When organized crime applies academic results: a forensic analysis of an in-card listening device

David Naccache 1, 2 Rémi Géraud 2 Houda Ferradi 1, 2 Assia Tria 3
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
3 Laboratoire Systèmes et Architectures Sécurisés (LSAS)
SAS-ENSMSE - Département Systèmes et Architectures Sécurisés, CEA-TECH-Reg - CEA Tech en régions
Abstract : This paper describes the forensic analysis of what the authors believe to be the most sophisticated smart card fraud encountered to date. In 2010, Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) described a man-in-the-middle attack against EMV cards. Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) demonstrated the attack using a general purpose FPGA board, noting that “miniaturization is mostly a mechanical challenge, and well within the expertise of criminal gangs”. This indeed happened in 2011, when about 40 sophisticated card forgeries surfaced in the field. These forgeries are remarkable in that they embed two chips wired top-to-tail. The first chip is clipped from a genuine stolen card. The second chip plays the role of the man-in-the-middle and communicates directly with the point of sale terminal. The entire assembly is embedded in the plastic body of yet another stolen card. The forensic analysis relied on X-ray chip imaging, side-channel analysis, protocol analysis, and microscopic optical inspections.
Type de document :
Article dans une revue
Journal of Cryptographic Engineering, Springer, 2015, pp 1-11. 〈10.1007/s13389-015-0112-3〉
Liste complète des métadonnées

https://hal-emse.ccsd.cnrs.fr/emse-01222610
Contributeur : Assia Tria <>
Soumis le : vendredi 30 octobre 2015 - 11:39:31
Dernière modification le : mardi 23 octobre 2018 - 14:36:11

Identifiants

Collections

Citation

David Naccache, Rémi Géraud, Houda Ferradi, Assia Tria. When organized crime applies academic results: a forensic analysis of an in-card listening device. Journal of Cryptographic Engineering, Springer, 2015, pp 1-11. 〈10.1007/s13389-015-0112-3〉. 〈emse-01222610〉

Partager

Métriques

Consultations de la notice

281