TL;DR
This paper introduces the UTX protocol, an enhanced smart card payment system that aims to provide privacy and unlinkability while maintaining security and functionality, addressing privacy concerns in EMV payments.
Contribution
The paper proposes the UTX protocol, a novel privacy-preserving payment protocol for EMV that is formally verified for security and privacy properties.
Findings
UTX protocol achieves unlinkability in smart card payments.
Formal security and privacy guarantees are certified for UTX.
Addresses privacy issues in widely used EMV payment systems.
Abstract
The most prevalent smart card-based payment method, EMV, currently offers no privacy to its users. Transaction details and the card number are sent in cleartext, enabling the profiling and tracking of cardholders. Since public awareness of privacy issues is growing and legislation, such as GDPR, is emerging, we believe it is necessary to investigate the possibility of making payments anonymous and unlinkable without compromising essential security guarantees and functional properties of EMV. This paper draws attention to trade-offs between functional and privacy requirements in the design of such a protocol. We present the UTX protocol - an enhanced payment protocol satisfying such requirements, and we formally certify key security and privacy properties using techniques based on the applied pi-calculus.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
