- 期刊
晶片卡安全之探討-離線攻擊Mifare Classic
The Study of IC Card-Off-Line Breaking the Mifare Classic
摘要
Mifare Classic是目前RFID系統中最常使用的非接觸式智慧卡。但其中專屬的密碼系統,Crypto-1與鑑別協定含有許多嚴重的漏洞足以讓不肖人士所利用以取得鑑別時使用的金鑰。因此,本研究採取真卡片與假讀卡機的情境取得卡片中的金鑰。在本研究所發展的方法中,可以大幅減少破解金鑰時的搜尋空間。最後更進一步的研究被某地區廣泛使用的卡片內儲值的格式,並成功的修改其內容。
關鍵字
無資料並列摘要
The Mifare Classic is the most widely used contactless smartcard on the market. However, the proprietary cryptosystem of Mifare Classic, called Crypto-1, has very serious vulnerabilities. Adversary can exploit these vulnerabilities to obtain the key used in the authentication. Since the RFID systems are often located in public places with many people and video monitors, this study adopts a scenario of using the fake reader and genuine card in concealed places. Moreover, the developed methods can reduce the key search space. Finally, this study investigates the data format in a widely used store-value card and modifies the stored value successfully.
參考文獻
延伸閱讀
- 陳偉潔(1995)。法務部認爲應就具體個案認定磁卡兩用遊戲機、破解軟體防拷設計或破解鎖碼裝置之科技產品製造人、經銷商或進口者之行爲是否違法。資訊法務透析,7(5),4-5。https://doi.org/10.7062/INFOLAW.199505.0005
- 趙惇豪(2005)。無線感測網路中金鑰分發及節點撤銷機制之探討〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2005.00582
- 龔榮芳(2004)。利用晶片卡保護電子病歷隱私權之研究〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2004.00478
- Chih, M. Y., Shih, J. R., Yang, B. Y., Ding, J. T., & Cheng, C. M. (2010). MIFARE Classic: Practical Attacks and Defenses. In 中華民國資訊安全學會 (Ed.), 全國資訊安全會議 (pp. 126-132). 中華民國資訊安全學會. https://doi.org/10.29615/CISC.201005.0126
- 黃禮棟、周廷弘、楊智凱(2005)。A Study on Mume Cracking Machine。台灣農業研究,54(2),113-122。https://doi.org/10.6156/JTAR/2005.05402.05