We use cookies on this site. By browsing our site you agree to our use of cookies. Close this message Find out more

Home > Information Security home > Events > ISG Research Seminar 10 October 2013
More in this section Events articles

ISG Research Seminar 10 October 2013

10/10/2013 (11:00-12:00)

Contact: Lorenzo Cavallaro


Speaker: Gaven Watson (University of Bristol, UK)

Gaven Watson is a former student of Royal Holloway having completed his PhD in 2010 under the supervision of Kenny Paterson.  After leaving RHUL he held a Postdoc position at the University of Calgary in Canada, before returning to the UK in January 2012 to join the crypto group at the University of Bristol.

Title: An Analysis of the EMV Channel Establishment Protocol


With over 1.6 billion debit and credit cards in use worldwide, the EMV system (a.k.a. “Chip-and-PIN”) has become one of the most important deployed cryptographic protocol suites. Recently, the EMV consortium has decided to upgrade the existing RSA-based system with a new system relying on Elliptic Curve Cryptography (ECC). One of the central components of the new system is a protocol that enables a card to establish a secure channel with a card reader. In this talk I will present a security analysis of the proposed protocol, propose minor changes/clarifications to the “Request for Comments” issued in Nov 2012, and demonstrate that the resulting protocol meets the intended security goals.

The structure of the protocol is one commonly encountered in practice: first run a key-exchange to establish a shared key (which performs authentication and key confirmation), only then use the channel to exchange application messages. Although common in practice, this structure takes the protocol out of the reach of most standard security models for key-exchange. Unfortunately, the only models that can cope with the above structure suffer from some drawbacks that make them unsuitable for our analysis. Our second contribution is to provide new security models for channel establishment protocols. Our models have a more inclusive syntax, are quite general, deal with a realistic notion of authentication (one-sided authentication as required by EMV), and do not suffer from the drawbacks that we identify in prior models.


Comment on this page

Did you find the information you were looking for? Is there a broken link or content that needs updating? Let us know so we can improve the page.

Note: If you need further information or have a question that cannot be satisfied by this page, please call our switchboard on +44 (0)1784 434455.

This window will close when you submit your comment.

Add Your Feedback