Practical EMV relay protection

Andreea Ina Radu, Tom Chothia, Christopher J.P. Newton, Ioana Boureanu, Liqun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

213 Downloads (Pure)

Abstract

Relay attackers can forward messages between a contactless EMV bank card and a shop reader, making it possible to wirelessly pickpocket money. To protect against this, Apple Pay requires a user's fingerprint or Face ID to authorise payments, while Mastercard and Visa have proposed protocols to stop such relay attacks. We investigate transport payment modes and find that we can build on relaying to bypass the Apple Pay lock screen, and illicitly pay from a locked iPhone to any EMV reader, for any amount, without user authorisation. We show that Visa's proposed relay-countermeasure can be bypassed using rooted smart phones. We analyse Mastercard's relay protection, and show that its timing bounds could be more reliably imposed at the ISO 14443 protocol level, rather than at the EMV protocol level. With these insights, we propose a new relay-resistance protocol (L1RP) for EMV. We use the Tamarin prover to model mobile-phone payments with and without user authentication, and in different payment modes. We formally verify solutions to our attack suggested by Apple and Visa, and used by Samsung, and we verify that our proposed protocol provides protection from relay attacks.

Original languageEnglish
Title of host publicationProceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages1737-1756
Number of pages20
ISBN (Electronic)9781665413169
ISBN (Print)9781665413176 (PoD)
DOIs
Publication statusPublished - 27 Jul 2022
Event43rd IEEE Symposium on Security and Privacy, SP 2022 - San Francisco, United States
Duration: 23 May 202226 May 2022

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
PublisherIEEE
ISSN (Print)1081-6011
ISSN (Electronic)2375-1207

Conference

Conference43rd IEEE Symposium on Security and Privacy, SP 2022
Country/TerritoryUnited States
CitySan Francisco
Period23/05/2226/05/22

Bibliographical note

Funding Information:
This work is part of the "TimeTrust" project, funded the UK s National Cyber Security Centre (NCSC). We thank Mastercard UK and Visa Research for providing useful insights and feedback.

Publisher Copyright:
© 2022 IEEE.

Keywords

  • Privacy
  • Protocols
  • Protective relaying
  • Authentication
  • Credit cards
  • Timing
  • Security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Practical EMV relay protection'. Together they form a unique fingerprint.

Cite this