000256168 001__ 256168
000256168 005__ 20190317001019.0
000256168 0247_ $$2doi$$a10.1007/978-3-319-93638-3_33
000256168 037__ $$aCONF
000256168 245__ $$aSecure Contactless Payment
000256168 260__ $$c2018-06-13
000256168 269__ $$a2018-06-13
000256168 336__ $$aConference Papers
000256168 520__ $$aA contactless payment lets a card holder execute payment without any interaction (e.g., entering PIN or signing) between the terminal and the card holder. Even though the security is the first priority in a payment system, the formal security model of contactless payment does not exist. Therefore, in this paper, we design an adversarial model and define formally the contactless-payment security against malicious cards and malicious terminals including relay attacks. Accordingly, we design a contactless-payment protocol and show its security in our security model. At the end, we analyze EMV-contactless which is a commonly used specification by most of the mobile contactless-payment systems and credit cards in Europe. We find that it is not secure against malicious cards. We also prove its security against malicious terminals in our model. This type of cryptographic proof has not been done before for the EMV specification.
000256168 6531_ $$aContactless payment
000256168 6531_ $$aEMV
000256168 6531_ $$aRelay attack
000256168 6531_ $$aDistance bounding
000256168 700__ $$0248945$$aKilinç, Handan
000256168 700__ $$0241950$$aVaudenay, Serge
000256168 7112_ $$aACISP 2018
000256168 8560_ $$ffatih.balli@epfl.ch
000256168 8564_ $$s391231$$uhttps://infoscience.epfl.ch/record/256168/files/payment.pdf
000256168 909C0 $$0252183$$mfatih.balli@epfl.ch$$pLASEC$$xU10433
000256168 909CO $$ooai:infoscience.epfl.ch:256168$$pconf$$pIC$$qGLOBAL_SET
000256168 960__ $$ahandan.kilinc@epfl.ch
000256168 961__ $$afantin.reichler@epfl.ch
000256168 973__ $$aEPFL$$rREVIEWED
000256168 980__ $$aCONF
000256168 981__ $$aoverwrite