Relay Cost Bounding for Contactless EMV Payments

Tom Chothia, Flavio Garcia, Joeri De Ruiter, Jordi van den Breekel, Matthew Thompson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Citations (Scopus)

Abstract

This paper looks at relay attacks against contactless payment cards, which could be used to wirelessly pickpocket money from victims. We discuss the two leading contactless EMV payment protocols (Visa’s payWave and MasterCard’s PayPass). Stopping a relay attack against cards using these protocols is hard: either the overhead of the communication is low compared to the (cryptographic) computation by the card or the messages can be cached before they are requested by the terminal. We propose a solution that fits within the EMV Contactless specification to make a payment protocol that is resistant to relay attacks from commercial off-the-shelf devices, such as mobile phones. This solution does not require significant changes to the cards and can easily be added to existing terminals. To prove that our protocol really does stop relay attacks, we develop a new method of automatically checking defences against relay attacks using the applied pi-calculus and the tool ProVerif.
Original languageEnglish
Title of host publicationFinancial Cryptography and Data Security
Subtitle of host publication19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers
EditorsRainer Böhme , Tatsuaki Okamoto
PublisherSpringer
Pages189-206
Volume8975 LNCS
ISBN (Electronic)9783662478547
ISBN (Print)9783662478530
DOIs
Publication statusPublished - 16 Jul 2015
Event19th International Conference on Financial Cryptography and Data Security 2015 - Puerto Rico, San Juan, Puerto Rico
Duration: 26 Jan 201530 Aug 2015

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin Heidelberg
Volume8975
ISSN (Print)0302-9743

Conference

Conference19th International Conference on Financial Cryptography and Data Security 2015
Country/TerritoryPuerto Rico
CitySan Juan
Period26/01/1530/08/15

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Relay Cost Bounding for Contactless EMV Payments'. Together they form a unique fingerprint.

Cite this