E-EMV: Emulating EMV for internet payments with trusted computing technologies

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 81-92

  Balfe, Shane ^a   Paterson, Kenneth G ^a  

^a UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

Card not present; EMV; Trusted computing

Indexed keywords

CARD NOT PRESENT; EMV; INTERNET BASED; INTERNET PAYMENTS; PAYMENT CARD; SYSTEM ARCHITECTURES; TRANSACTION PROCESSING; TRUSTED COMPUTING; TRUSTED COMPUTING TECHNOLOGY;

COMPUTER SOFTWARE; HIGHWAY PLANNING; INTERNET; SOFTWARE ARCHITECTURE; SPACE TIME ADAPTIVE PROCESSING;

COMPUTER SCIENCE;

EID: 70349230089     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1456455.1456468     Document Type: Conference Paper

References (45)

1. M. Abadi and T. Wobber. A Logical Account of NGSCB. In Proceedings of the 24th International Conference on Formal Techniques for Networked and Distributed Systems, volume 3235 of LNCS, pages 1-12. Springer Verlag, 2004.
2. M. Al-Meaither and C. J. Mitchell. Extending EMV to Support Murabaha Transactions. In Proceedings of the 7th Nordic Workshop on Secure IT Systems, pages 95-108. NTNU, 2003.
3. A. Alsaid and C. J. Mitchell. Preventing Phishing Attacks Using Trusted Computing Technology. In Proceedings of the 6th International Network Conference, pages 221-228, 2006.
4. AMD. AMD64 architecture programmer's manual: Volume 2: System programming, AMD Publication no. 24594 rev. 3.11 edition, 2006.
5. APACS. Card Fraud Losses Continue to Fall. http://www.apacs.org.uk/, March 2007.
6. APACS. Card Fraud The Facts 2007. http://www.apacs.org.uk/, April 2007.
7. B. Balacheff, D. Chan, L. Chen, S. Pearson, and G. Proudler. Securing Intelligent Adjuncts Using Trusted Computing Platform Technology. In Proceedings of the 4th working Smart Card Research and Advanced Applications, pages 177-195. Kluwer Academic, 2001.
8. S. Balfe, A.D. Lakhani, and K.G. Paterson. Securing Peer-to-Peer networks using Trusted Computing. In C.J. Mitchell, editor, Trusted Computing, pages 271-298. IEE Press, 2005.
9. S. Balfe and K.G. Paterson. Augmenting Internet-based Card Not Present Transactions with Trusted Computing: An Analysis. Technical report, Technical report RHUL-MA-2006-9-v2, (Department of Mathematics, Royal Holloway, University of London). http://www.rhul.ac.uk/mathematics/techreports.
10. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery, I. Pratt, and A. Warfield. XEN and the Art of Virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, pages 164-177. ACM Press, 2003.
11. E. Brickell, J. Camenisch, and L. Chen. Direct Anonymous Attestation. In Proceedings of the 11th ACM Conference on Computer and Communications Security, pages 132-145. ACM Press, 2004.
12. PCI Security Standards Council. Payment Card Industry Data Security Standard - Version 1.1. https://www.pcisecuritystandards.org/, 2006.
13. R. Dhamija, J. D. Tygar, and M. Hearst. Why Phishing Works. In Proceedings of the 2006 Conference on Human Factors in Computing Systems, pages 581-590. ACM Press, 2006.
14. EMVCo. Book 3 - Application Speciffication, 4.0 edition, December 2000.
15. EMVCo. EMV Specifications Version 4.1. http://www.emvco.com, June 2004.
16. S. Gajek, A-R. Sadeghi, C. Stüble, and M. Winandy. Compartmented Security for Browsers-Or How to Thwart a Phisher with Trusted Computing. In Proceedings of the 2nd International Conference on Availability, Reliability and Security, pages 120-127. IEEE Computer Society, 2007.
17. E. Gallery and A. Tomlinson. Conditional Access in Mobile Systems: Securing the Application. In Proceedings of the 1st International Conference on Distributed Frameworks for Multimedia Applications, pages 190-197. IEEE, 2005.
18. Y. Gasmi, A-R. Sadeghi, P. Stewin, M. Unger, and N. Asokan. Beyond Secure Channels. In Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pages 30-40. ACM Press, 2007.
19. D. Grawrock. The Intel Safer Computer Initiative: Building Blocks for Trusted Computing, chapter Protected Input and Output, pages 143-164. Intel Press, 2006.
20. V. Haldar, D. Chandra, and M. Franz. Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing. In USENIX Virtual Machine Research and Technology Symposium, pages 19-41. USENIX, 2004.
21. E.V. Herreweghen and U. Wille. Risks and Potentials of Using EMV for Internet Payments. In Proceedings of the 1st USENIX Workshop on Smartcard Technology, pages 163-174. USENIX, 1999.
22. IBM-Global-Services. IBM Global Business Security Index Report, February 2005.
23. Intel-Corporation. LaGrande Technology Preliminary Architecture Specification, Intel Publication no. D52212 edition, May 2006.
24. C. Jackson, D. Boneh, and J. Mitchell. Attack of the transaction generators. http: //crypto.stanford.edu/SpyBlock/spyblock.pdf.
25. V. Khu-Smith and C.J. Mitchell. Using EMV Cards to Protect E-commerce Transactions. In Proceedings of the 3rd International Conference on E-Commerce and Web Technologies, volume 2455, pages 388-399. Springer-Verlag, 2002.
26. J.M. McCune, B. Parno, A. Perrig, M.K. Reiter, and A. Seshadri. Minimal TCB Code Execution. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 267-272. IEEE Computer Society, 2007.
27. P. Meadowcroft. Combating card fraud. http://www.scmagazine.com/uk/news/ article/459478/combating+card+fraud/, January 2005.
28. C.J. Mitchell, editor. Trusted Computing. IEE Professional Applications of Computing Series 6. The Institute of Electrical Engineers (IEE), London, UK, April 2005.
29. C. Radu. Implementing Electronic Card Payment Systems. Artech House, Inc., 2002.
30. A-R. Sadeghi, M. Selhorst, C. Stüble, C. Wachsmann, and M. Winandy. TCG inside?: A Note on TPM Speciffication Compliance. In Proceedings of the 1st ACM workshop on Scalable Trusted Computing, pages 47-56. ACM Press, 2006.
31. A-R. Sadeghi and C. Stüble. Property-Based Attestation for Computing Platforms: Caring About Properties, Not Mechanisms. In Proceedings of the 2004 Workshop on New Security Paradigms, pages 67-77. ACM Press, 2004.
32. A-R. Sadeghi, C. Stüble, and N. Pohlmann. European Multilateral Secure Computing Base: Open Trusted Computing for You and Me. http://www.prosec.rub.de/, 2004.
33. U.S. Securities and Exchange Commission. Form 10-K - The TJX Companies, INC. http://www.sec.gov/, 2007.
34. A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles, pages 335-350. ACM Press, 2007.
35. SETCo. SET Secure Electronic Transaction 1.0 Specification - The Formal Protocol Definition, May 1997.
36. E. Shi, A. Perrig, and L.V. Doorn. BIND: A Fine-Grained Attestation Service for Secure Distributed Systems. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 154-168. IEEE Computer Society, 2005.
37. TCG. Trusted computing: Opportunities and challenges. https://www.trustedcomputinggroup. org/downloads/tcgpresentations/, 2004.
38. TCG. Interoperability Specification for Backup and Migration Services, 1.0 revision 1.0 edition, 2005.
39. TCG. TCG Speciffication Architecture Overview Revision 1.2, 1.2 revision 93 edition, 2006.
40. TCG. TCG Mobile Trusted Module Speciffication, 1.0 revision 1 edition, 2007.
41. TCG. TPM Main: Parts 1-3: Design Principles, Structures and Commands, 1.2 revision 103 edition, 2007.
42. The Sunday Times. Don't Use Cards at Petrol Stations. http://business.timesonline.co.uk/, Febuary 18 2007.
43. Visa. 3-D Secure Protocol Speciffication: System Overview. http://international.visa.com/fb/paytech/secure/main.jsp, May 2003.
44. Visa. CISP - List of Validated Payment Applications. http://usa.visa.com/ merchants/, October 2007.
45. Visa. CISP Bulletin 102307- Visa Announces New Payment Application Security Mandates. http://usa.visa.com/merchants/, October 2007.