New Security Protocols for Offline Point-of-Sale Machines

From LRDE

Abstract

EMV (Europay MasterCard Visa) is the protocol implemented to secure the communication, between a client's payment device and a Point-of-Sale machine, during a contact or an NFC (Near Field Communication) purchase transaction. In several studies, researchers have analyzed the operation of this protocol in order to verify its safety: unfortunatelythey have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are interested in proposing new security solutions that aim to overcome the two dangerous EMV vulnerabilities. Our solutions address the case of Point-of-Sale machines that do not have access to the banking network and are therefore in the "offline" connectivity mode. We verify the accuracy of our proposals by using the Scyther security verification tool.


Bibtex (lrde.bib)

@InProceedings{	  el-madhoun.22.aina,
  author	= {Nour El Madhoun and Emmanuel Bertin and Mohamad Badra and
		  Guy Pujolle},
  booktitle	= {36th International Conference on Advanced Information
		  Networking and Applications (AINA)},
  title		= {New Security Protocols for Offline Point-of-Sale
		  Machines},
  year		= {2022},
  abstract	= {EMV (Europay MasterCard Visa) is the protocol implemented
		  to secure the communication, between a client's payment
		  device and a Point-of-Sale machine, during a contact or an
		  NFC (Near Field Communication) purchase transaction. In
		  several studies, researchers have analyzed the operation of
		  this protocol in order to verify its safety: unfortunately,
		  they have identified two security vulnerabilities that lead
		  to multiple attacks and dangerous risks threatening both
		  clients and merchants. In this paper, we are interested in
		  proposing new security solutions that aim to overcome the
		  two dangerous EMV vulnerabilities. Our solutions address
		  the case of Point-of-Sale machines that do not have access
		  to the banking network and are therefore in the "offline"
		  connectivity mode. We verify the accuracy of our proposals
		  by using the Scyther security verification tool.},
  publisher	= {Springer},
  series	= {Lecture Notes in Networks and Systems},
  volume	= {450},
  doi		= {10.1007/978-3-030-99587-4_38}
}