Guy Pujolle

New security protocols for offline point-of-sale machines

By Nour El Madhoun, Emmanuel Bertin, Mohamad Badra, Guy Pujolle

2022-03-01

In The 36th international conference on advanced information networking and applications (AINA-2022)

Abstract

EMV (Europay MasterCard Visa) is the protocol implemented to secure the communication, between a client’s payment device and a Point-of-Sale machine, during a contact or an NFC (Near Field Communication) purchase transaction. In several studies, researchers have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are interested in proposing new security solutions that aim to overcome the two dangerous EMV vulnerabilities. Our solutions address the case of Point-of-Sale machines that do not have access to the banking network and are therefore in the “offline” connectivity mode. We verify the accuracy of our proposals by using the Scyther security verification tool.

Continue reading