| The financial integrated circuit(IC) card is the IC card which applied in the financial sector.IC cards have been widely used in people’s daily life due to it’s powerful features and highly security. Since traditional magnetic stripe cards can’t meet the security requirements, IC card has been gradually replaced magnetic stripe card to become the prior carrier of the financial transactions. Globalization has made the world’s financial transaction formed a unified trading standards, EMV standard become the global IC card standard as a result of it’s versatility and security.In1999, EuroPay (merged with MasterCard in2002)、MasterCard and VISA formally established EMVCo organization and responsible for the development and formulation of the EMV standard. The popularity of EMV standard greatly promoted the development of the financial IC card, most part of countries around the world have been or in progress "migration" from magnetic stripe cards to EMV cards. The EMV standard can also be used as a basic standard framework, according to different applications, countries or card issuers could develop their own standards based on the EMV standard, and all standards adhere to EMV standard interface. Such as the PBOC specifications developed in our country.The EMV card also known as the chip and PIN card, in addition to the card’s safety performance improvement, card stores the personal identification number (PIN) seted by cardholder.As a result, transactions or cash withdrawal operation couldn’t being executed without input correct PIN. Driven by the interests, however, lawless person become more and more skilled, many cardholders found that their lost EMV card been unauthorized used even if they didn’t divulge their PIN. In2010, Cambridge University researchers found that EMV card can be used by the man-in-the-middle attack method in case of didn’t know PIN, which means the EMV standard exist security vulnerabilities. Therefore it’s necessary to in-depth study of the EMV standard, so as to pinpoint the potential security vulnerabilities and design effective security mechanism.The RSA algorithm is been used as asymmetric encryption algorithm in the EMV standard’s security mechanism, compared to RSA, ECC algorithm has higher security and more applicable to IC card and other embedded devices. And the next version of the EMV standard will support ECC algorithm. The SM2algorithm has validated the efficiency and security of ECC algorithm in practical application.The research work and main results shows as the following three parts:1) Studied the EMV standard’s security system detaily, analysised of data security and logical security each step in debit/credit transaction process. The result shows that the EMV standard is vulnerable and unable to resist the man-in-the-middle attack. Conducted a similar analysis on the PBOC specifications and concluded that they are vulnerable to MITM as well. Then designed improvement programs and verified its effectiveness though software simulation.2) Elliptic curve scalar multiplication has a tremendous computation and vulnerable to power analysis attacks. For this case, proposed a new kind of fast sliding window algorithm that can resist the power analysis attacks. The Jacobian and Affine mixed coordinates strategy was applied to calculate elliptic curve scalar multiplication coordinate with the signed sliding window algorithm and random keys method was used for against power analysis attacks. The conclusion shows that compared to binary expansion method and key assignment method, the improved signed sliding window scalar multiplication algorithm improves calculative efficiency and anti-attack performance significantly.3) Designed a set of security mechanisms that apply to the EMV standard based on the ECC algorithm, including the digital signature scheme ECDSA, key agreement scheme ECDH and public key encryption scheme ECIES. |
PDF Full Text Request