Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch. 5.2.4 (136—138), 10.3-10.4 (328—343) Papers.

Published byOswin Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch. 5.2.4 (136—138), 10.3-10.4 (328—343) Papers."— Presentation transcript:

1 EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch. 5.2.4 (136—138), 10.3-10.4 (328—343) Papers on Course Schedule 1

2 Agenda EMV Design EMV Attacks EMV’s Context in Overall Payment Fraud 2

3 Mag-strip Payment Cards are Vulnerable ATM, credit cards embed key information in magnetic strip – PAN (primary account number) – Version Number – Expiration date Mag-strip cards can be easily copied – Anyone reading the mag-strip can copy its contents – Can also recreate if the PAN, expiry is observed Industry response: CVV (cardholder verification value) – 3-digit MAC on mag-strip contents, written on back 3

4 EMV EMV: Europay, Mastercard, VISA – Suite of protocols for smartcard-based payments – Huge variation in requirements across banks (VISA protocol specification is 3600 pages long) EMV’s goals – Use smartcards to reduce “card-present” fraud by preventing card counterfeiting and theft from loss – Be interoperable internationally Deployment began in Europe, recently hit US 4

5 EMV Transaction Security 1.Card Authentication – Validate card either online or offline 2.Cardholder Verification – Methods: offline PIN, online PIN, signature, none 3.Transaction authorization – Online: same as for mag-stripe cards, communication with issuer – Offline also permitted 5

6 Card Authentication Figure courtesy Steven Murdoch 6

7 Card Authentication Options 1.Static Default Authentication (SDA) – Default, cheapest option 2.Dynamic Default Authentication (DDA) – More expensive, now more common 3.Combined Data Authentication (CDA) 7

8 Static Data Authorization (SDA) Under SDA, the card information is signed once and reused across transactions – Card not capable of public-key crypto operations – Card is preloaded with signature by issuer {PAN, expiration, CA Issuer, Cert Issuer } – Card sends terminal issuer’s digital certificate, PAN and other mag-strip data, plus signature of data using card issuer’s private key (see above) – Terminal verifies the signature using issuer’s public key 8

9 Dynamic Data Authorization (DDA) SDA cards vulnerable to replay attacks DDA uses more expensive cards capable of public-key cryptography 1.When card inserted to terminal, the terminal sends a dynamically generated nonce N 2.Card signs the nonce {N} and sends to terminal 3.Terminal sends transaction data plus PIN encrypted using card’s public key 9

10 Cardholder Verification (Offline PIN) Figure courtesy Steven Murdoch 10

11 Cardholder Verification Methods: offline PIN, online PIN, signature, none Offline PIN – If PIN auth used, customer inputs at terminal, then sent in clear to card if SDA used – PIN checked by card, if OK card generates a MAC (called application data cryptogram) on transaction info, using key shared between card and issuer 11

12 Transaction Authorization Figure courtesy Steven Murdoch 12

13 Transaction Authorization Key used to compute application data cryptogram is shared between issuer and card – Thus, the terminal cannot validate the cryptogram – Only the issuing bank can validate the cryptogram – Thus, the terminal optionally checks online with issuer that cryptogram is OK 13

14 What Goes Wrong with EMV Under SDA, vulnerable to replay attacks – Anyone who obtains issuer signature of card data and replays the information can impersonate card – Attacker can read the signature off the card, write it to a new card and then use it for offline card authentication – Countermeasure: only permit online card authentication Furthermore, communications between terminal and card are sent in the clear – Therefore, keeping the communications between terminal and card secure is very important – EMV achieves this by making terminals tamper-resistant 14

15 Figure courtesy Steven Murdoch 15

16 Figure courtesy Steven Murdoch 16

17 Figure courtesy Steven Murdoch 17

18 Figure courtesy Steven Murdoch 18

19 What Goes Wrong with EMV Criminal gets everything necessary to make a magnetic stripe card – Card #, expiration date, CVV, PIN – Compromising a single terminal in a shop can enable fraudulent cash withdrawals from ATMs Countermeasures – Banks have stopped storing mag-strip data – Mag-strip fallback transactions are being phased out 19

20 What Goes Wrong With EMV Cards using DDA are still vulnerable to attacks – No link between the act of proving freshness (exchanging the nonce) and accepting the PIN – In other words, the card authentication step and cardholder verification step are disconnected, which an attacker can exploit (e.g., saying PIN has been verified when it hasn’t) Countermeasure: Combined Data Authentication (CDA) – Cardholder verification decision included in the card’s signature – Even CDA remains vulnerable to no-PIN attack (see “Chip and PIN is Broken” paper) 20

21 What Really Goes Wrong with EMV There is evidence that criminals have carried out attacks exploiting weaknesses in SDA, DDA, and other protocol flaws But EMV has shifted the fraud landscape to two main approaches – Exploiting mag-strip fallback – Shifting fraud away from more secure “card- present” transactions to “card-not-present” ones 21

22 The UK Case for EMV 22

23 Shift from Card-Present to CNP Fraud (UK Fraud Losses) 23

24 Counterfeit Cards Cashed Out Overseas 24

25 Externalities of EMV Adoption 25

26 Conclusion EMV improves card authentication over magnetic stripe technology Supports PIN-based cardholder authentication Many configurations, many weaknesses Shift in payment card fraud to jurisdictions with weaker security: card-not-present transactions and countries not adopting EMV 26

Download ppt "EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch. 5.2.4 (136—138), 10.3-10.4 (328—343) Papers."

Similar presentations

WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,

WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
E-Commerce Payment Systems

E-Commerce Payment Systems
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN 21st ACM Conference on Computer and Communications.

Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN 21st ACM Conference on Computer and Communications.
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.

© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.
EMV chip and pin the business case. What is EMV? New Standard in “Chip Card” Technologies Replacing Magnetic Strip Cards New Standard in “Chip Card” Technologies.

EMV chip and pin the business case. What is EMV? New Standard in “Chip Card” Technologies Replacing Magnetic Strip Cards New Standard in “Chip Card” Technologies.
Debit Card Plastic card that looks like a credit card

Debit Card Plastic card that looks like a credit card
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Verified by Visa and MasterCard SecureCode – or, How Not to Design Authentication Steven Murdoch and Ross Anderson Cambridge.

Verified by Visa and MasterCard SecureCode – or, How Not to Design Authentication Steven Murdoch and Ross Anderson Cambridge.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Chapter 8 Web Security.

Chapter 8 Web Security.
An average pin. The chip.. Main function The chip and pin system is a safe way to make payment with a credit/debit card in the UK and Ireland.

An average pin. The chip.. Main function The chip and pin system is a safe way to make payment with a credit/debit card in the UK and Ireland.
Emerging Technologies

Emerging Technologies
Security of Electronic Transactions (Theory and Practice) Jan Krhovják, Marek Kumpošt, Vašek Matyáš Faculty of Informatics Masaryk University, Brno.

Security of Electronic Transactions (Theory and Practice) Jan Krhovják, Marek Kumpošt, Vašek Matyáš Faculty of Informatics Masaryk University, Brno.

Similar presentations

Ads by Google