This paper has been written for a 6 ECTS course at the Eindhoven University of Technology.

As the world moves to smart card payments, EMV, the leading system for sale points and automated teller machines by smart card, plays a growing part in the world of electronic payment. This paper discusses fatal flaws in EMV, that allow malicious users to trick the system in accepting a transaction when the supplied PIN is incorrect.

The discussed flaw exists in the framework of EMV itself. The problem lies within the lack of authentication between the several phases of EMV. Therefore, EMV is declared broken.

In addition, this paper also views upon the internal workings of EMV. The phases of the protocol are discussed as well as the cryptographic aspects.

Finally, effects on liability are also discussed. This concerns both effects on innovation as the way disputes are handled.

Download this paper.

Tagged with:
 

One Response to A Discussion of Fatal Protocol Flaws in EMV

  1. […] as the real world is not like any theory, there have been some failures along the way. Previously, I wrote about a, now superseded, attack on EMV – the major protocol used by chip and PIN. This was a so-called man-in-the-middle attack. In […]

Leave a Reply

Your email address will not be published. Required fields are marked *