Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers

Research Article

Building General-Purpose Security Services on EMV Payment Cards

Download
414 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-36883-7_3,
        author={Chunhua Chen and Shaohua Tang and Chris Mitchell},
        title={Building General-Purpose Security Services on EMV Payment Cards},
        proceedings={Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2013},
        month={2},
        keywords={GAA EMV key establishment security service},
        doi={10.1007/978-3-642-36883-7_3}
    }
    
  • Chunhua Chen
    Shaohua Tang
    Chris Mitchell
    Year: 2013
    Building General-Purpose Security Services on EMV Payment Cards
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-36883-7_3
Chunhua Chen1,*, Shaohua Tang1,*, Chris Mitchell2,*
  • 1: South China University of Technology
  • 2: Royal Holloway, University of London
*Contact email: chen.chunhua@mail.scut.edu.cn, csshtang@scut.edu.cn, c.mitchell@rhul.ac.uk

Abstract

The Generic Authentication Architecture (GAA) is a standardised extension to the mobile telephony security infrastructures that supports the provision of security services to network applications. We have proposed a generalised version of GAA which enables almost any pre-existing infrastructure to be used as the basis for the provision of generic security services, and have examined a GAA instantiation supported by Trusted Computing. In this paper we study another instantiation of GAA, this time building on the widely deployed EMV security infrastructure. This enables the existing EMV infrastructure to be used as the basis of a general-purpose authenticated key establishment service in a simple and uniform way, and also provides an opportunity for EMV-aware third parties to provide novel security services. We also discuss possible applications and issues of privacy and trust.