Crypto-1
Crypto-1是由恩智浦半導體為其於1994年推出的MIFARE Classic RFID免觸碰智慧卡所建立的專有加密演算法(串流加密法)和認證協定。這些卡片已被用於許多著名的系統,包括蠔卡、查理卡和OV晶片卡。
概述 | |
---|---|
設計者 | Philips/NXP |
首次發布 | October 6, 2008 |
密碼細節 | |
金鑰長度 | 48 bits |
安全聲明 | 48 bits |
結構 | 非線性回饋移位暫存器、線性回饋移位暫存器 |
最佳公開破解 | |
Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur (2009-03-17). "Wirelessly Pickpocketing a Mifare Classic Card" |
到了2009年,密碼學研究已經逆向工程了這種密碼,並公布了有效破解安全性的各種攻擊[1][2][3][4][5]。[6]
恩智浦在其後推出了修正的版本MIFARE Classic EV1(仍與MIFARE Classic系統相容),然而在2015年時發現新的攻擊[7][8],因此恩智浦在之後建議停用MIFARE Classic[9]。
技術細節
Crypto-1是一個串流加密法,結構與後繼的Hitag2類似,包含了:
- 48-bit的線性回饋移位暫存器(LSFR)用以儲存狀態,
- 兩層的20對1非線性函式用於生成金鑰流,
- 16位元的LFSR,它在驗證階段被用作偽隨機數生成器。
參考資料
- ^ de Koning Gans, Gerhard; J.-H. Hoepman; F.D. Garcia. A Practical Attack on the MIFARE Classic (PDF). 8th Smart Card Research and Advanced Application Workshop (CARDIS 2008), LNCS, Springer. 2008-03-15 [2023-05-17]. (原始內容 (PDF)存檔於2022-04-22).
- ^ Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil. Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive. 2008-04-14 [2023-05-17]. (原始內容存檔於2012-09-13).
- ^ Nohl, Karsten; David Evans; Starbug Starbug; Henryk Plötz. Reverse-engineering a cryptographic RFID tag. SS'08 Proceedings of the 17th conference on Security symposium. USENIX: 185–193. 2008-07-31 [2023-05-17]. (原始內容存檔於2019-03-23).
- ^ Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers; Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs. Dismantling MIFARE Classic (PDF). 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. 2008-10-04 [2023-05-17]. (原始內容 (PDF)存檔於2017-08-08).
- ^ Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur. Wirelessly Pickpocketing a Mifare Classic Card (PDF). 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. 2009-03-17 [2023-05-17]. (原始內容 (PDF)存檔於2022-01-02).
- ^ swapped
- ^ Meijer, Carlo; Verdult, Roel. Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15 (Denver, Colorado, USA: Association for Computing Machinery). 2015-10-12: 18–30. ISBN 978-1-4503-3832-5. S2CID 4412174. doi:10.1145/2810103.2813641. hdl:2066/151451 .
- ^ Meijer; Verdult. Ciphertext-only Cryptanalysis on Hardened Mifare Classic (PDF). R. Verdult's page at Institute for Computing and Information Sciences, Radboud University. (原始內容存檔 (PDF)於2021-04-29).
- ^ Grüll, Johannes. Security Statement on Crypto1 Implementations. www.mifare.net. October 12, 2015 [2021-04-29]. (原始內容存檔於2023-09-06).
外部連結
- Radboud Universiteit Nijmegen press release PDF (頁面存檔備份,存於網際網路檔案館) (英文)
- Details of Mifare reverse engineering by Henryk Plötz PDF (德文)
- Windows GUI Crypto1 tool, optimized for use with the Proxmark3