Paper 2009/387

Securing Plastic Money Using an RFID Based Protocol Stack

Rishab Nithyanand

Abstract

Since 2006, there have been three major systems that have been implemented in an attempt to reduce the threat of credit card fraud - Chip and PIN (United Kingdom), Chip Authentication Program - CAP (European Union), and RFID enabled credit cards (United States of America). In spite of a big effort by the EMV\footnote{EMV Co.: a body comprising of Europay, Mastercard, and Visa which develops standards for credit card interaction.}, there has been little evidence to demonstrate the success of these schemes in stopping fraudsters, scammers, and identity thieves. This may be attributed to combinations of poor usability, lack of trusted interfaces, the absence of smart-card cryptography that takes full advantage of the available computation resources, and inadequate authentication protocols. In this paper, we explain the shortcomings and vulnerabilities of each of these systems, and then explain requirements of a secure and usable cashless payment system. We also describe a new RFID based protocol stack - SECAPS (Secure Cashless Payment System), which obviates many of the attacks on the current schemes by using the newly available computation resources on modern RFID Tags.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Credit CardsRFID
Contact author(s)
rishabn @ uci edu
History
2009-11-01: last of 4 revisions
2009-08-11: received
See all versions
Short URL
https://ia.cr/2009/387
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/387,
      author = {Rishab Nithyanand},
      title = {Securing Plastic Money Using an {RFID} Based Protocol Stack},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/387},
      year = {2009},
      url = {https://eprint.iacr.org/2009/387}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.