On the security of the EMV secure messaging API

We present new attacks against the EMV financial transaction security system (known in Europe as “Chip and PIN”), specifically on the back-end API support for sending secure messages to EMV smartcards. We examine how secure messaging is implemented in two major Hardware Security Modules (HSMs). We show how to inject chosen plaintext into encrypted traffic between HSM and smartcard. In the case of IBM’s implementation, we further show how to retrieve confidential data from within messages by combining the injection ability with a partial dictionary attack. Such attacks could compromise secret key update of a banking smartcard, permitting construction of a perfect counterfeit, or could change the card’s PIN to a value chosen by the adversary. We discuss the issues underlying such security holes: the unwieldy primitive of cipher block chaining (CBC) has much to answer for, as does an ever-present tension between defining API functionality too specifically or too generically. We stress the importance of using secure primitives when designing security APIs, particularly because their functionality so closely resembles the theoretical adversarial model of Oracle-access.