A large number of electronic transactions are performed with credit or debit cards at point of sale terminals located at merchant stores. The success of this form of payment however, has an associated cost due to the management and maintenance of the equipment. In particular, there is an important cost related to the deployment of new software upgrades for the point of sale terminals, since in most cases human intervention is required. In this paper, we present a lightweight protocol for secure firmware updates for smart card based point of sale terminals. The protocol has especially been designed with respect to the limited hardware resources in such devices. Also, the low bandwidth and the risk of packet loss in the wireless link have been taken into consideration. The protocol provides data integrity and authenticity protection, and thus prevents an attacker from modifying a firmware in transit and installing malicious firmware in the terminals. In addition, terminals can verify that, the received firmware originated from a trusted source. The protocol includes confidentiality protection, and thus the proprietary firmware is kept secret from attackers.
Reference:
Tsague, H.D, Van der Merwe, J and Moabalobelo, T. 2015. Secure firmware updates for point of sale terminals. In: The 10th International Conference on Cyber Warfare and Security, 24-25 March 2015, Mpumalanga, South Africa
Tsague, H., Van der Merwe, J. J., & Moabalobelo, T. (2015). Secure firmware updates for point of sale terminals. Academic Conferences International. http://hdl.handle.net/10204/8516
Tsague, HD, Johannes J Van der Merwe, and T Moabalobelo. "Secure firmware updates for point of sale terminals." (2015): http://hdl.handle.net/10204/8516
Tsague H, Van der Merwe JJ, Moabalobelo T, Secure firmware updates for point of sale terminals; Academic Conferences International; 2015. http://hdl.handle.net/10204/8516 .
The 10th International Conference on Cyber Warfare and Security, 24-25 March 2015, Mpumalanga, South Africa. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's website