Crypto-1是由恩智浦半导体为其于1994年推出的MIFARE Classic RFID免触碰智慧卡所创建的专有加密算法(流密码)和认证协议。这些卡片已被用于许多著名的系统,包括蚝卡查理卡OV晶片卡

Crypto-1
概述
设计者Philips/NXP
首次发布October 6, 2008
密码细节
密钥长度48 bits
安全声明48 bits
结构非线性反馈移位寄存器线性反馈移位寄存器
最佳公开破解
Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur (2009-03-17). "Wirelessly Pickpocketing a Mifare Classic Card"

到了2009年,密码学研究已经逆向工程了这种密码,并公布了有效破解安全性的各种攻击[1][2][3][4][5][6]

恩智浦在其后推出了修正的版本MIFARE Classic EV1(仍与MIFARE Classic系统兼容),然而在2015年时发现新的攻击[7][8],因此恩智浦在之后建议停用MIFARE Classic[9]

技术细节

编辑

Crypto-1是一个流密码,结构与后继的Hitag2类似,包含了:

  • 48-bit的线性反馈移位寄存器(LSFR)用以存储状态,
  • 两层的20对1非线性函数用于生成密钥流,
  • 16位的LFSR,它在验证阶段被用作伪随机数生成器。

参考资料

编辑
  1. ^ de Koning Gans, Gerhard; J.-H. Hoepman; F.D. Garcia. A Practical Attack on the MIFARE Classic (PDF). 8th Smart Card Research and Advanced Application Workshop (CARDIS 2008), LNCS, Springer. 2008-03-15 [2023-05-17]. (原始内容 (PDF)存档于2022-04-22). 
  2. ^ Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil. Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive. 2008-04-14 [2023-05-17]. (原始内容存档于2012-09-13). 
  3. ^ Nohl, Karsten; David Evans; Starbug Starbug; Henryk Plötz. Reverse-engineering a cryptographic RFID tag. SS'08 Proceedings of the 17th conference on Security symposium. USENIX: 185–193. 2008-07-31 [2023-05-17]. (原始内容存档于2019-03-23). 
  4. ^ Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers; Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs. Dismantling MIFARE Classic (PDF). 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. 2008-10-04 [2023-05-17]. (原始内容 (PDF)存档于2017-08-08). 
  5. ^ Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur. Wirelessly Pickpocketing a Mifare Classic Card (PDF). 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. 2009-03-17 [2023-05-17]. (原始内容 (PDF)存档于2022-01-02). 
  6. ^ swapped
  7. ^ Meijer, Carlo; Verdult, Roel. Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15 (Denver, Colorado, USA: Association for Computing Machinery). 2015-10-12: 18–30. ISBN 978-1-4503-3832-5. S2CID 4412174. doi:10.1145/2810103.2813641. hdl:2066/151451 . 
  8. ^ Meijer; Verdult. Ciphertext-only Cryptanalysis on Hardened Mifare Classic (PDF). R. Verdult's page at Institute for Computing and Information Sciences, Radboud University. (原始内容存档 (PDF)于2021-04-29). 
  9. ^ Grüll, Johannes. Security Statement on Crypto1 Implementations. www.mifare.net. October 12, 2015 [2021-04-29]. (原始内容存档于2023-09-06). 

外部链接

编辑