We make available all artifacts for our research. Below is a brief description
of the repositories. Please see each repo’s
README.md for more details
Tamarin Models – contains the formal models for verifying the L1RP protocol described in the paper, as well as the models for the mobile versions of Visa/Mastercard.
– source code for Proxmark firmware and client which implements our new
L1RP, via two extra commands (
hf 14a noncerdr and
Timing Data – contains the raw data and processing scripts for the Level 1 and Level 3 timings discussed in the paper.
NFCProxy_uid – our modified Android Apps, for performing our attack against Visa’s relay-protection protocol.
firmware – source
code for Proxmark firmware and client, which contains an extra command
14a tfl acting as a Transport for London barriers reader.
RRP Relay – implements the replay of APDUs to a Mastercard RRP test card.
Servers – folder containing all the python scripts needed to run the different servers for our relay apps.
Traces – proxmark traces obtained from our relays (et = express transit; no CDCVM).
 Ioana Boureanu, Tom Chothia, Alexandre Debant, Stephanie Delaune, “Security Analysis and Implementation of Relay-Resistant Contactless Payments”, at the 27th ACM Conference on Computer and Communications Security (ACM CCS), 2020.
 Tom Chothia et al. “Relay cost bounding for contactless EMV payments.” International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 2015.