Title :
Formal Models of Bank Cards for Free
Author :
Aarts, Fides ; de Ruiter, Joeri ; Poll, Erik
Author_Institution :
Inst. for Comput. & Inf. Sci., Radboud Univ. Nijmegen, Nijmegen, Netherlands
Abstract :
Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smartcards which - as most bank cards do - implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes the smartcard as a black box, takes little effort and is fast. The finite state machine models obtained provide a useful insight into decisions (or indeed mistakes) made in the design and implementation, and would be useful as part of security evaluations - not just for bank cards but for smartcard applications in general - as they can show unexpected additional functionality that is easily missed in conformance tests.
Keywords :
banking; finite state machines; formal specification; formal verification; inference mechanisms; learning (artificial intelligence); reverse engineering; security of data; smart cards; EMV protocol suite; banking smart card; finite state machine; formal model; learning technique; reverse engineering; security evaluation; smart card application; system behaviour inference; Credit cards; Cryptography; Learning automata; Protocols; Standards; Testing;
Conference_Titel :
Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on
Conference_Location :
Luxembourg
Print_ISBN :
978-1-4799-1324-4
DOI :
10.1109/ICSTW.2013.60
