Lunch and Learn with Tom Chothia

March 15

11:00am - 12:00pm

Engineering & Computer Science, Room 410, Classroom

Join us as Tom Chothia speaks on Modeling and Analysis of Distance Bounding Protocols and Relay Attacks on Contactless EMV Bank Cards. Food will be available on a first come first serve basis. More details on talk and speaker below.

Contactless EMV payments are replacing cash in much of Europe and slowly being introduced in the US. These payments are fast, convenient and do not require the users PIN or signature. In this talk, Chothia will show that it is possible to use smart phones to relay signals from a bank card inside a wallet or purse to a shop terminal in order to wirelessly pick pocket money. Based on this experience, we have developed a formal analysis framework in which we can design and analyse cryptographic protocols that use distance bounding to stop attacks like this. Using this framework we have designed a protocol to stop relay attacks against EMV cards, which has since been added to MasterCard's official specification. Tom will also briefly discuss some of my further work in this area which looks at ways of stopping attacks made by malicious or corrupted payment terminals.

Bio: Tom Chothia is a Senior Lecturer (equiv. Associate Professor) in cyber security at the University of Birmingham, UK. His work focuses on the development of mathematical and formal methods and their application to real world security problems. He currently holds grants in the areas of industrial control system security, distance bounding protocols for secure payments, and automated checking of protocol implementations. His work on pacemaker security, e-passport traceability and BitTorrent monitoring have all received media coverage.