Crypto-1是由恩智浦半導體為其於1994年推出的MIFARE Classic RFID免觸碰智慧卡所建立的專有加密演算法(串流加密法)和認證協定。這些卡片已被用於許多著名的系統,包括蠔卡查理卡OV晶片卡

Crypto-1
概述
設計者Philips/NXP
首次發布October 6, 2008
密碼細節
金鑰長度48 bits
安全聲明48 bits
結構非線性回饋移位暫存器線性回饋移位暫存器
最佳公開破解
Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur (2009-03-17). "Wirelessly Pickpocketing a Mifare Classic Card"

到了2009年,密碼學研究已經逆向工程了這種密碼,並公布了有效破解安全性的各種攻擊[1][2][3][4][5][6]

恩智浦在其後推出了修正的版本MIFARE Classic EV1(仍與MIFARE Classic系統相容),然而在2015年時發現新的攻擊[7][8],因此恩智浦在之後建議停用MIFARE Classic[9]

技術細節

Crypto-1是一個串流加密法,結構與後繼的Hitag2類似,包含了:

  • 48-bit的線性回饋移位暫存器(LSFR)用以儲存狀態,
  • 兩層的20對1非線性函式用於生成金鑰流,
  • 16位元的LFSR,它在驗證階段被用作偽隨機數生成器。

參考資料

  1. ^ de Koning Gans, Gerhard; J.-H. Hoepman; F.D. Garcia. A Practical Attack on the MIFARE Classic (PDF). 8th Smart Card Research and Advanced Application Workshop (CARDIS 2008), LNCS, Springer. 2008-03-15 [2023-05-17]. (原始內容 (PDF)存檔於2022-04-22). 
  2. ^ Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil. Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive. 2008-04-14 [2023-05-17]. (原始內容存檔於2012-09-13). 
  3. ^ Nohl, Karsten; David Evans; Starbug Starbug; Henryk Plötz. Reverse-engineering a cryptographic RFID tag. SS'08 Proceedings of the 17th conference on Security symposium. USENIX: 185–193. 2008-07-31 [2023-05-17]. (原始內容存檔於2019-03-23). 
  4. ^ Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers; Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs. Dismantling MIFARE Classic (PDF). 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. 2008-10-04 [2023-05-17]. (原始內容 (PDF)存檔於2017-08-08). 
  5. ^ Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur. Wirelessly Pickpocketing a Mifare Classic Card (PDF). 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. 2009-03-17 [2023-05-17]. (原始內容 (PDF)存檔於2022-01-02). 
  6. ^ swapped
  7. ^ Meijer, Carlo; Verdult, Roel. Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15 (Denver, Colorado, USA: Association for Computing Machinery). 2015-10-12: 18–30. ISBN 978-1-4503-3832-5. S2CID 4412174. doi:10.1145/2810103.2813641. hdl:2066/151451 . 
  8. ^ Meijer; Verdult. Ciphertext-only Cryptanalysis on Hardened Mifare Classic (PDF). R. Verdult's page at Institute for Computing and Information Sciences, Radboud University. (原始內容存檔 (PDF)於2021-04-29). 
  9. ^ Grüll, Johannes. Security Statement on Crypto1 Implementations. www.mifare.net. October 12, 2015 [2021-04-29]. (原始內容存檔於2023-09-06). 

外部連結