3

I am looking into EMV Contact and Contactless protocols, but I felt there were a few ambiguities which I would appreciate help with:

  1. Is the chip used in EMV Contactless capable of performing the same computations as the contact? I know that the contactless is based on ISO 14443 while the contact is ISO 7816 but they don't really specify in the docs if the 2 chips can actually perform the same tasks...

  2. Aren't there any time constraints for any action done by the card? I'm looking for an action that the card performs that has an upper bound of time, (e.g. I would expect signing dynamic data to take some time but I don't know if EMV have actually set an upper bound to this as a standard in their docs)

defalt
  • 6,231
  • 2
  • 22
  • 37
OrangeJusticeV
  • 111
  • 5

1 Answers1

3

Contactless card uses the same chip and PIN module as in contact card. The difference between them is in the medium of communication with the terminal and in application selection. Contactless cards store additional cryptographic keys to authorise contactless transaction. As their keys are separate, the issuer can disable contactless payment by always rejecting contactless transaction authorisation request but still allowing contact payments. Some banks offer this opt-in feature to prevent unauthorised use of stolen contactless cards.

In contact payment, there are no time constraints. Contact card can even tell terminal to wait and call it again after some seconds and then it can do this indefinitely (21:01). Some terminals can also tolerate few seconds round trip delay (23:18) because contact cards are slow (600 bits per second (23:56) and transaction can be few bytes long).

The recommended transaction time for contactless payment is 500ms but it is not globally enforced by the issuers as terminals can itself add latency in processing. Most of the contactless payments take 330ms - 637ms and some terminals can allow max transaction time upto 52 seconds (16:30). This out of specs implementation is to maintain compatibility across card issuers and PoS manufacturers (In UK alone, there are almost 300 approved chip and PIN terminals). This is why relay attacks are successful.

However, there is a max allowed time length in Distance Bounding Protocol which combats relay attacks. Distance bounding is in the EMV contactless specification and Mastercard has taken up this defence, meaning its cards (at least) are protected.

ICC does not have an internal clock. For signal processing and I/O modes, ICC relies on clock signal provided by the terminal.

I/O line can be switched to (reception mode) receive data from the terminal or to (transmission mode) transmit data to the terminal.

EMV Book 1, 7 - Physical Transportation of Characters

During the transaction process, data is passed bi-directionally between the terminal and the ICC over the I/O line in an asynchronous half duplex manner. A clock signal is provided to the ICC by the terminal, and this shall be used to control the timing of this exchange.

ICC cannot measure the time between two command.

defalt
  • 6,231
  • 2
  • 22
  • 37
  • Thank you for your answer. As for part 1 I am satisfied. I am also aware of distance bounding in EMV context. But I was looking for some way to create a stopwatch mechanism on the card itself. That is: I want the card to be able to measure time between 2 actions or commands it receives for example... can you think of a way that this is possible? – OrangeJusticeV Oct 29 '20 at 21:10
  • @OrangeJusticeV See my edit. Are you trying to find a way to detect relays from the card itself? – defalt Oct 30 '20 at 11:54
  • Yes exactly.l thats what Im trying to do – OrangeJusticeV Oct 31 '20 at 12:24
  • @OrangeJusticeV ICC does not have an internal clock. This is why terminal acts as a verifier in distance bounding. – defalt Oct 31 '20 at 13:39
  • 1
    Yes I realize this but there has been [literature](https://link.springer.com/chapter/10.1007/978-3-030-32101-7_14) entertaining the possibility of a compromised or even malicious merchant. There have also been [efforts](https://www.researchgate.net/publication/37402492_SECTOR_Secure_Tracking_of_Node_Encounters_in_Multi-hop_Wireless_Networks) on "mutual distance-bounding". Don't you think its logical to have the card and terminal mutually verify the distance in between? My intuition is to have the card perform an action of known definite time measured beforehand to be able to measure time. – OrangeJusticeV Oct 31 '20 at 14:01
  • I feel that this question can be rephrased in a broader sense. Please see [here](https://security.stackexchange.com/questions/240306/how-is-the-timer-implemented-in-mutual-distance-bounding-protocols) – OrangeJusticeV Oct 31 '20 at 17:46