EMV Cards Vulnerabilities Detection Using Deterministic Finite Automaton

Europay-MasterCard-Visa (EMV) standard aims to improve the security and reliability of smartcards. The main concern of this contribution is to detect vulnerabilities in an EMV transaction between terminal and EMV card. In this paper, we propose a new methodology for vulnerabilities detection based on Deterministic finite automaton (DFA). In fact, we use, as a starting point, the machine state diagram which models the specifications of a secure transaction between a terminal and a payment card. Then, we provide the DFA based on this transition state graph. We also provide the implementation of our DFA in order to recognize valid and invalid patterns automatically. Our tests proved the efficiency of our algorithm and its ability to recognize the vulnerabilities in terms of sequence of orders sent by the terminal to the EMV card.