网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (4): 64-72.doi: 10.11959/j.issn.2096-109x.2016.00044

• 学术论文 • 上一篇    下一篇

EMV应用密文的差分错误注入分析

彭乾,李增局,史汝辉   

  1. 国家金融IC卡安全检测中心,北京 100070
  • 修回日期:2016-03-27 出版日期:2016-04-01 发布日期:2016-05-25
  • 作者简介:彭乾(1982-),男,蒙古族,内蒙赤峰人,硕士,国家金融IC卡安全检测中心工程师,主要研究方向为金融IC卡、金融Pos机安全技术。|李增局(1982-),男,山东莘县人,硕士,国家金融 IC卡安全检测中心工程师,主要研究方向为侧信道、错误注入、密码学工程实现以及借贷记交易安全性等。|史汝辉(1985-),男,山东烟台人,硕士,国家金融IC卡安全检测中心工程师,主要研究方向为侧信道、错误注入、密码学工程实现以及借贷记交易安全性等。
  • 基金资助:
    国家科技重大专项基金资助项目(2014ZX01032401)

Differential fault analysis on EMV application cryptogram

Qian PENG,Zeng-ju LI,Ru-hui SHI   

  1. National Financial IC Card Test Center,Beijing 100070,China
  • Revised:2016-03-27 Online:2016-04-01 Published:2016-05-25
  • Supported by:
    National Science and Technology Major Project(2014ZX01032401)

摘要:

研究了EMV规范中应用密文的生成过程,发现过程密钥存在部分冗余位,结合DES算法S盒的压缩特性,利用基于碰撞的safe-error攻击实现对EMV规范中应用密文主密钥的破解。提出了针对应用密文生成的差分错误注入的物理模型和实施步骤,深入分析了影响攻击效果的2个关键因素(密钥错误产生概率和碰撞概率),尤其是对不同错误模型进行了理论数据分析。实验分析表明,实际攻击中,只要不同密钥的碰撞概率差大于0.003 5即可区分,结果表明,过程密钥的冗余位提高了碰撞概率,有利于对正确密钥的区分。最后,针对该攻击方法,提出了几种防御方案。

关键词: EMV, 应用密文, 碰撞攻击, safe-error

Abstract:

The process of application cryptogram in EMV was researched and dummy bits in session key were found.Based on the session key’s dummy bits and compressive property of DES’s Sbox,much information of the application cryptogram master key was got by using safe-error attack.The differential fault attack model and steps to implement the attack were proposed,two key factors(the probability of generating wrong key and the probability of collision happening) affecting an attacking result were analyzed.The theoretical result and simulation of the attack were given.The experiment results show that the two keys could be distinguished in a real attacking when the dif-ference of two key’s collision probability was bigger than 0.003 5.The dummy bits in the key will increase the dif-ference and make distinguishing easier.Finally,several countermeasures against the attack were proposed.

Key words: EMV, application cryptogram, collision attack, safe-error

中图分类号: 

No Suggested Reading articles found!