2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (2012)
Montreal, Quebec Canada
Apr. 17, 2012 to Apr. 21, 2012
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICST.2012.189
This paper introduces the Smart Logic, which is a flexible smart card research tool that gives complete control over the smart card communication channel for eavesdropping, man-in-the-middle attacks, relaying and card emulation. The hardware is available off-the-shelf at a price of about 100 euros. Furthermore, the necessary firm- and software is open source. The Smart Logic provides essential functionality for smart card protocol research and testing. This is demonstrated by reproducing two attack scenarios. The first attack is on an implementation of the EMV payment protocol where a payment terminal is forced to do a rollback to plaintext PIN instead of using encrypted PIN. The second attack is a relay of a smart card payment over a 20 km distance. We also show that this distance can be increased to at least 10.000 km.
Smart card testing, Man-in-the-Middle, Protocol analysis, Relay attack, EMV
G. de Koning Gans and J. de Ruiter, "The SmartLogic Tool: Analysing and Testing Smart Card Protocols," 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation(ICST), Montreal, Quebec Canada, 2012, pp. 864-871.