Security Analysis of EMV Channel Establishment Protocol in An Enhanced Security Model

The EMV chip-and-pin system is one of the most widely used cryptographic system in securing credit card and ATM transactions. As suggested by the EMV consortium, the existing RSA-based EMV system will be upgraded to Elliptic Curve Cryptography ECC based system. In CCS 2013, Brzuska et al. made the first step to analyze the security of the ECC-based EMV channel establishment protocol in a channel establishment security model, and showed that a slightly modified version of the protocol meets the intended security goals. In this paper, we continue this strand of research by analyzing the security of the ECC-based EMV protocol in a strong channel establishment security model which allows the adversary to get ephemeral private keys of the involved parties. We find that the original protocol is not secure in our security model because the adversary can impersonate a Card entity. Then we slightly modify the protocol almost with no addition of computation cost and show that the resulting protocol is secure in our security model under standard cryptographic assumptions.

[1]  Tibor Jager,et al.  On the Security of TLS-DHE in the Standard Model , 2012, CRYPTO.

[2]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[3]  Jörg Schwenk,et al.  On the Security of TLS-DH and TLS-RSA in the Standard Model , 2013, IACR Cryptol. ePrint Arch..

[4]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[5]  Uta Wille,et al.  Risks and Potentials of Using EMV for Internet Payments , 1999, Smartcard.

[6]  Douglas Stebila,et al.  On the security of TLS renegotiation , 2013, IACR Cryptol. ePrint Arch..

[7]  Pavol Zavarsky,et al.  The implementation of a full EMV smartcard for a point-of-sale transaction , 2012, World Congress on Internet Security (WorldCIS-2012).

[8]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[9]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[10]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[11]  Kenneth G. Paterson,et al.  On the Security of the TLS Protocol: A Systematic Analysis , 2013, IACR Cryptol. ePrint Arch..

[12]  Atsushi Fujioka,et al.  Strongly Secure Authenticated Key Exchange from Factoring, Codes, and Lattices , 2012, Public Key Cryptography.

[13]  Zheng Yang,et al.  Efficient eCK-secure Authenticated Key Exchange Protocols in the Standard Model , 2013, IACR Cryptol. ePrint Arch..

[14]  Steven J. Murdoch,et al.  Optimised to Fail: Card Readers for Online Banking , 2009, Financial Cryptography.

[15]  Mike Bond,et al.  2010 IEEE Symposium on Security and Privacy Chip and PIN is Broken , 2022 .

[16]  Kenneth G. Paterson,et al.  On the Joint Security of Encryption and Signature in EMV , 2012, CT-RSA.

[17]  Zheng Yang,et al.  On the Security of the Pre-shared Key Ciphersuites of TLS , 2014, Public Key Cryptography.

[18]  Pavol Zavarsky,et al.  The Implementation of a Full EMV Smartcard for a Point-of-Sale Transaction and Its Impact on the PCI DSS , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[19]  Jean-Sébastien Coron,et al.  Fault Attacks Against emv Signatures , 2010, CT-RSA.

[20]  Hai Huang Strongly Secure One Round Authenticated Key Exchange Protocol with Perfect Forward Security , 2011, ProvSec.

[21]  Mike Bond,et al.  Might Financial Cryptography Kill Financial Innovation? - The Curious Case of EMV , 2011, Financial Cryptography.

[22]  Atsushi Fujioka,et al.  Designing Efficient Authenticated Key Exchange Resilient to Leakage of Ephemeral Secret Keys , 2011, CT-RSA.

[23]  Gaven J. Watson,et al.  An analysis of the EMV channel establishment protocol , 2013, IACR Cryptol. ePrint Arch..

[24]  Jean-Sébastien Coron,et al.  Practical Cryptanalysis of iso/iec 9796-2 and emv Signatures , 2009, CRYPTO.