×

Secure contactless payment. (English) Zbl 1444.94077

Susilo, Willy (ed.) et al., Information security and privacy. 23rd Australasian conference, ACISP 2018, Wollongong, NSW, Australia, July 11–13, 2018. Proceedings. Cham: Springer. Lect. Notes Comput. Sci. 10946, 579-597 (2018).
Summary: A contactless payment lets a card holder execute payment without any interaction (e.g., entering PIN or signing) between the terminal and the card holder. Even though the security is the first priority in a payment system, the formal security model of contactless payment does not exist. Therefore, in this paper, we design an adversarial model and define formally the contactless-payment security against malicious cards and malicious terminals including relay attacks. Accordingly, we design a contactless-payment protocol and show its security in our security model. At the end, we analyze EMV-contactless which is a commonly used specification by most of the mobile contactless-payment systems and credit cards in Europe. We find that it is not secure against malicious cards. We also prove its security against malicious terminals in our model. This type of cryptographic proof has not been done before for the EMV specification.
For the entire collection see [Zbl 1392.94009].

MSC:

94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing
PDFBibTeX XMLCite
Full Text: DOI Link