GlobalPlatform introduced Secure Channel Protocol (SCP) in smart cards to enable devices to exchange data in open channel and to protect against data skimming and establish secure communication. Optimized for Java Cards, the used encryption schemes in these protocols do not follow any standardized or provably secure construction. Since its first publication, the GP card specifications have been the subject of diverse verifications. For instance, authors in examine some aspects of these specifications and prove their soundness via the B method. Nevertheless, to the best of our knowledge, no rigorous analysis of the SCP encryption schemes has been provided before. Our goal is thus to study them through provable security, and hence to validate (or invalidate) the security guaranteed by GlobalPlatform.
In early April 2018, GlobalPlatform announced in a Security Informative Note that the latest version of the Card Specification (v2.3.1) will set