Designing and proving an EMV-compliant payment protocol for mobile devices

Véronique Cortier, Alicia Filipiak, Jan Florent, Said Gharout, and Jacques Traoré. Designing and proving an EMV-compliant payment protocol for mobile devices. In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P'17), pp. 467–480, IEEE Computer Society, Paris, France, April 2017.

Download

[PDF] 

Abstract

We devise a payment protocol that can be securely used on mobile devices, even infected by malicious applications. Our protocol only requires a light use of Secure Elements, which significantly simplify certification procedures and protocol maintenance. It is also fully compatible with the EMV SDA protocol and allows off-line payments for the users.
We provide a formal model and full security proofs of our protocol using the TAMARIN prover.

BibTeX

@InProceedings{CFTG-EuroSPO17,
  author =	 {V\'eronique Cortier and Alicia Filipiak and Jan
                  Florent and Said Gharout and Jacques Traor\'e},
  title =	 {Designing and proving an EMV-compliant payment
                  protocol for mobile devices},
  year =	 2017,
  abstract =	 {We devise a payment protocol that can be securely
                  used on mobile devices, even infected by malicious
                  applications. Our protocol only requires a light use
                  of Secure Elements, which significantly simplify
                  certification procedures and protocol
                  maintenance. It is also fully compatible with the
                  EMV SDA protocol and allows off-line payments for
                  the users. \par We provide a formal model and full
                  security proofs of our protocol using the TAMARIN
                  prover.},
  address =	 {Paris, France},
  booktitle =	 {{P}roceedings of the 2nd IEEE European Symposium on
                  Security and Privacy (EuroS\&P'17)},
  pages =	 {467--480},
  month =	 apr,
  publisher =	 {IEEE Computer Society},
  acronym =	 {{EuroSP}'17},
  nmonth =	 4,
                  ={https://members.loria.fr/VCortier/files/Papers/euroSP17.pdf}
}