Crypto-1
Crypto-1是由恩智浦半导体为其于1994年推出的MIFARE Classic RFID免触碰智能卡所创建的专有加密算法(流密码)和认证协议。这些卡片已被用于许多著名的系统,包括蚝卡、查理卡和OV芯片卡。
概述 | |
---|---|
设计者 | Philips/NXP |
首次发布 | October 6, 2008 |
密码细节 | |
密钥长度 | 48 bits |
安全声明 | 48 bits |
结构 | 非线性反馈移位寄存器、线性反馈移位寄存器 |
最佳公开破解 | |
Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur (2009-03-17). "Wirelessly Pickpocketing a Mifare Classic Card" |
到了2009年,密码学研究已经逆向工程了这种密码,并公布了有效破解安全性的各种攻击[1][2][3][4][5]。[6]
恩智浦在其后推出了修正的版本MIFARE Classic EV1(仍与MIFARE Classic系统兼容),然而在2015年时发现新的攻击[7][8],因此恩智浦在之后建议停用MIFARE Classic[9]。
技术细节
Crypto-1是一个流密码,结构与后继的Hitag2类似,包含了:
- 48-bit的线性反馈移位寄存器(LSFR)用以存储状态,
- 两层的20对1非线性函数用于生成密钥流,
- 16位的LFSR,它在验证阶段被用作伪随机数生成器。
参考资料
- ^ de Koning Gans, Gerhard; J.-H. Hoepman; F.D. Garcia. A Practical Attack on the MIFARE Classic (PDF). 8th Smart Card Research and Advanced Application Workshop (CARDIS 2008), LNCS, Springer. 2008-03-15 [2023-05-17]. (原始内容 (PDF)存档于2022-04-22).
- ^ Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil. Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive. 2008-04-14 [2023-05-17]. (原始内容存档于2012-09-13).
- ^ Nohl, Karsten; David Evans; Starbug Starbug; Henryk Plötz. Reverse-engineering a cryptographic RFID tag. SS'08 Proceedings of the 17th conference on Security symposium. USENIX: 185–193. 2008-07-31 [2023-05-17]. (原始内容存档于2019-03-23).
- ^ Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers; Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs. Dismantling MIFARE Classic (PDF). 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. 2008-10-04 [2023-05-17]. (原始内容 (PDF)存档于2017-08-08).
- ^ Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur. Wirelessly Pickpocketing a Mifare Classic Card (PDF). 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. 2009-03-17 [2023-05-17]. (原始内容 (PDF)存档于2022-01-02).
- ^ swapped
- ^ Meijer, Carlo; Verdult, Roel. Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15 (Denver, Colorado, USA: Association for Computing Machinery). 2015-10-12: 18–30. ISBN 978-1-4503-3832-5. S2CID 4412174. doi:10.1145/2810103.2813641. hdl:2066/151451 .
- ^ Meijer; Verdult. Ciphertext-only Cryptanalysis on Hardened Mifare Classic (PDF). R. Verdult's page at Institute for Computing and Information Sciences, Radboud University. (原始内容存档 (PDF)于2021-04-29).
- ^ Grüll, Johannes. Security Statement on Crypto1 Implementations. www.mifare.net. October 12, 2015 [2021-04-29]. (原始内容存档于2023-09-06).
外部链接
- Radboud Universiteit Nijmegen press release PDF (页面存档备份,存于互联网档案馆) (英文)
- Details of Mifare reverse engineering by Henryk Plötz PDF (德文)
- Windows GUI Crypto1 tool, optimized for use with the Proxmark3