Title :
The SmartLogic Tool: Analysing and Testing Smart Card Protocols
Author :
De Koning Gans, Gerhard ; De Ruiter, Joeri
Author_Institution :
Inst. for Comput. & Inf. Sci., Radboud Univ. Nijmegen, Nijmegen, Netherlands
Abstract :
This paper introduces the Smart Logic, which is a flexible smart card research tool that gives complete control over the smart card communication channel for eavesdropping, man-in-the-middle attacks, relaying and card emulation. The hardware is available off-the-shelf at a price of about 100 euros. Furthermore, the necessary firm- and software is open source. The Smart Logic provides essential functionality for smart card protocol research and testing. This is demonstrated by reproducing two attack scenarios. The first attack is on an implementation of the EMV payment protocol where a payment terminal is forced to do a rollback to plaintext PIN instead of using encrypted PIN. The second attack is a relay of a smart card payment over a 20 km distance. We also show that this distance can be increased to at least 10.000 km.
Keywords :
cryptographic protocols; program testing; smart cards; telecommunication channels; EMV payment protocol; attack scenarios; card emulation; eavesdropping; flexible smart card research tool; man-in-the-middle attacks; open source software; payment terminal; plaintext PIN; smart card communication channel; smart card payment relay; smart card protocol research; smart card protocol testing; Clocks; Hardware; IEC standards; ISO standards; Protocols; Servers; Smart cards; EMV; Man-in-the-Middle; Protocol analysis; Relay attack; Smart card testing;
Conference_Titel :
Software Testing, Verification and Validation (ICST), 2012 IEEE Fifth International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4577-1906-6
DOI :
10.1109/ICST.2012.189
