Crypto-1
| 概述 | |
|---|---|
| 设计者 | Philips/NXP |
| 首次发布 | October 6, 2008 |
| 密码细节 | |
| 密钥长度 | 48 bits |
| 安全声明 | 48 bits |
| 结构 | 非线性反馈移位寄存器、线性反馈移位寄存器 |
| 最佳公开破解 | |
| Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur (2009-03-17). "Wirelessly Pickpocketing a Mifare Classic Card" | |
Crypto-1是由恩智浦半导体為其於1994年推出的MIFARE Classic RFID免觸碰智能卡所創建的專有加密演算法(流密码)和認證協議。這些卡片已被用於許多著名的系統,包括蠔卡、查理卡和OV晶片卡。
到了2009年,密碼學研究已經逆向工程了這種密碼,並公布了有效破解安全性的各種攻擊[1][2][3][4][5]。
恩智浦在其後推出了修正的版本MIFARE Classic EV1(仍與MIFARE Classic系統相容),然而在2015年時發現新的攻擊[6][7],因此恩智浦在之後建議停用MIFARE Classic[8]。
技術細節[编辑]
Crypto-1是一個流密码,結構與後繼的Hitag2類似,包含了:
- 48-bit的线性反馈移位寄存器(LSFR)用以儲存狀態,
- 兩層的20對1非線性函數用於生成密鑰流,
- 16位的LFSR,它在驗證階段被用作偽隨機數生成器。
參考資料[编辑]
- ^ de Koning Gans, Gerhard; J.-H. Hoepman; F.D. Garcia. A Practical Attack on the MIFARE Classic (PDF). 8th Smart Card Research and Advanced Application Workshop (CARDIS 2008), LNCS, Springer. 2008-03-15 [2023-05-17]. (原始内容 (PDF)存档于2022-04-22).
- ^ Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil. Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive. 2008-04-14 [2023-05-17]. (原始内容存档于2012-09-13).
- ^ Nohl, Karsten; David Evans; Starbug Starbug; Henryk Plötz. Reverse-engineering a cryptographic RFID tag. SS'08 Proceedings of the 17th conference on Security symposium. USENIX: 185–193. 2008-07-31 [2023-05-17]. (原始内容存档于2019-03-23).
- ^ Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers; Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs. Dismantling MIFARE Classic (PDF). 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. 2008-10-04 [2023-05-17]. (原始内容 (PDF)存档于2017-08-08).
- ^ Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur. Wirelessly Pickpocketing a Mifare Classic Card (PDF). 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. 2009-03-17 [2023-05-17]. (原始内容 (PDF)存档于2022-01-02).
- ^ Meijer, Carlo; Verdult, Roel. Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15 (Denver, Colorado, USA: Association for Computing Machinery). 2015-10-12: 18–30. ISBN 978-1-4503-3832-5. S2CID 4412174. doi:10.1145/2810103.2813641. hdl:2066/151451
.
- ^ Meijer; Verdult. Ciphertext-only Cryptanalysis on Hardened Mifare Classic (PDF). R. Verdult's page at Institute for Computing and Information Sciences, Radboud University. (原始内容存档 (PDF)于2021-04-29).
- ^ Grüll, Johannes. Security Statement on Crypto1 Implementations. www.mifare.net. October 12, 2015 [2021-04-29]. (原始内容存档于2023-09-06).
外部連結[编辑]
- Radboud Universiteit Nijmegen press release PDF (页面存档备份,存于互联网档案馆) (英文)
- Details of Mifare reverse engineering by Henryk Plötz PDF (德文)
- Windows GUI Crypto1 tool, optimized for use with the Proxmark3
| ||||||||||||||||||||||||||||||||||