Toggle Main Menu Toggle Search

Open Access padlockePrints

POS Terminal Authentication Protocol to Protect EMV Contactless Payment Cards

Lookup NU author(s): Dr Martin Emms, Dr Leonardus Arief, Joe Hannon, Professor Aad van Moorsel

Downloads


Abstract

The original EMV protocol was designed to operate in a situation where the card holder removes their card from their wallet and insert the card into a Point of Sale (POS) terminal. The protocol operates predominantly in plaintext which was not a problem because the attackers needed to tamper with the POS to gain access to the information on the card.The introduction of contactless EMV cards exposes the mainly plaintext EMV protocol to a wireless interface. This allows attackers to use an off-the-shelf NFC reader to access the card without the cardholders knowledge and potentially whilst the card is still in their wallet. Research has demonstrated that contactless EMV cards are vulnerable to various attacks carried out using off-the-shelf equipment which is both cheap and easy to obtain.The proposed solution addresses these issues by having the card request that any NFC reader, attempting to initiate communication, must authenticate itself as a genuine bank issued POS. The POS does this using a Bank issued private key to sign a nonce provided by the card.


Publication metadata

Author(s): Emms M, Arief B, Hannon J, van Moorsel A

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2013

Pages: 8

Print publication date: 13/05/2013

Source Publication Date: May 2013

Report Number: 1386

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne

URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1386.pdf


Share