Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers

Tom Chothia; Ioana Boureanu; Liqun Chen

doi:10.1007/978-3-030-32101-7_14

Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers

Tom Chothia, Ioana Boureanu^*, Liqun Chen

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

It is possible to relay signals between a contactless EMV card and a shop’s EMV reader and so make a fraudulent payment without the card-owner’s knowledge. Existing countermeasures rely on proximity checking: the reader will measure round trip times in message-exchanges, and will reject replies that take longer than expected (which suggests they have been relayed). However, it is the reader that would receive the illicit payment from any relayed transaction, so a rogue reader has little incentive to enforce the required checks. Furthermore, cases of malware targeting point-of-sales systems are common. We propose three novel proximity-checking protocols that use a trusted platform module (TPM) to ensure that the reader performs the time-measurements correctly. After running one of our proposed protocols, the bank can be sure that the card and reader were in close proximity, even if the reader tries to subvert the protocol. Our first protocol makes changes to the cards and readers, our second modifies the readers and the banking backend, and our third allows the detection of relay attacks, after they have happened, with only changes to the readers.

Original language	English
Title of host publication	Financial Cryptography and Data Security
Subtitle of host publication	23rd International Conference, FC 2019, Revised Selected Papers
Editors	Ian Goldberg, Tyler Moore
Publisher	Springer
Pages	222-233
Number of pages	12
ISBN (Electronic)	9783030321017
ISBN (Print)	9783030321000
DOIs	https://doi.org/10.1007/978-3-030-32101-7_14
Publication status	Published - 30 Sept 2019
Event	23rd International Conference on Financial Cryptography and Data Security, FC 2019 - St. Kitts, Saint Kitts and Nevis Duration: 18 Feb 2019 → 22 Feb 2019

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	11598
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	23rd International Conference on Financial Cryptography and Data Security, FC 2019
Country/Territory	Saint Kitts and Nevis
City	St. Kitts
Period	18/02/19 → 22/02/19

Bibliographical note

Funding Information:
Acknowledgments. The authors acknowledge the support of the NCSC-funded “TimeTrust” project. The authors also thank all anonymous reviewers, as well as Urs Hengartner for helpful comments. Also, Ioana Boureanu thanks Anda Anda for interesting discussions on this topic.

Publisher Copyright:
© 2019, International Financial Cryptography Association.

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-32101-7_14Licence: None: All rights reserved

Cite this

Chothia, T., Boureanu, I., & Chen, L. (2019). Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers. In I. Goldberg, & T. Moore (Eds.), Financial Cryptography and Data Security: 23rd International Conference, FC 2019, Revised Selected Papers (pp. 222-233). (Lecture Notes in Computer Science; Vol. 11598). Springer. https://doi.org/10.1007/978-3-030-32101-7_14

@inproceedings{153e4ad0b375424eb74b21845aaa108c,

title = "Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers",

abstract = "It is possible to relay signals between a contactless EMV card and a shop{\textquoteright}s EMV reader and so make a fraudulent payment without the card-owner{\textquoteright}s knowledge. Existing countermeasures rely on proximity checking: the reader will measure round trip times in message-exchanges, and will reject replies that take longer than expected (which suggests they have been relayed). However, it is the reader that would receive the illicit payment from any relayed transaction, so a rogue reader has little incentive to enforce the required checks. Furthermore, cases of malware targeting point-of-sales systems are common. We propose three novel proximity-checking protocols that use a trusted platform module (TPM) to ensure that the reader performs the time-measurements correctly. After running one of our proposed protocols, the bank can be sure that the card and reader were in close proximity, even if the reader tries to subvert the protocol. Our first protocol makes changes to the cards and readers, our second modifies the readers and the banking backend, and our third allows the detection of relay attacks, after they have happened, with only changes to the readers.",

author = "Tom Chothia and Ioana Boureanu and Liqun Chen",

note = "Funding Information: Acknowledgments. The authors acknowledge the support of the NCSC-funded “TimeTrust” project. The authors also thank all anonymous reviewers, as well as Urs Hengartner for helpful comments. Also, Ioana Boureanu thanks Anda Anda for interesting discussions on this topic. Publisher Copyright: {\textcopyright} 2019, International Financial Cryptography Association.; 23rd International Conference on Financial Cryptography and Data Security, FC 2019 ; Conference date: 18-02-2019 Through 22-02-2019",

year = "2019",

month = sep,

day = "30",

doi = "10.1007/978-3-030-32101-7_14",

language = "English",

isbn = "9783030321000",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "222--233",

editor = "Ian Goldberg and Tyler Moore",

booktitle = "Financial Cryptography and Data Security",

}

Chothia, T, Boureanu, I & Chen, L 2019, Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers. in I Goldberg & T Moore (eds), Financial Cryptography and Data Security: 23rd International Conference, FC 2019, Revised Selected Papers. Lecture Notes in Computer Science, vol. 11598, Springer, pp. 222-233, 23rd International Conference on Financial Cryptography and Data Security, FC 2019, St. Kitts, Saint Kitts and Nevis, 18/02/19. https://doi.org/10.1007/978-3-030-32101-7_14

Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers. / Chothia, Tom; Boureanu, Ioana; Chen, Liqun.
Financial Cryptography and Data Security: 23rd International Conference, FC 2019, Revised Selected Papers. ed. / Ian Goldberg; Tyler Moore. Springer, 2019. p. 222-233 (Lecture Notes in Computer Science; Vol. 11598).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Short Paper

T2 - 23rd International Conference on Financial Cryptography and Data Security, FC 2019

AU - Chothia, Tom

AU - Boureanu, Ioana

AU - Chen, Liqun

N1 - Funding Information: Acknowledgments. The authors acknowledge the support of the NCSC-funded “TimeTrust” project. The authors also thank all anonymous reviewers, as well as Urs Hengartner for helpful comments. Also, Ioana Boureanu thanks Anda Anda for interesting discussions on this topic. Publisher Copyright: © 2019, International Financial Cryptography Association.

PY - 2019/9/30

Y1 - 2019/9/30

N2 - It is possible to relay signals between a contactless EMV card and a shop’s EMV reader and so make a fraudulent payment without the card-owner’s knowledge. Existing countermeasures rely on proximity checking: the reader will measure round trip times in message-exchanges, and will reject replies that take longer than expected (which suggests they have been relayed). However, it is the reader that would receive the illicit payment from any relayed transaction, so a rogue reader has little incentive to enforce the required checks. Furthermore, cases of malware targeting point-of-sales systems are common. We propose three novel proximity-checking protocols that use a trusted platform module (TPM) to ensure that the reader performs the time-measurements correctly. After running one of our proposed protocols, the bank can be sure that the card and reader were in close proximity, even if the reader tries to subvert the protocol. Our first protocol makes changes to the cards and readers, our second modifies the readers and the banking backend, and our third allows the detection of relay attacks, after they have happened, with only changes to the readers.

AB - It is possible to relay signals between a contactless EMV card and a shop’s EMV reader and so make a fraudulent payment without the card-owner’s knowledge. Existing countermeasures rely on proximity checking: the reader will measure round trip times in message-exchanges, and will reject replies that take longer than expected (which suggests they have been relayed). However, it is the reader that would receive the illicit payment from any relayed transaction, so a rogue reader has little incentive to enforce the required checks. Furthermore, cases of malware targeting point-of-sales systems are common. We propose three novel proximity-checking protocols that use a trusted platform module (TPM) to ensure that the reader performs the time-measurements correctly. After running one of our proposed protocols, the bank can be sure that the card and reader were in close proximity, even if the reader tries to subvert the protocol. Our first protocol makes changes to the cards and readers, our second modifies the readers and the banking backend, and our third allows the detection of relay attacks, after they have happened, with only changes to the readers.

UR - http://www.scopus.com/inward/record.url?scp=85075583290&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-32101-7_14

DO - 10.1007/978-3-030-32101-7_14

M3 - Conference contribution

AN - SCOPUS:85075583290

SN - 9783030321000

T3 - Lecture Notes in Computer Science

SP - 222

EP - 233

BT - Financial Cryptography and Data Security

A2 - Goldberg, Ian

A2 - Moore, Tyler

PB - Springer

Y2 - 18 February 2019 through 22 February 2019

ER -

Short Paper: Making Contactless EMV Robust Against Rogue Readers Colluding with Relay Attackers

Abstract

Publication series

Conference

Bibliographical note

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this