Chip and Skim: cloning EMV cards with the pre-play attack

EMV, also known as "Chip and PIN", is the leading system for card payments worldwide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. We have discovered that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this number. This exposes them to a "pre-play" attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically (in the sense of extracting the key material and loading it into another card). Card cloning is the very type of fraud that EMV was supposed to prevent. We describe how we detected the vulnerability, a survey methodology we developed to chart the scope of the weakness, evidence from ATM and terminal experiments in the field, and our implementation of proof-of-concept attacks. We found flaws in widely-used ATMs from the largest manufacturers. We can now explain at least some of the increasing number of frauds in which victims are refused refunds by banks which claim that EMV cards cannot be cloned and that a customer involved in a dispute must therefore be mistaken or complicit. Pre-play attacks may also be carried out by malware in an ATM or POS terminal, or by a man-in-the-middle between the terminal and the acquirer. We explore the design and implementation mistakes that enabled the flaw to evade detection until now: shortcomings of the EMV specification, of the EMV kernel certification process, of implementation testing, formal analysis, or monitoring customer complaints. Finally we discuss countermeasures

Designing and proving an EMV-compliant payment protocol for mobile devices

International audienceWe devise a payment protocol that can be securely used on mobile devices, even infected by malicious applications. Our protocol only requires a light use of Secure Elements, which significantly simplify certification procedures and protocol maintenance. It is also fully compatible with the EMV SDA protocol and allows off-line payments for the users. We provide a formal model and full security proofs of our protocol using the TAMARIN prover

Host card emulation with tokenisation: Security risk assessments

Host Card Emulation (HCE) é uma arquitetura que possibilita a representação virtual (emulação) de cartões contactless, permitindo a realização de transações através dispositivos móveis com capacidade de realizar comunicações via Near-Field Communication (NFC), sem a necessidade de utilização de um microprocessador chip, Secure Element (SE), utilizado em pagamentos NFC anteriores ao HCE. No HCE, a emulação do cartão é efetuada essencialmente através de software, geralmente em aplicações do tipo wallet. No modelo de HCE com Tokenização (HCEt), que ´e o modelo HCE específico analisado nesta dissertação, a aplicação armazena tokens de pagamento, que são chaves criptográficas derivadas das chaves do cartão original, críticas, por permitirem a execução de transações, ainda que, com limitações na sua utilização. No entanto, com a migração de um ambiente resistente a violações (SE) para um ambiente não controlado (uma aplicação num dispositivo móvel), há vários riscos que devem ser avaliados adequadamente para que seja possível materializar uma implementação baseada no risco. O presente estudo descreve o modelo de HCE com Tokenização (HCEt) e identifica e avalia os seus riscos, analisando o modelo do ponto de vista de uma aplicação wallet num dispositivo móvel, que armazena tokens de pagamento para poder realizar transações contactless

Modelización del protocolo Tor y extracción de características de servicios ocultos

Tor (The Onion Router) garantiza el anonimato y la privacidad de sus usuarios durante la navegación por Internet, mediante el establecimiento de circuitos virtuales entre los diferentes nodos integrantes de la red Tor. Además, Tor permite que los usuarios publiquen páginas web que son únicamente alcanzables a través de la propia red Tor,quedando entonces no accesibles desde la red de Internet convencional. Estos sitios se conocen como servicios ocultos de la red Tor, o sitios de la dark web. Su peculiaridad radica en que no funcionan a través de un sistema de resolución de nombres clásico como los servicios de Internet (a través de DNS), por lo que la dirección IP del servidor que los aloja es desconocida. El trabajo realizado en este proyecto se dividen en dos partes. En primer lugar, se ha realizado la modelización y formalización del funcionamiento de la red Tor, así como los protocolos que utiliza (o protocolo Tor, por simplificar). Mediante diagramas de secuencia y actividad UML, se describen qué participantes existen en la red Tor, cómo es la comunicación y cómo es el comportamiento de cada uno de los participantes. Estos modelos servirán para entender desde un punto de vista más abstracto el funcionamiento del protocolo y además ayudarán a una futura verificación formal del protocolo de la red Tor. La segunda parte trata sobre la extracción de características de los servicios ocultos. Para ello se ha desarrollado una herramienta para la obtención de direcciones de servicios ocultos y la extracción de información de los mismos a través de estas direcciones. Esta herramienta pretende ser de utilidad para las Fuerzas y Cuerpos de Seguridad del Estado. La información recopilada de estos servicios ocultos se ha estudiado con el objetivo de encontrar características que lleven a la desanonimización del servicio oculto (es decir, que ayuden a localizar la dirección IP). Para ello, se han utilizado concretamente los metadatos suministrados por las cabeceras HTTP y los certificados digitales obtenidos a través del establecimiento de una conexión HTTPS. Estos metadatos se han contrastado con un motor de búsqueda de servicios en Internet, que contiene información de cualquier dirección IPv4 alcanzable en Internet. Los resultados obtenidos muestran que en un número importante de casos se han acotado los dispositivos que pueden estar relacionados con cada servicio oculto, llegando incluso a su desanonimización directa. Sobre la categorización de servicios ocultos, se han encontrado algunos relacionados con actividades ilegítimas

Payment Terminal Emulator

Atualmente, os pagamentos em dinheiro estão a tornar-se menos populares. No entanto, poucas pessoas conhecem a complexidade que se encontra por detrás da inserção do cartão no terminal PoS (ponto de venda), introdução do PIN e recolha do recibo). Esse processo de pagamento é implementado pelas empresas FinTech, que fornecem aos bancos e comerciantes terminais PoS prontos para uso. A fase mais cara e demorada da integração da solução de pagamento é a certificação do software do terminal. Neste trabalho, consideramos o protocolo de comunicação entre um cartão inteligente e um terminal PoS baseado nas especificações internacional EMV (Europay Mastercard Visa), juntamente com suas vulnerabilidades conhecidas. Para melhorar o processo de certificação numa empresa FinTech em Portugal, um software independente foi sugerido para emulação do fluxo de pagamento de EMV completo. Neste trabalho, apresentamos os detalhes sobre a implementação da aplicação 3C Emulator.Nowadays, cash payments are becoming less popular and few understand, what a complicated process stands behind the habitual inserting the card into PoS (Point-of-Sale) terminal. This payment process are implemented by FinTech companies, that provide banks and merchants with ready-to-use PoS terminals. And the most expensive and time-consuming phase of payment solution integration is is the certification of terminal software. In this work we consider communication protocol between a smart card and a PoS terminal based on EMV (Europay Mastercard Visa) international standard, together with its known vulnerabilities. In order to improve the certification process in one Portuguese FinTech company, standalone software for emulation of full EMV transaction workflow is suggested. We present details about implementation of 3C Emulator application

Security Enhanced EMV-Based Mobile Payment Protocol

Near field communication has enabled customers to put their credit cards into a smartphone and use the phone for credit card transaction. But EMV contactless payment allows unauthorized readers to access credit cards. Besides, in offline transaction, a merchant’s reader cannot verify whether a card has been revoked. Therefore, we propose an EMV-compatible payment protocol to mitigate the transaction risk. And our modifications to the EMV standard are transparent to merchants and users. We also encrypt the communications between a card and a reader to prevent eavesdropping on sensitive data. The protocol is able to resist impersonation attacks and to avoid the security threats in EMV. In offline transactions, our scheme requires a user to apply for a temporary offline certificate in advance. With the certificate, banks no longer need to lower customer’s credits for risk control, and users can have online-equivalent credits in offline transactions

Investigating EMV chip and pin card security

Following the COVID-19 outbreak in 2019, there was a global shift towards card payments over traditional cash transactions, preferring chip and pin cards. Within the context of this study, these are called EMV cards. In the financial industry, the EMV protocol is a global standard for credit and debit card transactions using chip enabled smart cards. EMV stands for Europay, MasterCard, and Visa, the three companies that initially developed the standard. As the adoption of these cards rose, so did the incidents of hacking and exploitation attempts. Motivated by these challenges, the author chose to investigate the security aspects of the EMV protocol. Throughout the investigation, the author successfully executed a MITM attack on three bank cards, effectively intercepting the communications between the cards and the terminal. By carefully analyzing these intercepted packets, the author was able to extract crucial card details, including the card number, expiry date, card type, transaction amount, and currency. The author also managed to obtain the PIN code for two of the cards successfully This report aims to achieve a deeper understanding of the EMV protocol's functioning and identify the specific protocol features employed in Chip-and-PIN cards. Additionally, the study seeks to identify any potential security vulnerabilities in the transaction process. The findings and insights gained from this study are expected to contribute valuable knowledge to enhance the overall security of card payment systems in today's interconnected financial landscape

Mechanised Models and Proofs for Distance-Bounding

In relay attacks, a man-in-the-middle adversary impersonates a legitimate party and makes it this party appear to be of an authenticator, when in fact they are not. In order to counteract relay attacks, distance-bounding protocols provide a means for a verifier (e.g., an payment terminal) to estimate his relative distance to a prover (e.g., a bankcard). We propose FlexiDB, a new cryptographic model for distance bounding, parameterised by different types of fine-grained corruptions. FlexiDB allows to consider classical cases but also new, generalised corruption settings. In these settings, we exhibit new attack strategies on existing protocols. Finally, we propose a proof-of-concept mechanisation of FlexiDB in the interactive cryptographic prover EasyCrypt. We use this to exhibit a flavour of man-in-the-middle security on a variant of MasterCard\u27s contactless-payment protocol