The SmartLogic Tool: Analysing and Testing Smart Card Protocols

This paper introduces the Smart Logic, which is a flexible smart card research tool that gives complete control over the smart card communication channel for eavesdropping, man-in-the-middle attacks, relaying and card emulation. The hardware is available off-the-shelf at a price of about 100 euros. Furthermore, the necessary firm- and software is open source. The Smart Logic provides essential functionality for smart card protocol research and testing. This is demonstrated by reproducing two attack scenarios. The first attack is on an implementation of the EMV payment protocol where a payment terminal is forced to do a rollback to plaintext PIN instead of using encrypted PIN. The second attack is a relay of a smart card payment over a 20 km distance. We also show that this distance can be increased to at least 10.000 km.

[1]  Omar Choudary The smart card detective: a hand-held EMV interceptor , 2012 .

[2]  Frits W. Vaandrager,et al.  Inference and Abstraction of the Biometric Passport , 2010, ISoLA.

[3]  Joeri de Ruiter,et al.  Formal Models of Bank Cards for Free , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[4]  Wolfgang Rankl,et al.  Smart Card Handbook , 1997 .

[5]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[6]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).