@inproceedings{2c7e21717865416e9eb9dcde764d662d,
title = "Relay cost bounding for contactless EMV payments",
abstract = "This paper looks at relay attacks against contactless payment cards, which could be used to wirelessly pickpocket money from victims. We discuss the two leading contactless EMV payment protocols (Visa{\textquoteright}s payWave and MasterCard{\textquoteright}s PayPass). Stopping a relay attack against cards using these protocols is hard: either the overhead of the communication is low compared to the (cryptographic) computation by the card or the messages can be cached before they are requested by the terminal. We propose a solution that fits within the EMV Contactless specification to make a payment protocol that is resistant to relay attacks from commercial off-the-shelf devices, such as mobile phones. This solution does not require significant changes to the cards and can easily be added to existing terminals. To prove that our protocol really does stop relay attacks, we develop a new method of automatically checking defences against relay attacks using the applied pi-calculus and the tool ProVerif.",
author = "T. Chothia and F.D. Garcia and {De Ruiter}, J. and {Van Den Breekel}, J.M. and M. Thompson",
year = "2015",
doi = "10.1007/978-3-662-47854-7_11",
language = "English",
isbn = "978-3-662-47853-0",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "189--206",
editor = "{B{\"o}hme }, R. and T. Okamoto",
booktitle = "Financial Cryptography and Data Security",
address = "Germany",
note = "19th International Conference on Financial Cryptography and Data Security (FC 2015), January 26-30, 2015, San Juan, Puderto Rico, FC 2015 ; Conference date: 26-01-2015 Through 30-01-2015",
}