Article

Formal Models of Bank Cards for Free

Authors:

ICSTW '13: Proceedings of the 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops

Pages 461 - 468

https://doi.org/10.1109/ICSTW.2013.60

Published: 18 March 2013 Publication History

Abstract

Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smart cards which - as most bank cards do - implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes the smart card as a black box, takes little effort and is fast. The finite state machine models obtained provide a useful insight into decisions (or indeed mistakes) made in the design and implementation, and would be useful as part of security evaluations - not just for bank cards but for smart card applications in general - as they can show unexpected additional functionality that is easily missed in conformance tests.

Cited By

View all

Marksteiner SSirjani MSjödin M(2023)Using Automata Learning for Compliance Evaluation of Communication Protocols on an NFC Handshake ExampleEngineering of Computer-Based Systems10.1007/978-3-031-49252-5_13(170-190)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-49252-5_13
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Pferscher AAichernig B(2022)Fingerprinting and analysis of Bluetooth devices with automata learningFormal Methods in System Design10.1007/s10703-023-00425-y61:1(35-62)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1007/s10703-023-00425-y
Show More Cited By

Formal Models of Bank Cards for Free
1. Applied computing

Recommendations

Bank Cards Usage by Russian Students: a Step Forward or a Fading Reality?
DEFIN-2021: IV International Scientific and Practical Conference

The rise in non-cash payments sets the grounds for the world to abandon the use of cash in the near future. Bank cards are increasingly replacing cash is. The advantage of bank cards of various types has already been proven. A debit card allows its ...
Cloning credit cards: a combined pre-play and downgrade attack on EMV contactless
WOOT'13: Proceedings of the 7th USENIX conference on Offensive Technologies

Recent roll-outs of contactless payment infrastructures-particularly in Austria and Germany - have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay ...
Managing credit lines and prices for bank one credit cards
Wagner prize papers

We developed a method for managing the characteristics of a bank's card holder portfolio in an optimal manner. The annual percentage rate (APR) and credit line of an account influence card use and bank profitability. Consumers find low APRs and high ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICSTW '13: Proceedings of the 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops

March 2013

482 pages

ISBN:9780769549934

Publisher

IEEE Computer Society

United States

Publication History

Published: 18 March 2013

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Marksteiner SSirjani MSjödin M(2023)Using Automata Learning for Compliance Evaluation of Communication Protocols on an NFC Handshake ExampleEngineering of Computer-Based Systems10.1007/978-3-031-49252-5_13(170-190)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-49252-5_13
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Pferscher AAichernig B(2022)Fingerprinting and analysis of Bluetooth devices with automata learningFormal Methods in System Design10.1007/s10703-023-00425-y61:1(35-62)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1007/s10703-023-00425-y
Ferreira TBrewton HD'Antoni LSilva AKuipers FCaesar M(2021)PrognosisProceedings of the 2021 ACM SIGCOMM 2021 Conference10.1145/3452296.3472938(762-774)Online publication date: 9-Aug-2021
https://dl.acm.org/doi/10.1145/3452296.3472938
Shen JRinard M(2021)Active Learning for Inference and Regeneration of Applications that Access DatabasesACM Transactions on Programming Languages and Systems10.1145/343095242:4(1-119)Online publication date: 22-Jan-2021
https://dl.acm.org/doi/10.1145/3430952
Kang HLo D(2021)Adversarial Specification MiningACM Transactions on Software Engineering and Methodology10.1145/342430730:2(1-40)Online publication date: 3-Jan-2021
https://dl.acm.org/doi/10.1145/3424307
Selvaraj YFarooqui APanahandeh GFabian MGuerra EIovino L(2020)Automatically learning formal modelsProceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings10.1145/3417990.3421262(1-10)Online publication date: 16-Oct-2020
https://dl.acm.org/doi/10.1145/3417990.3421262
Iyer PMasoumzadeh ALobo JStoller SLiu P(2020)Active Learning of Relationship-Based Access Control PoliciesProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395614(155-166)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395614
Shen JRinard MMcKinley KFisher K(2019)Using active learning to synthesize models of applications that access databasesProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314591(269-285)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314591
Rinard MShen JMangalick VBoix EGabriel R(2018)Active learning for inference and regeneration of computer programs that store and retrieve dataProceedings of the 2018 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software10.1145/3276954.3276959(12-28)Online publication date: 24-Oct-2018
https://dl.acm.org/doi/10.1145/3276954.3276959
Show More Cited By

Abstract

Cited By

Recommendations

Bank Cards Usage by Russian Students: a Step Forward or a Fading Reality?

Cloning credit cards: a combined pre-play and downgrade attack on EMV contactless

Managing credit lines and prices for bank one credit cards

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations