the card. This variant of the pre-play attack may be carried out by malware in an ATM or POS terminal, or by a man-in-the-middle between the terminal and the acquirer. We explore the design and..
| Type: | Proceedings paper |
|---|---|
| Title: | Chip and Skim: cloning EMV cards with the pre-play attack |
| Event: | 35th IEEE Symposium on Security and Privacy (SP) |
| Location: | San Jose, CA |
| Dates: | 18 May 2014 - 21 May 2014 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1109/SP.2014.11 |
| Publisher version: | https://doi.org/10.1109/SP.2014.11 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Science & Technology, Technology, Computer Science, Information Systems, Computer Science, Theory & Methods, Computer Science |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10074688 |
Archive Staff Only
 |
View Item |
