ICカード利用システムにおいて新たに顕現化したPre-play attackとその対策

Similar documents
ICカード利用システムにおいて新たに顕現化した中間者攻撃とその対策

リテール・バンキング・システムのICカード対応に関する現状とその課題

ICカード利用システムにおいて新たに顕現化したPre-play attackとその対策

サイドチャネル攻撃に対する安全性評価の研究動向とEMVカード固有の留意点


電子マネーと通信産業の戦略

<4D F736F F D20838A B F955C8E8682A982E796DA8E9F914F5F A815B FD B A5F E646F63>

PowerPoint プレゼンテーション

IPSEC-VPN IPsec(Security Architecture for Internet Protocol) IP SA(Security Association, ) SA IKE IKE 1 1 ISAKMP SA( ) IKE 2 2 IPSec SA( 1 ) IPs

中田真佐男 323‐352/323‐352

完成卒論.PDF

"CAS を利用した Single Sign On 環境の構築"

電子マネー・システムにおけるセキュリティ対策:リスク管理に焦点を当てて

/02/ /09/ /05/ /02/ CA /11/09 OCSP SubjectAltName /12/02 SECOM Passport for Web SR

"CAS を利用した Single Sign On 環境の構築"

モバイルプリペイド決済の実現モデルの調査研究

IBM Presentations: Smart Planet Template

i

生体認証システムにおける情報漏洩対策技術の研究動向

/07/ /10/12 I

P.1P.3 P.4P.7 P.8P.12 P.13P.25 P.26P.32 P.33

技術的条件集別表 26.3 IP 通信網 ISP 接続用ルータ接続インタフェース仕様 (IPv6 トンネル方式 )

Win XP SP3 Japanese Ed. NCP IPSec client Hub L3 SW SRX100 Policy base VPN fe-0/0/0 vlan.0 Win 2003 SVR /

スライド 1

IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra

橡セキュリティポリシー雛形策定に関する調査報告書

Macintosh HD:Users:ks91:Documents:lect:nm2002s:nm2002s03.dvi

橡sirahasi.PDF

JP1/Integrated Management - Service Support 操作ガイド

( )

AirMac ネットワーク構成の手引き

12 NEC 2003/3/6 Copy ight (C) NEC Corporation 1

Flow Control Information Network 1 /

<B54CB5684E31A4E9C0CBA4E5AA6BC160BEE3B27AA544A5552E706466>

1 DHT Fig. 1 Example of DHT 2 Successor Fig. 2 Example of Successor 2.1 Distributed Hash Table key key value O(1) DHT DHT 1 DHT 1 ID key ID IP value D

Si-R180 ご利用にあたって

1. PKI (EDB/PKI) (Single Sign On; SSO) (PKI) ( ) Private PKI, Free Software ITRC 20th Meeting (Oct. 5, 2006) T. The University of Tokush

Cisco Aironet 1130AG アクセス ポイント クイック スタート ガイド

FEEL Prod Grap PH_Artwork_P0AVS QSG JP A4_ _Rev.11.indd

total-all-nt.dvi

Encryption Security

2/ PPPoE AC(Access Concentrator) PPPoE PPPoE Ping FTP PP

Dynamic VPN Dynamic VPN IPSec VPN PC SRX IPSec VPN SRX PC IPSec 2 Copyright 2010 Juniper Networks, Inc.

21 Key Exchange method for portable terminal with direct input by user

RFID RFID + ) (RFID IC transponder) RFID Tag Antenna wired-line Reader Ethernet/ RS232c Antenna RFID Tag Reader id command id interrogation id radio s

A book

DocuCentre-III C3300 / C2200

Public Key Infrastruc


AirMac ネットワーク for Windows

TC316_A5_2面_web用PDF台紙.indd

untitled

untitled

00.目次_ope


by CASIO W61CA For Those Requiring an English/Chinese Instruction

情報科学研究 第19号

日立評論2013年1月号 : ITソリューション・クラウドサービス

Vol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m

サイボウズ ガルーン 3 管理者マニュアル

Transcription:

IC Pre-play attack IC IC IC EMV EMV 1 IC IC Pre-play attack ATM Pre-play attack Pre-play attack IC EMV Pre-play attack... E-mail: hidemitsu.izawa@boj.or.jp E-mail: katsuhisa.hirokawa@boj.or.jp / /2015.10 53

1. IC 34 IC EMVCo [2015] 1 IC 2014 IC IC EMV 1 EMV IC IC 1 IC IC 2 IC Bond et al. [2014] Pre-play attack ATM 3 Pre-play attack BBC [2012] IC... 1 EuroPay International Mastercard International Visa International IC 3 2 Message Authentication Code 3 IC 2011 6 29 IC 54 /2015.10

IC Pre-play attack IC IC Pre-play attack 2 EMV 3 Pre-play attack 4 5 EMV 2. EMV IC EMV EMVCo [2011a, b, c, d] 2012 1 IC EMV IC IC EMV IC 1 IC IC 1 IC 55

PIN 4 PIN ATM CAT 5 EMV IC EMV IC 2 EMV EMV 3 SDA: Static Data Authentication DDA: Dynamic Data Authentication AC CDA: Combined DDA/Application Cryptogram Generation 3 EMV SDA PIN PIN 3 PIN PIN 6 PIN 7 PIN PIN PIN PIN... 4 Personal Identification Number 5 Credit Authorization Terminal POS Point-Of-Sale 6 PIN 7 PIN PIN PIN Try Counter PIN PIN 56 /2015.10

IC Pre-play attack 3 3 EMV EMV AC AC Application Cryptogram EMV Triple DES AES AC AC MAC key key 8 AC 2 4 AC AC MAC key AC AC AC AC AC AC 2 EMV... 8EMV 57

4 EMV EMV 9 3 3 EMV AC 4 EMV 2 3 4 EMV EMV UN UN UN EMV ATC ARQC ARQC ARQC EMV AC AC Replay attack: 10 AC ATC AC... 9EMV 10 EMV ARQC 58 /2015.10

IC Pre-play attack AC 3 EMV Step1. Unpredictable Number UN UN Step2 AC Step2. Application Transaction Counter ATC AC AC Authorisation Request Cryptogram ARQC ATC ATC Step3. ARQC ATC Step4. ARQC 11 12 Authorisation Response Code ARC ARC ARQC Application Response Cryptogram ARPC... 11 EMV ARQC ARQC 12 EMV 59

Step5. ARPC ARC Step6. ARPC 13 Transaction Certificate TC TC AC ATC ARC Step7. TC TC 4 EMV 3. Pre-play attack EMV IC Bond et al. [2014] Bond et al. [2014] Pre-play attack Pre-play attack Replay attack Replay attack... 13 Step2 ARQC ARC ARPC ARPC 60 /2015.10

IC Pre-play attack Pre-play attack 1 Pre-play attack Bond et al. [2014] 2 Random number attack Defective random number generators poor UN generation Protocol flaw attack 1. IC Bond et al. [2014] 2. PIN Bond et al. [2014] 3. 4. SDA 61

5. PIN PIN 4 5 2 2 2 2 Random number attack Random number attack UN EMV UN 32 bit UN UN UN ARQC UN ARQC 5 62 /2015.10

IC Pre-play attack 5 Random number attack Step1. PIN Step2. UN Step1 Step2 UN Step3. PIN Step4. UN ARQC ATC UN Step2 Step5. Step4 UN UN ARQC Step3 Step6. UN ARQC Step7. PIN Step4 Step8. UN 63

UN 1 UN1 Step9 Step9. UN1 UN ARQC UN1 ARQC ARQC1 ARQC1 ARQC1 Step10. ARQC1 1 ARPC ARC TC 3 Protocol flaw attack Protocol flaw attack UN ARQC 6 64 /2015.10

IC Pre-play attack 6 Protocol flaw attack Step1. PIN Step2. UN UN1 1 Step3. 1 ARQC ARQC1 Step4. 1 ARQC1 Step1 Step5. PIN Step6. 2 Step7. Step6 2 Step6 Step8. 2 Step6 Step4 1 ARQC1 ARQC Step5 65

Step9. ARPC ARC TC 4. Pre-play attack Pre-play attack 1 Pre-play attack. UN A UN UN ARQC 3 2 5 Step9 ARQC ARQC. B EMV EMV 2 4 4 7 EMV EMV 66 /2015.10

IC Pre-play attack 7 EMV EMV 2 Pre-play attack Pre-play attack A B Bond et al. [2014]. UN A UN EMVCo [2014] UN SHA-256 67

. ATC ARQC ATC ATC ARQC ATC ATC ARQC ATC ATC ATC. TC TC 3 Step3 ARQC Step7 TC TC 14 TC TC 5 Step10 6 Step9 TC IC TC.... 14 Step3 ARQC TC TC 68 /2015.10

IC Pre-play attack Bond et al. [2014]. UN UN A UN 2 UN 2 4 3 Step3 UN A UN. ARQC ARQC ARQC EMV ARQC MAC key UN ARQC ARQC hh mm ss MAC key UN ARQC ARQC RFC6238 M Raihi et al. [2011] TOTP: Time-Based One-Time Password Algorithm 1 EMV 69

. ARQC 15 ARQC ARQC ARQC ARQC ATC MAC key ATC ARQC 16 ARQC RFC4226 M Raihi et al. [2005] HOTP: an HMAC-Based One-Time Password Algorithm UN ARQC 1 1 EMV... 15 EMV ATC ATC AAC AC ATC ATC EMV ATC ATC 16 ARQC 1 70 /2015.10

IC Pre-play attack. ARQC ARQC EMV ATC ATC ARQC ARQC ATC ATC ATC ATC MAC key ATC ATC ATC ATC ARQC ATC ATC ATC ATC EMV Last Online ATC Register ATC EMV ATC 2 4 3 Step6 ATC ATC ATC ATC ATC 2 ATC ARQC ATC ATC ATC ATC AAC AC ATC AAC ATC 1 EMV. UN B UN 71

UN UN ARQC ARQC EMV UN UN ARQC. 2 8 UN EMV EMV 5. EMV IC Pre-play attack Random number attack Protocol flaw attack 2 IC IC IC IC UN 72 /2015.10

IC Pre-play attack 8 Pre-play attack EMV EMV EMV EMV Pre-play attack Bond et al. [2014] UN ATC TC UN... 17 73

IC EMV IC Bond et al. [2014] ATM ATM ATM 74 /2015.10

IC Pre-play attack 26 3 2014 8 27 http://www.fsa.go.jp/news/26/ginkou/20140827-5.html IC 31 3 2012 107 140 BBC, Chip and pin weakness exposed by Cambridge researchers, BBC News technology, 2012 (http://www.bbc.com/news/technology-19559124). Bond, Mike, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, and Ross Anderson, Chip and Skim: cloning EMV cards with the pre-play attack, IEEE Symposium on Security and Privacy, 2014, pp. 49 64. EMVCo, Book 1 Application Independent ICC to Terminal Interface Requirements, EMV Integrated Circuit Card Specifications for Payment Systems, Version 4.3, EMVCo, 2011a., Book 2 Security and Key Management, EMV Integrated Circuit Card Specifications for Payment Systems, Version 4.3, EMVCo, 2011b., Book 3 Application Specification, EMV Integrated Circuit Card Specifications for Payment Systems, Version 4.3, EMVCo, 2011c., Book 4 Cardholder, Attendant, and Acquirer Interface Requirements, EMV Integrated Circuit Card Specifications for Payment Systems, Version 4.3, EMVCo, 2011d., SB-144: Terminal Unpredictable Number generation (Spec Change), Specification Bulletin 1st Edition, EMVCo, 2014., Worldwide EMV Chip Card Deployment and Adoption, Worldwide EMV Deployment Statistics, EMVCo, 2015 (https://www.emvco.com/documents/emvco_ EMV_Deployment_Stats.pdf). M Raihi, David, Mihir Bellare, Frank Hoornaert, David Naccache, and Ohad Ranen, HOTP: An HMAC-Based One-Time Password Algorithm, IETF, RFC 4226, 2005., Salah Machani, Mingliang Pei, and Johan Rydell, TOTP: Time-Based One-Time Password Algorithm, IETF, RFC 6238, 2011. 75

EMV EMV IC IC EuroPay International Mastercard International Visa International PIN Personal Identification Number SDA Static Data Authentication AC Application Cryptogram MAC key AC MAC key EMV AC ARQC Authorisation Request Cryptogram AAC Application Authentication Cryptogram TC Transaction Certificate 3 ARQC Authorisation Request Cryptogram AC ATC ARQC=MAC key ATC TC Transaction Certificate AC ATC ARC TC= MAC key ATC ARC 76 /2015.10

IC Pre-play attack UN ATC ARC ARPC Unpredictable Number 32 bit UN EMV UN AC ATC ATC UN ATC UN Application Transaction Counter 1 ATC UN AC UN ATC Authorisation Response Code Application Response Cryptogram ARQC ARQC ARC XOR Triple DES AES 77

78 /2015.10

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック