Software Testing Verification and Validation Workshop, IEEE International Conference on (2013)
Luxembourg, Luxembourg Luxembourg
Mar. 18, 2013 to Mar. 22, 2013
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICSTW.2013.60
Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smart cards which - as most bank cards do - implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes the smart card as a black box, takes little effort and is fast. The finite state machine models obtained provide a useful insight into decisions (or indeed mistakes) made in the design and implementation, and would be useful as part of security evaluations - not just for bank cards but for smart card applications in general - as they can show unexpected additional functionality that is easily missed in conformance tests.
Cryptography, Standards, Credit cards, Protocols, Testing, Learning automata
F. Aarts, J. De Ruiter and E. Poll, "Formal Models of Bank Cards for Free," Software Testing Verification and Validation Workshop, IEEE International Conference on(ICSTW), Luxembourg, Luxembourg Luxembourg, 2013, pp. 461-468.