Enhancing EMV Tokenisation with Dynamic Transaction Tokens. / Jayasinghe, Danushka; Markantonakis, Konstantinos; Akram, Raja; Mayes, Keith.

Radio Frequency Identification and IoT Security: RFIDSec 2016. ed. / Gerhard Hancke; Konstantinos Markantonakis. Springer, 2017. p. 107-122 (Lecture Notes in Computer Science ; Vol. 10155).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Enhancing EMV Tokenisation with Dynamic Transaction Tokens. / Jayasinghe, Danushka; Markantonakis, Konstantinos; Akram, Raja; Mayes, Keith.

Radio Frequency Identification and IoT Security: RFIDSec 2016. ed. / Gerhard Hancke; Konstantinos Markantonakis. Springer, 2017. p. 107-122 (Lecture Notes in Computer Science ; Vol. 10155).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Jayasinghe, D, Markantonakis, K, Akram, R & Mayes, K 2017, Enhancing EMV Tokenisation with Dynamic Transaction Tokens. in G Hancke & K Markantonakis (eds), Radio Frequency Identification and IoT Security: RFIDSec 2016. Lecture Notes in Computer Science , vol. 10155, Springer, pp. 107-122. https://doi.org/10.1007/978-3-319-62024-4_8

APA

Jayasinghe, D., Markantonakis, K., Akram, R., & Mayes, K. (2017). Enhancing EMV Tokenisation with Dynamic Transaction Tokens. In G. Hancke, & K. Markantonakis (Eds.), Radio Frequency Identification and IoT Security: RFIDSec 2016 (pp. 107-122). (Lecture Notes in Computer Science ; Vol. 10155). Springer. https://doi.org/10.1007/978-3-319-62024-4_8

Vancouver

Jayasinghe D, Markantonakis K, Akram R, Mayes K. Enhancing EMV Tokenisation with Dynamic Transaction Tokens. In Hancke G, Markantonakis K, editors, Radio Frequency Identification and IoT Security: RFIDSec 2016. Springer. 2017. p. 107-122. (Lecture Notes in Computer Science ). https://doi.org/10.1007/978-3-319-62024-4_8

Author

Jayasinghe, Danushka ; Markantonakis, Konstantinos ; Akram, Raja ; Mayes, Keith. / Enhancing EMV Tokenisation with Dynamic Transaction Tokens. Radio Frequency Identification and IoT Security: RFIDSec 2016. editor / Gerhard Hancke ; Konstantinos Markantonakis. Springer, 2017. pp. 107-122 (Lecture Notes in Computer Science ).

BibTeX

@inproceedings{73fc99d6a6704440a62b35b4ef842077,
title = "Enhancing EMV Tokenisation with Dynamic Transaction Tokens",
abstract = "Europay MasterCard Visa (EMV) Tokenisation specification details how the risk involved in Personal Account Number (PAN) compromise can be prevented by using tokenisation. In this paper, we identify two main potential problem areas that raise concerns about the security of tokenised EMV contactless mobile payments, especially when the same token also called a static token is used to pay for all transactions. We then discuss five associated attack scenarios that would let an adversary compromise payment transactions. It is paramount to address these security concerns to secure tokenised payments, which is the main focus of the paper. We propose a solution that would enhance the security of this process when a smart phone is used to make a tokenised contactless payment. In our design, instead of using a static token in every transaction, a new dynamic token and a token cryptogram is used. The solution is then analysed against security and protocol objectives. Finally the proposed protocol is subjected to mechanical formal analysis using Scyther which did not find any feasible attacks within the bounded state space.",
author = "Danushka Jayasinghe and Konstantinos Markantonakis and Raja Akram and Keith Mayes",
year = "2017",
month = "7",
day = "20",
doi = "10.1007/978-3-319-62024-4_8",
language = "English",
isbn = "978-3-319-62023-7",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "107--122",
editor = "Gerhard Hancke and Konstantinos Markantonakis",
booktitle = "Radio Frequency Identification and IoT Security",

}

RIS

TY - GEN

T1 - Enhancing EMV Tokenisation with Dynamic Transaction Tokens

AU - Jayasinghe, Danushka

AU - Markantonakis, Konstantinos

AU - Akram, Raja

AU - Mayes, Keith

PY - 2017/7/20

Y1 - 2017/7/20

N2 - Europay MasterCard Visa (EMV) Tokenisation specification details how the risk involved in Personal Account Number (PAN) compromise can be prevented by using tokenisation. In this paper, we identify two main potential problem areas that raise concerns about the security of tokenised EMV contactless mobile payments, especially when the same token also called a static token is used to pay for all transactions. We then discuss five associated attack scenarios that would let an adversary compromise payment transactions. It is paramount to address these security concerns to secure tokenised payments, which is the main focus of the paper. We propose a solution that would enhance the security of this process when a smart phone is used to make a tokenised contactless payment. In our design, instead of using a static token in every transaction, a new dynamic token and a token cryptogram is used. The solution is then analysed against security and protocol objectives. Finally the proposed protocol is subjected to mechanical formal analysis using Scyther which did not find any feasible attacks within the bounded state space.

AB - Europay MasterCard Visa (EMV) Tokenisation specification details how the risk involved in Personal Account Number (PAN) compromise can be prevented by using tokenisation. In this paper, we identify two main potential problem areas that raise concerns about the security of tokenised EMV contactless mobile payments, especially when the same token also called a static token is used to pay for all transactions. We then discuss five associated attack scenarios that would let an adversary compromise payment transactions. It is paramount to address these security concerns to secure tokenised payments, which is the main focus of the paper. We propose a solution that would enhance the security of this process when a smart phone is used to make a tokenised contactless payment. In our design, instead of using a static token in every transaction, a new dynamic token and a token cryptogram is used. The solution is then analysed against security and protocol objectives. Finally the proposed protocol is subjected to mechanical formal analysis using Scyther which did not find any feasible attacks within the bounded state space.

U2 - 10.1007/978-3-319-62024-4_8

DO - 10.1007/978-3-319-62024-4_8

M3 - Conference contribution

SN - 978-3-319-62023-7

T3 - Lecture Notes in Computer Science

SP - 107

EP - 122

BT - Radio Frequency Identification and IoT Security

A2 - Hancke, Gerhard

A2 - Markantonakis, Konstantinos

PB - Springer

ER -