RFID系統在人們的生活中被廣泛的運用,如:門禁系統、付款系統與存取系統等。其中,大多採用智慧卡與讀卡機的結合。Mifare Classic是目前RFID系統中最常使用的非接觸式智慧卡。但Mifare Classic所專屬的密碼系統,Crypto-1與鑑別協定含有許多嚴重的漏洞。而這些漏洞足以讓不肖人士被利用來取得雙方於鑑別時使用的金鑰。由於大部分的RFID系統皆設在人群眾多的公共場合。因此,本研究採取真卡片與假讀卡機的情境,發展兩種方法進行隱密的僅卡攻擊,並取得卡片中的金鑰。在本研究所發展的方法中,還可以大幅漸少破解金鑰時的搜尋空間。最後更進一步的研究被某地區廣泛使用的卡片內儲值的格式,並成功的修改其內容。
Radio Frequency Identification (RFID) systems have been widely used in our daily life, such as access control systems, payment systems, access systems etc. Generally these systems consist of card readers and contactless smart cards. The Mifare Classic is the most widely used contactless smartcard on the market. However, the proprietary cryptosystem of Mifare Classic, called Crypto-1, has very serious vulnerabilities. Hackers can exploit these vulnerabilities to obtain the key used in the authentication. Since the RFID systems are often located in public places with many people and video monitors, this study adopts a scenario of using the fake reader and genuine card in concealed places. Two card-only attacks are developed in this study to retrieve the keys. Moreover, the developed methods can reduce the key search space. Finally, this study investigates the data format in a widely used store-value card and modifies the stored value successfully.
