Abstract / Description of output
This paper surveys existing and new security issues affecting the EMV electronic payments protocol. We first introduce a new price/effort point for the cost of deploying eavesdropping and relay attacks -- a microcontroller-based interceptor costing less than 100. We look next at EMV protocol failures in the back-end security API, where we describe two new attacks based on chosen-plaintext CBC weaknesses, and on key separation failues. We then consider future modes of attack, specifically looking at combining the phenomenon of phishing (sending unsolicited messages by email, post or phone to trick users into divulging their account details) with chip card sabotage. Our proposed attacks exploit covert channels through the payments network to allow sabotaged cards to signal back their PINS. We hope these new recipes will enliven the debate about the pros and cons of Chip and PIN at both technical and commercial levels.
Original language | English |
---|---|
Title of host publication | Security Protocols |
Subtitle of host publication | 14th International Workshop, Cambridge, UK, March 27-29, 2006, Revised Selected Papers |
Editors | Bruce Christianson, Bruno Crispo, James A. Malcolm, Michael Roe |
Place of Publication | Berlin, Heidelberg |
Publisher | Springer |
Pages | 40-48 |
Number of pages | 9 |
ISBN (Electronic) | 978-3-642-04904-0 |
ISBN (Print) | 978-3-642-04903-3 |
DOIs | |
Publication status | Published - 6 Oct 2009 |
Event | 14th International Workshop on Security Protocols 2006 - Cambridge, United Kingdom Duration: 27 Mar 2006 → 29 Mar 2006 Conference number: 14 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer, Berlin, Heidelberg |
Volume | 5087 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Workshop
Workshop | 14th International Workshop on Security Protocols 2006 |
---|---|
Abbreviated title | SPW 2006 |
Country/Territory | United Kingdom |
City | Cambridge |
Period | 27/03/06 → 29/03/06 |