Cloning credit cards: A combined pre-play and downgrade attack on EMV contactless

7th USENIX Workshop on Offensive Technologies, WOOT 2013

Volumn , Issue , 2013, Pages

  Roland, Michael ^a   Langer, Josef ^a  

^a UNIVERSITY OF APPLIED SCIENCES UPPER AUSTRIA   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

CLONE CELLS; CLONING; CODES (SYMBOLS); NEAR FIELD COMMUNICATION;

ATTACK SCENARIOS; CONTACT LESS; CONTACTLESS PAYMENT; CREDIT CARDS; PAYMENT TRANSACTIONS; RELAY ATTACK; ROLL-OUTS; THE NEAR FIELD COMMUNICATION (NFC);

ELECTRONIC MONEY;

EID: 85084160158     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (26)

1. Anderson, R. Position Statement in RFID S&P Panel: RFID and the Middleman. In Financial Cryptography and Data Security, vol. 4886/2007 of LNCS. Springer Berlin Heidelberg, 2007, pp. 46–49.
2. Bond, M., Choudary, O., Murdoch, S. J., Skorobogatov, S., and Anderson, R. Chip and Skim: cloning EMV cards with the pre-play attack. Computing Research Repository (CoRR), arXiv:1209.2531 [cs.CY], Sept. 2012.
3. Conway, J. H. On Numbers and Games. Academic Press, 1976.
4. Count Zero. Card-O-Rama: Magnetic Stripe Technology and Beyond. In Phrack, vol. 37. Nov. 1992.
5. Desmedt, Y., Goutier, C., and Bengio, S. Special Uses and Abuses of the Fiat-Shamir Passport Protocol (extended abstract). In Advances in Cryptology — CRYPTO’87, vol. 293/2006 of LNCS. Springer Berlin Heidelberg, 1988, pp. 21–39.
6. Dr. Mabuse. Magneetkaarten. In Hack-Tic, vol. 8. 1990.
7. Dr. Mabuse. Magneetkaarten deel II. In Hack-Tic, vol. 9/10. 1990.
8. EMVCo. EMV Contactless Specifications for Payment Systems – Book C-2: Kernel 2 Specification, Mar. 2011.
9. EMVCo. EMV Contactless Specifications for Payment Systems (Books A–D), Mar. 2011.
10. Francis, L., Hancke, G. P., Mayes, K. E., and Markantonakis, K. Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms. In Proceedings of the 1st International Workshop on RFID Security and Cryptography (RISC’09). IEEE, London, UK, Nov. 2009.
11. Francis, L., Hancke, G. P., Mayes, K. E., and Markantonakis, K. On the security issues of NFC enabled mobile phones. In Int. J. Internet Technology and Secured Transactions, vol. 2(3/4). 2010, pp. 336–356.
12. Francis, L., Hancke, G. P., Mayes, K. E., and Markantonakis, K. Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones. In Radio Frequency Identification: Security and Privacy Issues, vol. 6370/2010 of LNCS. Springer Berlin Heidelberg, 2010, pp. 35–49.
13. Francis, L., Hancke, G. P., Mayes, K. E., and Markantonakis, K. Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones. Cryptology ePrint Archive, Report 2011/618, 2011.
14. Gallagher, S. Automated robbery: how card skimmers (still) steal millions from banks. Ars Technica (June 2012). http://arstechnica.com/security/2012/06/automated-robbery-how-card-skimmers-still-steal-millions-from-banks/.
15. Hancke, G. P. A Practical Relay Attack on ISO 14443 Proximity Cards. http://www.rfidblog.org.uk/hancke-rfidrelay.pdf, Jan. 2005.
16. Haselsteiner, E., and Breitfuß, K. Security in Near Field Communication (NFC) – Strengths and Weaknesses. In Workshop on RFID Security 2006 (RFIDsec 06). Graz, Austria, July 2006.
17. Heydt-Benjamin, T. S., Bailey, D. V., Fu, K., Juels, A., and O’Hare, T. Vulnerabilities in First-Generation RFID-enabled Credit Cards. In Financial Cryptography and Data Security, vol. 4886/2007 of LNCS. Springer Berlin Heidelberg, 2007, pp. 2–14.
18. Little, A. Overseas credit card scam exposed. BBC News (Mar. 2009). http://news.bbc.co.uk/2/hi/uk_news/7953401.stm.
19. MasterCard Worldwide. MasterCard Rules, July 2011.
20. MasterCard Worldwide. PayPass – M/Chip Requirements, Dec. 2011.
21. Murdoch, S. J., Drimer, S., Anderson, R., and Bond, M. Chip and PIN is Broken. In Proceedings of the IEEE Symposium on Security and Privacy (S&P). IEEE, Oakland, CA, USA, May 2010, pp. 433–446.
22. Paget, K. Credit Card Fraud – The Contactless Generation. Presentation at ShmooCon 2012, 2012. http://www.shmoocon.org/2012/presentations/Paget_shmoocon2012-credit-cards.pdf.
23. Roland, M. Applying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack. Computing Research Repository (CoRR), arXiv:1209.0875 [cs.CR], Sept. 2012.
24. Roland, M. Security Issues in Mobile NFC Devices. PhD thesis, Johannes Kepler University Linz, Department of Computational Perception, Jan. 2013.
25. Roland, M., Langer, J., and Scharinger, J. Applying Relay Attacks to Google Wallet. In Proceedings of the Fifth International Workshop on Near Field Communication (NFC 2013). IEEE, Zurich, Switzerland, Feb. 2013.
26. Svigals, J. The Long Life and Imminent Death of the Mag-Stripe Card. In IEEE Spectrum, vol. 49(6). June 2012.