This repository contains the complementary material for our Usenix'23 paper Inducing Authentication Failures to Bypass Credit Card PINs. The material include:
Contactless.spthy: The modified version of our previous EMV contactless protocol model.attack-trace.png: The attack trace corresponding to our authentication failure attack found by Tamarin using our modified model.
First, you must have the following software installed and properly referenced:
- Tamarin (see installation instructions here)
- Python 2 (the scripts
Mastercard.oracleandtools/decommentuse this Python version.
Should you want to use Python 3, you'll need to adapt these two scripts by properly referencing the executable programs#!/usr/bin/python3and adding parentheses to Python'sprintcalls in the scripts' source)
To find our attack with the tool, now follow the steps below:
- Download our original model from https://github.com/EMVrace/EMVerify.
- Replace the file
Contactless.spthywith our modified version provided here. - Delete the folder
models-n-proofs. - Run
and the proof that such insecure execution (PIN-less & high-value) exists will be at
make -s kernel=Mastercard auth=CDA CVM=NoPIN value=High lemma=executable
models-n-proofs/contactless/Mastercard_CDA_NoPIN_High.proof. - [Optional] To reproduce the graphical attack trace above, run Tamarin in interactive mode:
and follow the instructions. Please refer to the Tamarin manual for more on the tool's interactive mode.
tamarin-prover interactive models-n-proofs/contactless/Mastercard_CDA_NoPIN_High.spthy --heuristic=O --oraclename=Mastercard.oracle