The SmartLogic Tool: Analysing and Testing Smart Card Protocols

Author

De Koning Gans, Gerhard ; De Ruiter, Joeri

Author_Institution

Inst. for Comput. & Inf. Sci., Radboud Univ. Nijmegen, Nijmegen, Netherlands

fYear

2012

fDate

17-21 April 2012

Firstpage

864

Lastpage

871

Abstract

This paper introduces the Smart Logic, which is a flexible smart card research tool that gives complete control over the smart card communication channel for eavesdropping, man-in-the-middle attacks, relaying and card emulation. The hardware is available off-the-shelf at a price of about 100 euros. Furthermore, the necessary firm- and software is open source. The Smart Logic provides essential functionality for smart card protocol research and testing. This is demonstrated by reproducing two attack scenarios. The first attack is on an implementation of the EMV payment protocol where a payment terminal is forced to do a rollback to plaintext PIN instead of using encrypted PIN. The second attack is a relay of a smart card payment over a 20 km distance. We also show that this distance can be increased to at least 10.000 km.

Keywords

cryptographic protocols; program testing; smart cards; telecommunication channels; EMV payment protocol; attack scenarios; card emulation; eavesdropping; flexible smart card research tool; man-in-the-middle attacks; open source software; payment terminal; plaintext PIN; smart card communication channel; smart card payment relay; smart card protocol research; smart card protocol testing; Clocks; Hardware; IEC standards; ISO standards; Protocols; Servers; Smart cards; EMV; Man-in-the-Middle; Protocol analysis; Relay attack; Smart card testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Testing, Verification and Validation (ICST), 2012 IEEE Fifth International Conference on

Conference_Location

Montreal, QC

Print_ISBN

978-1-4577-1906-6

Type

conf

DOI

10.1109/ICST.2012.189

Filename

6200201