I try to figure out what kind of encryption the EMV standardization recommends for transferring payment information via NFC. I browsed through the specification, but I can't find any hint about this topic. I know though that the card manufacturer provides some encryption technology on their card itself, which has partly been compromised. Does someone know, if its encrypted at all (I hope so) and if so, with which technology?
2 Answers
The communication between the card and the contactless reader is not encrypted. You can easily eavesdrop and record the exchanged APDUs, I do it almost daily using a contactless spy (the Fime SmartSpy one).
But recording the dialog is not enough to clone the card. You will get access to some information (ex : the card number, the track2 equivalent data), but :
- you will miss information required to create a magnetic stripe card
- you won't have the CVV (number written behind the card) required to make online purchases.
- You also won't be able to "replay" the transaction because the transaction data includes two unpredictable numbers generated by the terminal and the card, which are unique to each transaction and signed by the card.
The private key/certificate used by the card to sign the transaction is never transmitted during the transaction and cannot be accessed. That's this private key/certificate which is protected and encrypted on the card (I don't know the details of the security mechanisms).
The cards whose security has been compromised are some basic MiFare cards. These cards are not used for payment applications.
Simple answer: EMV transactions are not encrypted over NFC.
More specifically, a typical contactless EMV transaction works like this (very simplified, more commands are involved, but this should be enough to get you an overview):
- Select EMV payment application.
- Read card data. Card data is transfered in clear text.
- Send transaction data (amount to be authorized, transaction date/time, ...) in clear text to the card.
- Card generates a digital signature over the transaction based on its secret key (that's were cryptography comes in).
- Terminal and/or backend verify the card's digital signature over the transaction data.
Btw. the paper you refered to ("Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards") is completely unrelated to EMV payment cards. The paper is about weaknesses of MIFARE Classic cards. As opposed to EMV payment cards, MIFARE Classic cards are simple contactless memory cards with some encryption and authentication logic.