0

Can somebody please clarify how DDA protects EMV cards against cloning

From what I have learned so far a random unique number is generated by terminal and sent to card

Card will generate a Private/Public key and then sign the the card data with private key and send it to terminal for verification

How does this protect against cloning ?

crazyghost
  • 17
  • 6

1 Answers1

0

Card will not generate private and public keys. Private and Public keys are encoded into the chip during personalization. First you need to understand what the terminal and card have in hand to understand this. Go through this answer.

Now that you know where each keys come from, during DDA, using the ICC private key, card will generate a certificate, and terminal will validate the certificate using ICC Public Key.

Detailed process is explained in EMV 4.3 Book 2 Security and Key Management, section 5 and 6. Download from here . Start reading from SDA and have the basis clear.

Adarsh Nanu
  • 2,133
  • 1
  • 13
  • 18
  • But please correct me if i am wrong ; In SDA cloning occurs by intercepting the communication between card and terminal and capturing the signed SDAD , this can be reused to impersonate a card. To prevent cloning in DDA this SDAD value also contains a random number sent from terminal for every transaction so an attacker cant reuse a captured SDAD value again as this predicting this random number is improbable. – crazyghost Apr 07 '20 at 19:38
  • By intercepting the commands back and forth between a card and a terminal, you can never clone a card. Just with SDAD you cannot send an EMV grade transaction. Read more on EMV transaction processing before you go to the security side. – Adarsh Nanu Apr 08 '20 at 08:27