Abstract
To address known privacy problems with the EMV standard, EMVCo have proposed a Blinded Diffie-Hellman key establishment protocol, which is intended to be part of a future 2nd Gen EMV protocol. We point out that active attackers were not previously accounted for in the privacy requirements of this proposal protocol, and demonstrate that an active attacker can compromise unlinkability within a distance of 100cm. Here, we adopt a strong definition of unlinkability that does account for active attackers and propose an enhancement of the protocol proposed by EMVCo. We prove that our protocol does satisfy strong unlinkability, while preserving authentication.
| Original language | English |
|---|---|
| Title of host publication | 2022 IEEE 35th Computer Security Foundations Symposium, CSF 2022 |
| Place of Publication | Piscataway, NJ |
| Publisher | IEEE |
| Pages | 364-379 |
| Number of pages | 16 |
| ISBN (Electronic) | 9781665484176 |
| ISBN (Print) | 9781665484183 |
| DOIs | |
| Publication status | Published - 31 Oct 2022 |
| Event | 35th IEEE Computer Security Foundations Symposium, CSF 2022 - Haifa, Israel Duration: 7 Aug 2022 → 10 Aug 2022 |
Publication series
| Name | Proceedings - IEEE Computer Security Foundations Symposium |
|---|---|
| Volume | 2022-August |
| ISSN (Print) | 1940-1434 |
Conference
| Conference | 35th IEEE Computer Security Foundations Symposium, CSF 2022 |
|---|---|
| Country/Territory | Israel |
| City | Haifa |
| Period | 7/08/22 → 10/08/22 |
Funding
†Semen Yurkov is supported by the Luxembourg National Research Fund through grant PRIDE15/10621687/SPsquared.
Keywords
- authentication
- bisimilarity
- key agreement
- protocols
- unlinkability