Phish and Chips

Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Steven Murdoch, Ross Anderson, Ron Rivest

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

This paper surveys existing and new security issues affecting the EMV electronic payments protocol. We first introduce a new price/effort point for the cost of deploying eavesdropping and relay attacks -- a microcontroller-based interceptor costing less than 100. We look next at EMV protocol failures in the back-end security API, where we describe two new attacks based on chosen-plaintext CBC weaknesses, and on key separation failues. We then consider future modes of attack, specifically looking at combining the phenomenon of phishing (sending unsolicited messages by email, post or phone to trick users into divulging their account details) with chip card sabotage. Our proposed attacks exploit covert channels through the payments network to allow sabotaged cards to signal back their PINS. We hope these new recipes will enliven the debate about the pros and cons of Chip and PIN at both technical and commercial levels.
Original languageEnglish
Title of host publicationSecurity Protocols
Subtitle of host publication14th International Workshop, Cambridge, UK, March 27-29, 2006, Revised Selected Papers
EditorsBruce Christianson, Bruno Crispo, James A. Malcolm, Michael Roe
Place of PublicationBerlin, Heidelberg
PublisherSpringer
Pages40-48
Number of pages9
ISBN (Electronic)978-3-642-04904-0
ISBN (Print)978-3-642-04903-3
DOIs
Publication statusPublished - 6 Oct 2009
Event14th International Workshop on Security Protocols 2006 - Cambridge, United Kingdom
Duration: 27 Mar 200629 Mar 2006
Conference number: 14

Publication series

NameLecture Notes in Computer Science
PublisherSpringer, Berlin, Heidelberg
Volume5087
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Workshop

Workshop14th International Workshop on Security Protocols 2006
Abbreviated titleSPW 2006
Country/TerritoryUnited Kingdom
CityCambridge
Period27/03/0629/03/06

Fingerprint

Dive into the research topics of 'Phish and Chips'. Together they form a unique fingerprint.

Cite this