Ioana Boureanu: Relay-Secure Contactless Payments Even in Presence of Malicous PoS
Abstract
In relay attacks on contactless payments, an adversary can make an illicit payment in the name a card found outside the accepted range of the point-of-sale (PoS). In this talk, we will discuss the design, formal security-analysis and implementation of contactless payments which are secure against relay attacks even when the PoS is malicious. Our strongly-secure constructions are (in part) backward-compatible with the current EMV standard for contactless payments. For our analysis, we put forward a new formal model for capturing strong relay attacks, a new result for security analysis in this space and a mechanisation in ProVerif. This work is part of a research funded under UK's Research Institute for Secure Hardware and Embedded Systems (RISE), carried out in collaboration (amongst others) with Visa, Mastercard.
Short Bio
Ioana Boureanu is a Senior Lecturer (Associate Professor) in Secure Systems at University of Surrey, in the UK. She obtained her PhD in formal verification of security protocols from Imperial College London (2011). She went on to be a postdoctoral researcher and lecturer in LASEC (Laboratory of Security and Cryptography) at EPFL, Lausanne, Switzerland. She also worked in industry as a security architect at Akamai. She was awarded an H2020 Marie-Curie fellowship in 2015, which she did at Imperial College London. In 2016, she moved to University of Surrey, at the Surrey Centre for Cyber Security. Her research focuses on (automatic) analysis of security using mainly logic-based formalisms, as well as on provable security and applied cryptography, with particular interests in lightweight mechanisms and IoT security.