Formal Analysis of MCAP Protocol Against Replay Attack

Replay attack is considered a common attacking technique that is used by adversaries to gain access to confidential information. Several approaches have been proposed to prevent replay attack in security-critical systems such as Automated Teller Machines (ATM) systems. Among those approaches is a recent one called the Mutual Chain Authentication Protocol for the Saudi Payments Network transactions (MCAP). This protocol aims to allow Saudi banking systems to overcome existing weaknesses in the currently used Two-Factor Authentication (2FA) protocols. In this paper, we analyze and verify the recent MCAP authentication protocol against replay attacks. Therefore, we examine the mutual authentication between the ATM Terminal, Sponsoring Banks (SBAT), Saudi Payments Network (SPAN) and the Issuing of Financial Bank (CIFI). The paper also provides a formal analysis of the MCAP to conduct formal proofs of the MCAP protocols against replay attacks.