Designing and proving an EMV-compliant payment protocol for mobile devices

Designing and proving an EMV-compliant payment protocol for mobile devices. Véronique Cortier, Alicia Filipiak, Jan Florent, Said Gharout, and Jacques Traoré. In 2nd IEEE European Symposium on Security and Privacy (EuroSP'17), pp. 467–480, 2017.

Download

[PDF] [HTML]

Abstract

We devise a payment protocol that can be securely used on mobile devices, even infected by malicious applications. Our protocol only requires a light use of Secure Elements, which significantly simplify certification procedures and protocol maintenance. It is also fully compatible with the EMV SDA protocol and allows off-line payments for the users.
We provide a formal model and full security proofs of our protocol using the TAMARIN prover.

BibTeX

@InProceedings{CFTG-EuroSP17,
  author = 	 {V\'eronique Cortier and Alicia Filipiak and Jan Florent and Said Gharout and Jacques Traor\'e},
  title = 	 {Designing and proving an {EMV}-compliant payment protocol for mobile devices},
  OPTcrossref =  {},
  OPTkey = 	 {},
  booktitle = {2nd IEEE European Symposium on Security and Privacy (EuroSP'17)},
  year = 	 {2017},
  OPTeditor = 	 {},
  OPTvolume = 	 {},
  OPTnumber = 	 {},
  OPTseries = 	 {},
  pages = 	 {467--480},
  OPTmonth = 	 {},
  OPTaddress = 	 {},
  OPTorganization = {},
  OPTpublisher = {},
  abstract = {We devise a payment protocol that can be securely used on 
mobile devices, even infected by malicious applications.
Our protocol only requires a light use of Secure Elements,
which significantly simplify certification procedures
and protocol maintenance.
It is also fully compatible with the EMV SDA protocol
and allows off-line payments for the users.
\par
We provide a formal model and full security proofs
of our protocol using the TAMARIN prover.},
  doi = {10.1109/EuroSP.2017.19},
}