On the Joint Security of Encryption and Signature in EMV

Jean-Paul Degabriele 1 Anja Lehmann 2 Kenneth G. Paterson 1 Nigel P. Smart 3 Mario Strefler 4
1 Department of Computer Science [Royal Holloway]
2 IBM Research Laboratory [Zurich]
3 Department of Computer Science [Bristol]
4 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : We provide an analysis of current and future algorithms for signature and encryption in the EMV standards in the case where a single key-pair is used for both signature and encryption. We give a theoretical attack for EMV’s current RSA-based algorithms, showing how access to a partial decryption oracle can be used to forge a signature on a freely chosen message. We show how the attack might be integrated into EMV’s CDA protocol flow, enabling an attacker with a wedge device to complete an offline transaction without knowing the cardholder’s PIN. Finally, the elliptic curve signature and encryption algorithms that are likely to be adopted in a forthcoming version of the EMV standards are analyzed in the single key-pair setting, and shown to be secure.
Document type :
Conference papers
Liste complète des métadonnées
https://hal.inria.fr/hal-01111635
Contributor : Brigitte Briot <>
Submitted on : Friday, January 30, 2015 - 4:41:49 PM
Last modification on : Wednesday, January 30, 2019 - 11:07:38 AM

Links full text

openaccess

Identifiers

Collections

INRIA | ENS-PARIS | PSL | INRIA-ROCQ

Citation

Jean-Paul Degabriele, Anja Lehmann, Kenneth G. Paterson, Nigel P. Smart, Mario Strefler. On the Joint Security of Encryption and Signature in EMV. CT-RSA 2012 - The Cryptographers’ Track at the RSA Conference, Feb 2012, San Francisco, CA, United States. pp.116-135, ⟨10.1007/978-3-642-27954-6_8⟩. ⟨hal-01111635⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

140

Contact


archive-ouverte@inria.fr