introduction
With the continuous application of contactless logic encryption cards, the technical deficiencies are increasingly exposed, and it is difficult to meet the requirements of higher security and more complex multi-applications. In 2008, the method of cracking the password of the Mifare Classic IC chip (M1 chip) was published on the Internet; German researcher Henryk Plotz and the University of Virginia computer science doctor Karsten Noh1 Successfully cracked the security algorithm of NXP's Mirare classic chip; two independent research groups at the University of Virginia and the University of Radboud in the Netherlands confirmed the vulnerability of the Mi-fare chip and published a paper on cracking the chip encryption algorithm. Demonstrates the cracking process of the actual operation chip.
After the cracking of the incident, the Dutch Minister of the Interior Minister Horst said in an interview with the media that one of the world's 1 billion IC cards can be easily cracked. After the cracking of the storm through the domestic media, it caused a great uproar in China. The application of urban public utility IC card as a non-contact logic encryption card has forced us to calm down and seriously consider the urban public utility IC card system. Security issues and future directions. If you master the cracking technology, criminals can illegally recharge or copy all kinds of "one card" and access control cards that use the chip at a low economic cost, which will bring great social security risks. Therefore, the non-contact CPU smart card technology is becoming a technologically up-and-coming option, and the era of replacing logical encryption cards with CPU cards has arrived.
1 Non-contact logical encryption card Mifare card security issues
Philips' (now NXP) Mifare 1 card, which accounts for 80% of the global market share in contactless card applications, is the current industry standard for contactless smart cards and has become the working draft for ISO14443-A.
Mifare's security authentication relies on the independent KEYA and KEYB check of each sector. It can realize the read and write security control of sector data through the different security combinations of the sector control word pair KEYA and KEYB. Its personalization is also relatively simple, mainly including data and updates of each sector KEYA, KEYB, in which all sensitive data (including KEYA and KEYB) are directly updated in clear text.
The verification mechanism of KEYA and KEYB can only solve the card-to-terminal authentication, but cannot solve the terminal-to-card authentication, that is, there is a risk commonly known as "pseudo-card".
Mifare's key is a pre-set fixed password. No matter what method is used to calculate the key, it must be consistent with the previously written fixed password to read and write the protected data. Therefore, whether it is a one-card-one-density system or a unified password system, the decryption of the contactless logical encryption card can be realized after being cracked. There is a view that as long as the ID number of a card-one-density, real-time online system, or non-contact logical encryption card is used, the key can be prevented from being decrypted. In fact, the decryption of the non-contact logical encryption card means that the M1 card can be copied. Although the online system can avoid being illegally recharged, but cannot guarantee illegal consumption, that is, copying an M1 card with the same ID number, it can be illegally consumed. . Today's technology can be completely replicated using an FPGA. Based on this principle, Mifare's access card is also not safe.
2 Features and advantages of non-contact CPU card
A contactless CPU card, also called a smart card, has an integrated circuit in the integrated circuit with a microprocessor CPU, a memory unit (including random access memory RAM, program memory ROM (Flash), user data memory EEPROM) and a chip operating system COS. The CPU card with COS is equivalent to a microcomputer, which not only has the data storage function, but also has the functions of command processing and data security protection.
The contactless CPU smart card has the following characteristics compared with the contactless logical encryption card:
1 chip and COS security technology provides a double security guarantee for the CPU card;
2 has an independent CPU processor and chip operating system;
3 The requirements for the computer network system are lower, the offline operation can be realized, and the one-card multi-purpose in the true sense can be realized, and each application is independent of each other and controlled by the respective key management system;
4 The transaction automatically guarantees the integrity of the data (anti-extraction);
5 can more flexibly support a variety of different application needs, more secure design transaction process;
6 independent security module - use the corresponding physical SAM card key to achieve encryption, decryption and transaction processing, thus completing the security authentication with the user card.
The advantages of a contactless CPU smart card are:
1 advanced. The CPU card can be used as a bank's financial card, representing the highest level of security for current IC card applications, and is becoming a mainstream product in IC card applications.
2 normative. Support T0, T=1 communication protocol in accordance with ISO7816-3 standard, in line with China Financial Integrated Circuit (IC) Card Specification and China Financial Integrated Circuit (IC) Card Application Specification, support e-wallet complying with bank regulations , electronic passbook function.
3 compatibility. Due to the unified regulations and strict testing of the People's Bank of China, the CPU card has good compatibility and security. The chip and COS security technology provides a dual security guarantee for the CPU card; supports encryption algorithms such as DES and TripleDES, supports line encryption and line security functions, prevents communication data from being illegally stolen or tampered, and uses process keys to implement encryption and decryption.
4 scalability. The card supports a variety of capacity options, such as 2 KB, 4 KB, 8 KB, 16 KB, 32 KB EEPROM space. The CPU card can be easily extended to a variety of applications from the card structure to the card capacity, and can be combined with the bank to achieve a true multi-card use.
5 security. Compared with the logical encryption card, since the smart card has a CPU chip inside, it has the ability of data judgment and data analysis and processing capability. Therefore, the smart card can distinguish between legal and illegal read and write devices at any time, and because of the CPU chip, The data computing capability can also encrypt and decrypt data, so it has very high security. The CPU card is also packaged with a microprocessor chip (CPU) while the EEPROM chip is packaged on the card. Thus, the data interface of the EEPROM is not connected to the external data line of the IC card under any circumstances. The external read/write device can only exchange data with the EEP-ROM in the IC card through the CPU, and in any case, it can no longer access any unit in the EEP-ROM.
When the external read/write device exchanges data with the smart card, it must first issue an instruction to the CPU, and the CPU interprets the instruction according to the card operating system (COS) stored in the internal ROM, and performs analysis and judgment. After confirming the legitimacy of the read/write device, the external read/write device is allowed to establish a connection with the smart card. After the data operation, the external read/write device still issues a corresponding instruction, and the CPU correctly interprets the instruction, allowing the external read/write device and The data storage area (RAM) in the smart card exchanges data. After the data exchange is successful, under the control of the CPU, the internal data bus in the smart card is used, and the data in the internal RAM is exchanged with the data in the EEPROM. This achieves a secure protection of the data in the smart card EEPROM and therefore has a very high security.
3 Features and performance of the non-contact CPU card FM1208
FM1208 is a single-interface contactless CPU card chip designed by Fudan Microelectronics Co., Ltd., which is supported by the product. ISO14443-A protocol, hardware DES coprocessor, built-in 8 KB EEPROM. The FM1208 features compatibility with the widely used contactless logic encryption card, combining the functions of a contactless logical encryption card (Mirare algorithm) and a bank-compliant contact CPU card.
Features: communication protocol is ISO14443-A; MCU instruction is compatible with 8051; support 106 kbps data transmission rate; Triple-DES coprocessor; program memory 32K×8-bit ROM; data memory 8K×8-bit EEPROM; 256×8-bit iRAM; 384 × 8 bit xRAM; low voltage detection reset; high and low frequency detection reset; EEPROM meets 100,000 erase and write indicators and 10 years of data retention indicators.
Typical processing time of FM1208:
Identify a card time of 3 ms (including reset response and anti-collision);
EEPROM erase time is 2.4 ms;
Typical trading process <350 ms.
Security mechanism of FM1208:
There is a reverse power analysis module;
There is a high and low frequency detection reset module, and the chip operating frequency is automatically reset beyond the detection range;
The ROM is reversely extracted and the memory data is encrypted.
Shampoo Bed,Massage Shampoo Chair,Hair Salon Bed,Massage Saalon Bed
Kimya Beauty Salon Manufacturer , https://www.jmkimya.com