EMV Cryptographic Algorithms

[Mutt]

EMV protocols (Europay, MasterCard, Visa) use a combination of cryptographic algorithms to ensure the security of transactions with chip bank cards. These algorithms guarantee card authentication, data confidentiality and protection against cloning. Below I will describe in detail the cryptographic mechanisms used in EMV, their purpose and principles of operation for educational purposes, avoiding any details that could be used for illegal activities.

Basic cryptographic algorithms in EMV​

EMV uses two main types of cryptography: symmetric and asymmetric. Each plays a specific role in the process of authentication and transaction security. Here are the key algorithms and their applications:

1. Symmetric cryptography:
   • Алгоритмы: 3DES (Triple Data Encryption Standard), AES (Advanced Encryption Standard).
   • Application: Generation of transaction cryptograms (Application Cryptogram, AC) and PIN protection.
   • How it works:
     • In symmetric cryptography, the same key is used to encrypt and decrypt data. This key is stored in a secure area of the card chip and is known to the issuing bank.
     • For example, to create an ARQC (Authorization Request Cryptogram), the chip uses 3DES or AES, combining transaction data (amount, currency, date, terminal ID) with the card's unique key.
     • Advantage: Fast processing, which is important for real-time transactions.
     • Limitation: The key must be securely protected, since its compromise allows decryption of the data.
2. Asymmetric cryptography:
   • Algorithm: RSA (Rivest-Shamir-Adleman).
   • Application: Card authentication through digital signatures in DDA (Dynamic Data Authentication) and CDA (Combined DDA/Application Cryptogram) methods.
   • How it works:
     • The card chip contains a pair of keys: private (stored in the chip’s secure memory) and public (certified by the payment system).
     • For authentication, the card signs the transaction data with a private key. The terminal verifies the signature with the public key to ensure the card is genuine.
     • Example: In DDA, the chip generates a dynamic signature that includes unique transaction data, making it impossible to reuse the signature.
     • Advantage: High resistance to cloning, since the private key cannot be extracted from the chip.
     • Limitation: Higher computational complexity compared to symmetric cryptography.
3. Hash functions:
   • Algorithm: SHA-1 (obsolete, used in older systems), SHA-256 (modern standard).
   • Usage: Generate hashes to verify the integrity of transaction data.
   • How it works:
     • A hash function transforms transaction data (e.g. amount, currency, identifier) into a unique hash of fixed length.
     • This hash is included in the cryptogram or signature so that the terminal and bank can verify that the data has not been altered.
     • Benefit: Ensures data integrity.
     • Limitation: SHA-1 is considered vulnerable to brute force collision attacks, so EMV is moving to SHA-256.

The Role of Cryptography in EMV​

Cryptographic algorithms in EMV perform the following functions:

1. Card authentication:
   • SDA (Static Data Authentication): Uses a digital signature (RSA) to verify the static data of the card. The signature is created by the issuer and verified by the terminal using the public key of the payment system.
   • DDA (Dynamic Data Authentication): The chip generates a dynamic signature (RSA) for each transaction, including unique data (e.g. transaction counter).
   • CDA (Combined DDA/Application Cryptogram): Combines DDA with cryptogram generation (3DES/AES), providing double verification.
2. Transaction cryptogram generation:
   • The chip creates a cryptogram (ARQC, TC or AAC) using 3DES or AES, using the card's unique key (derived from the issuer's master key).
   • The cryptogram includes transaction data and a counter (ATC, Application Transaction Counter), which makes each transaction unique.
3. PIN code protection:
   • The PIN is encrypted using 3DES or AES when entered at the terminal and transmitted to the chip or to the bank.
   • For offline verification, the PIN is compared with an encrypted value stored in the chip, without revealing the PIN itself.
4. Contactless transactions (NFC):
   • They use the same algorithms (RSA, 3DES, AES), but with additional measures such as limiting the transaction amount and using one-time codes.

Key processes and their cryptographic basis​

1. Initialization and application selection:
   • The chip transmits a list of supported applications (AID, Application Identifier) and certificates to the terminal. The certificates are signed by RSA and verified using the public key of the payment system.
2. Data authentication:
   • In DDA/CDA, the chip generates an RSA signature that includes a hash (SHA-1/SHA-256) of the transaction data and a random number (nonce) provided by the terminal. This prevents replay attacks.
3. Cryptogram generation:
   • The chip creates ARQC using 3DES or AES using the data:
     • Card number, expiration date, amount, currency, date, terminal ID.
     • Transaction Counter (ATC).
     • Random number from the terminal (to protect against replay attacks).
   • The issuing bank verifies the cryptogram using the same key.
4. Online authorization:
   • The ARQC is sent to the bank via the payment network. The bank decrypts the cryptogram (3DES/AES) and verifies its integrity using a hash (SHA-256).
5. Offline authorization:
   • For offline transactions, the terminal verifies the card signature (RSA) and data hash (SHA-1/SHA-256). The chip can also limit transactions based on internal limits.

Security and Vulnerabilities​

EMV cryptographic algorithms provide a high level of security, but have potential weaknesses that are studied for educational purposes:

1. Deprecated algorithms:
   • SHA-1, used in older systems, is vulnerable to brute-force collision attacks. Modern implementations are moving to SHA-256.
   • 3DES is considered less secure than AES due to its shorter key length (112/168 bits versus 128/256 bits for AES).
2. Attacks on implementation:
   • Attackers may attempt to attack the physical implementation of the chip (e.g. through side-channel attacks, analyzing power consumption or execution time of operations). However, this requires sophisticated equipment and access to the card.
3. Key compromise:
   • If the issuer's private key or master key is compromised, security could be compromised. That's why keys are stored in hardware security modules (HSMs).
4. Offline vulnerabilities:
   • In offline mode, the terminal can be tricked by a counterfeit card if online verification is not performed. Modern terminals minimize such risks by requiring periodic online authorization.

Modern improvements​

Payment systems are constantly updating EMV to improve security:

• Migrating to AES: New EMV implementations replace 3DES with AES for higher cryptographic strength.
• SHA-256: Replace SHA-1 with SHA-256 for hashing.
• Tokenization: Used in mobile payments (Apple Pay, Google Pay), where a one-time token protected by cryptography is transmitted instead of a card number.
• 3D-Secure: Complements EMV for online transactions using additional passwords or biometrics.

Conclusion​

EMV cryptographic algorithms (RSA, 3DES, AES, SHA-1/SHA-256) provide multi-layered transaction security through authentication, encryption, and data integrity checking. They make card cloning virtually impossible and protect against most types of fraud. However, their effectiveness depends on proper implementation and compliance with security standards.

If you would like to dive deeper into specific aspects, such as the technical details of RSA or AES, how EMV compares to tokenization, or how to test cryptographic systems in a legitimate environment (e.g. through simulations in educational platforms), let me know and I will provide more detailed information.