{"title":"支付协议的正式方法","authors":"D. Basin","doi":"10.1145/3579856.3596440","DOIUrl":null,"url":null,"abstract":"We report on experience using Tamarin, a security protocol model checker, to find numerous, serious exploitable vulnerabilities in EMV payment protocols. EMV is the international protocol standard for smartcard payment that is used in over 9 billion payment cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages. We have formalized a comprehensive model of EMV in Tamarin. We use our model to automatically discover new flaws that lead to critical attacks on EMV. In particular, an attacker can use a victim’s EMV card (e.g., Mastercard or Visa Card) for high-valued purchases without the victim’s PIN. We describe these attacks, their repair, and more generally why using formal methods is essential for critical protocols like payment protocols.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"65 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Formal Methods for Payment Protocols\",\"authors\":\"D. Basin\",\"doi\":\"10.1145/3579856.3596440\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We report on experience using Tamarin, a security protocol model checker, to find numerous, serious exploitable vulnerabilities in EMV payment protocols. EMV is the international protocol standard for smartcard payment that is used in over 9 billion payment cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages. We have formalized a comprehensive model of EMV in Tamarin. We use our model to automatically discover new flaws that lead to critical attacks on EMV. In particular, an attacker can use a victim’s EMV card (e.g., Mastercard or Visa Card) for high-valued purchases without the victim’s PIN. We describe these attacks, their repair, and more generally why using formal methods is essential for critical protocols like payment protocols.\",\"PeriodicalId\":156082,\"journal\":{\"name\":\"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security\",\"volume\":\"65 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3579856.3596440\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3579856.3596440","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
We report on experience using Tamarin, a security protocol model checker, to find numerous, serious exploitable vulnerabilities in EMV payment protocols. EMV is the international protocol standard for smartcard payment that is used in over 9 billion payment cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages. We have formalized a comprehensive model of EMV in Tamarin. We use our model to automatically discover new flaws that lead to critical attacks on EMV. In particular, an attacker can use a victim’s EMV card (e.g., Mastercard or Visa Card) for high-valued purchases without the victim’s PIN. We describe these attacks, their repair, and more generally why using formal methods is essential for critical protocols like payment protocols.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
