Bond, M;
Choudary, O;
Murdoch, SJ;
Skorobogatov, S;
Anderson, R;
(2015)
Be prepared: The EMV pre-play attack.
IEEE Security & Privacy
![]() |
PDF
SP_SPSI-2014-08-0143.R1_Murdoch.pdf Available under License : See the attached licence file. Download (1MB) |
Abstract
EMV, also known as “Chip and PIN”, is the leading system for smartcard-based payments worldwide; it is widely deployed in Europe and is starting to be introduced in the USA too. It replaces the familiar mag-strip cards with chip cards. A cryptographic protocol is executed between a chip card and bank servers based on a message authentication code (MAC) over transaction data, including a nonce called the unpredictable number. We discovered two protocol flaws: first, the lack of a terminal ID to identify involved parties, and second that the nonce is not generated by the relying party. Together, these make EMV vulnerable to the pre-play attack: pre-recorded transaction data from a target card can be replayed at a future location. This powerful attack can be exploited due to weak random number generators, by a man-in-the-middle between the terminal and the acquirer, or by malware in an ATM or POS terminal. Our investigation started when we discovered that EMV implementers often used counters, timestamps or home-grown algorithms to supply the nonce. We describe the survey methodology we developed to chart the scope of this weakness, evidence from ATM and terminal experiments in the field, and our proof-of-concept attack implementation. Finally, we explore why these flaws evaded detection until now.
Type: | Article |
---|---|
Title: | Be prepared: The EMV pre-play attack |
Open access status: | An open access version is available from UCL Discovery |
Publisher version: | http://www.computer.org/portal/web/computingnow/se... |
Language: | English |
Additional information: | © 2012 IEEE. Personal use of this material (accepted version) is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/1452720 |
Archive Staff Only
![]() |
View Item |