Unlinkability of an improved key agreement protocol for EMV 2nd gen payments

Ross Horne, Sjouke Mauw, Semen Yurkov

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

5 Citations (Scopus)

Abstract

To address known privacy problems with the EMV standard, EMVCo have proposed a Blinded Diffie-Hellman key establishment protocol, which is intended to be part of a future 2nd Gen EMV protocol. We point out that active attackers were not previously accounted for in the privacy requirements of this proposal protocol, and demonstrate that an active attacker can compromise unlinkability within a distance of 100cm. Here, we adopt a strong definition of unlinkability that does account for active attackers and propose an enhancement of the protocol proposed by EMVCo. We prove that our protocol does satisfy strong unlinkability, while preserving authentication.

Original languageEnglish
Title of host publication2022 IEEE 35th Computer Security Foundations Symposium, CSF 2022
Place of PublicationPiscataway, NJ
PublisherIEEE
Pages364-379
Number of pages16
ISBN (Electronic)9781665484176
ISBN (Print)9781665484183
DOIs
Publication statusPublished - 31 Oct 2022
Event35th IEEE Computer Security Foundations Symposium, CSF 2022 - Haifa, Israel
Duration: 7 Aug 202210 Aug 2022

Publication series

NameProceedings - IEEE Computer Security Foundations Symposium
Volume2022-August
ISSN (Print)1940-1434

Conference

Conference35th IEEE Computer Security Foundations Symposium, CSF 2022
Country/TerritoryIsrael
CityHaifa
Period7/08/2210/08/22

Keywords

  • authentication
  • bisimilarity
  • key agreement
  • protocols
  • unlinkability

Fingerprint

Dive into the research topics of 'Unlinkability of an improved key agreement protocol for EMV 2nd gen payments'. Together they form a unique fingerprint.

Cite this