Skip to main content

POS Terminal Authentication Protocol to Protect EMV Contactless Payment Cards

Emms, Martin and Arief, Budi and Hannon, Joseph and van Moorsel, Aad (2013) POS Terminal Authentication Protocol to Protect EMV Contactless Payment Cards. Technical report. CS-TR-1386

PDF - Author's Accepted Manuscript
Download (336kB) Preview
[img]
Preview

Abstract

The original EMV protocol was designed to operate in a situation where the card holder removes their card from their wallet and insert the card into a Point of Sale (POS) terminal. The protocol operates predominantly in plaintext which was not a problem because the attackers needed to tamper with the POS to gain access to the information on the card. The introduction of contactless EMV cards exposes the mainly plaintext EMV protocol to a wireless interface. This allows attackers to use an off-the-shelf NFC reader to access the card without the cardholders knowledge and potentially whilst the card is still in their wallet. Research has demonstrated that contactless EMV cards are vulnerable to various attacks carried out using off-the- shelf equipment which is both cheap and easy to obtain. The proposed solution addresses these issues by having the card request that any NFC reader, attempting to initiate communication, must authenticate itself as a genuine bank issued POS. The POS does this using a Bank issued private key to sign a nonce provided by the card.

Item Type: Monograph (Technical report)
Uncontrolled keywords: Contactless card payment, Elliptic Curve Cryptography, Point of Sale Authentication, EMV, Payment Protocol
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Faculties > Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 17 Nov 2016 09:57 UTC
Last Modified: 01 Aug 2019 10:41 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/58709 (The current URI for this page, for reference purposes)
Arief, Budi: https://orcid.org/0000-0002-1830-1587
  • Depositors only (login required):

Downloads

Downloads per month over past year