Unlinkability of an Improved Key Agreement Protocol for EMV 2nd Gen Payments

20 JUNE 2023 from NOON till appr. 12:45 – ONLINE THROUGH zoom: https://tudelft.zoom.us/j/95062020246?pwd=WHJSOWRlQ1c1MVdJUFRUSUpoeE5BUT09

Meeting ID 950 6202 0246
Passcode 971476

Abstract:

To address known privacy problems with the EMV standard, EMVCo have proposed in an RFC a Blinded Diffie-Hellman key establishment protocol, intended to be part of a future 2nd Gen EMV protocol. We point out that active attackers were not previously accounted for in the privacy requirements of this RFC, and demonstrate that an active attacker can compromise unlinkability within a distance of 100cm. Here, we adopt a strong definition of unlinkability that does account for active attackers and propose an enhancement of the protocol proposed by EMVCo. We prove that our protocol does satisfy strong unlinkability, while preserving authentication.

Short bio:

Dr. Ross James Horne is a research fellow in the "Security and Trust of Software Systems" group at University of Luxembourg. Previously, I was senior research fellow in the Cyber Security Lab at Nanyang Technological University Singapore, research fellow in Romanian Academy, and associate professor in Kazakh-British Technical University. I hold a PhD in Computer Science from the University of Southampton and a first-class degree from University of Oxford. My research applies solid foundations to emerging systems.

Semen Yurkov, the PhD student who worked on this as well, will join as joint speaker.