The Community for Technology Leaders
Software Testing Verification and Validation Workshop, IEEE International Conference on (2013)
Luxembourg, Luxembourg Luxembourg
Mar. 18, 2013 to Mar. 22, 2013
ISBN: 978-1-4799-1324-4
pp: 461-468
ABSTRACT
Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smart cards which - as most bank cards do - implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes the smart card as a black box, takes little effort and is fast. The finite state machine models obtained provide a useful insight into decisions (or indeed mistakes) made in the design and implementation, and would be useful as part of security evaluations - not just for bank cards but for smart card applications in general - as they can show unexpected additional functionality that is easily missed in conformance tests.
INDEX TERMS
Cryptography, Standards, Credit cards, Protocols, Testing, Learning automata
CITATION
Fides Aarts, Joeri De Ruiter, Erik Poll, "Formal Models of Bank Cards for Free", Software Testing Verification and Validation Workshop, IEEE International Conference on, vol. 00, no. , pp. 461-468, 2013, doi:10.1109/ICSTW.2013.60
200 ms
(Ver 3.3 (11022016))