Paper 2019/924

Your Money or Your Life---Modeling and Analyzing the Security of Electronic Payment in the UC Framework

Dirk Achenbach, Roland Gröll, Timon Hackenjos, Alexander Koch, Bernhard Löwe, Jeremias Mechler, Jörn Müller-Quade, and Jochen Rill


EMV, also known as Chip and PIN, is the world-wide standard for card-based electronic payment. Its security wavers: over the past years, researchers have demonstrated various practical attacks, ranging from using stolen cards by disabling PIN verification to cloning cards by pre-computing transaction data. Most of these attacks rely on violating certain unjustified and not explicitly stated core assumptions upon which EMV is built, namely that the input device (e.g. the ATM) is trusted and all communication channels are non-interceptable. In addition, EMV lacks a comprehensive formal description of its security. In this work we give a formal model for the security of electronic payment protocols in the Universal Composability (UC) framework. A particular challenge for electronic payment is that one participant of a transaction is a human who cannot perform cryptographic operations. Our goal is twofold. First, we want to enable a transition from the iterative engineering of such protocols to using cryptographic security models to argue about a protocol’s security. Second, we establish a more realistic adversarial model for payment protocols in the presence of insecure devices and channels. We prove a set of necessary requirements for secure electronic payment with regards to our model. We then discuss the security of current payment protocols based on these results and find that most are insecure or require unrealistically strong assumptions. Finally, we give a simple payment protocol inspired by chipTAN and photoTAN and prove its security. Our model captures the security properties of electronic payment protocols with human interaction. We show how to use this to reason about necessary requirements for secure electronic payment and how to develop a protocol based on the resulting guidelines. We hope that this will facilitate the development of new protocols with well-understood security properties.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MAJOR revision.
EMVUniversal ComposabilitySecurity ModelsHuman- Server-InteractionElectronic Payment
Contact author(s)
rill @ fzi de
2019-08-18: received
Short URL
Creative Commons Attribution


      author = {Dirk Achenbach and Roland Gröll and Timon Hackenjos and Alexander Koch and Bernhard Löwe and Jeremias Mechler and Jörn Müller-Quade and Jochen Rill},
      title = {Your Money or Your Life---Modeling and Analyzing the Security of Electronic Payment in the {UC} Framework},
      howpublished = {Cryptology ePrint Archive, Paper 2019/924},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.