Towards more secure EMV purchase transactions: A new security protocol formally analyzed by the Scyther tool

ORCID Identifiers

0000-0001-7742-7748

Document Type

Article

Source of Publication

Annales des Telecommunications/Annals of Telecommunications

Publication Date

1-1-2020

Abstract

© 2020, Institut Mines-Télécom and Springer Nature Switzerland AG. EMV is the protocol implemented to secure the communication, between a client’s payment device and a merchant’s payment device, during a contact or an NFC purchase transaction. It represents a set of security messages and rules, exchanged between the different transaction actors, guaranteeing several important security properties, such as authentication, non-repudiation and integrity. Indeed, researchers, in various studies, have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are firstly interested in presenting a general overview of the EMV protocol and secondly, in proposing a new security solution that enhances the EMV protocol by solving the two dangerous EMV vulnerabilities. We verify the accuracy of our solution by using the Scyther security verification tool.

ISSN

0003-4347

Publisher

Springer

Last Page

20

Disciplines

Computer Sciences

Keywords

Authentication, Bank, Card, Confidentiality, EMV, NFC, Security, Vulnerabilities

Scopus ID

85088092915

Indexed in Scopus

yes

Open Access

no

Link to Full Text

Share

COinS