文件名称:Cryptanalysis-INCrypt32-of-iCLASS
介绍说明--下载内容均来自于网络,请自行研究使用
Cryptanalysis of INCrypt32 in HID s iCLASS Systems
ChangKyun Kim, Eun-Gu Jung, Dong Hoon Lee, Chang-Ho Jung, and Daewan Han
Category / Keywords: secret-key cryptography / INCrypt32, HID s iCLASS, RFID, reverse engineering, chosen message attack.-Abstract: The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global s iCLASS systems. HID s iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID s iCLASS systems, its security has not been evaluated yet since the specication has not been open to public. In this paper, we reveal the specication of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only $2^{18}$ MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to predetermined values by the authentication protocol, the required number of MAC queries grows to $2^{42}$ to recover the secret key.
ChangKyun Kim, Eun-Gu Jung, Dong Hoon Lee, Chang-Ho Jung, and Daewan Han
Category / Keywords: secret-key cryptography / INCrypt32, HID s iCLASS, RFID, reverse engineering, chosen message attack.-Abstract: The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global s iCLASS systems. HID s iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID s iCLASS systems, its security has not been evaluated yet since the specication has not been open to public. In this paper, we reveal the specication of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only $2^{18}$ MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to predetermined values by the authentication protocol, the required number of MAC queries grows to $2^{42}$ to recover the secret key.
(系统自动生成,下载前可以参看下载内容)
下载文件列表
469.pdf