CN107707527A - A kind of detection method, read-write terminal and the system of smart card relay attack - Google Patents

A kind of detection method, read-write terminal and the system of smart card relay attack Download PDF

Info

Publication number
CN107707527A
CN107707527A CN201710779601.0A CN201710779601A CN107707527A CN 107707527 A CN107707527 A CN 107707527A CN 201710779601 A CN201710779601 A CN 201710779601A CN 107707527 A CN107707527 A CN 107707527A
Authority
CN
China
Prior art keywords
key verification
smart card
read
write terminal
execution time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710779601.0A
Other languages
Chinese (zh)
Inventor
党凡
李振华
刘云浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201710779601.0A priority Critical patent/CN107707527A/en
Publication of CN107707527A publication Critical patent/CN107707527A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity

Abstract

The embodiment of the present invention provides a kind of detection method, read-write terminal and the system of smart card relay attack.Wherein, methods described includes:After the completion of anti-collision, before starting transceiving data with selected smart card, read-write terminal records current timestamp t1, and key verification order is sent to the smart card;The read-write terminal receives the key verification command response that smart card returns;The read-write terminal records current timestamp t2, and according to the timestamp t1With the timestamp t2The execution time of the key verification order is calculated, by the way that the execution time of the key verification order is judged whether by relay attack compared with set threshold value.Detection method, read-write terminal and the system of smart card relay attack provided in an embodiment of the present invention, can be before read-write terminal and smart card proper communication, judge whether by relay attack, solve the problems, such as that prior art is difficult to prevent relay attack, communication can be interrupted in time when detecting by relay attack, avoid losing.

Description

A kind of detection method, read-write terminal and the system of smart card relay attack
Technical field
The present embodiments relate to wireless communication technology field, specially a kind of detection method of smart card relay attack, Read-write terminal and system.
Background technology
The use of smart card brings convenience to daily life.Near-field communication (NFC, Near Field Communication before) card occurs, people generally use magnetic stripe card.Duplication yet with magnetic stripe card is very simple, Easily it is forged, therefore nfc card occurs having obtained rapid popularization afterwards.With the popularization of NFC mobile phone, increasing NFC hands Machine user selection is consumed using NFC mobile phone instead of traditional smart card, the particularly consumption in the field such as public transport.
Although nfc card has higher security, but still is easily perplexed by attack meanses such as relay attacks, have Security risk.Particularly, as the development of NFC technique, main frame snap gauge intend (Host-based Card Emulation, HCE) skill Art can simulate smart card on mobile phone without security module.At present, existing researcher, which proposes, a variety of is based on HCE technologies Relay attack means, all kinds of smart card systems such as fiscard, transportation card can be attacked.So-called relay attack, refer to monitor and Legal communication process is relayed, and the data message of collection is analyzed, waits distorted or to perform other non-when necessary Method operates.By forging the modes such as transaction data, attacker can pass through operation of the relay attack of low cost to related service Person brings huge loss.
Due to the standards of data fit ISO/IEC 14443 of relay attack generation, therefore existing equipment is difficult to prevent this Kind attack meanses.Therefore it provides the infringement gesture that the effective detection method and then prevention relay attack of a kind of relay attack are brought exists It must go.
The content of the invention
To solve the problems, such as that smart card relay attack is difficult to prevention in the prior art, the embodiment of the present invention provides a kind of intelligence Detection method, read-write terminal and the system of card relay attack.
In a first aspect, the embodiment of the present invention provides a kind of detection method of smart card relay attack, this method includes:Anti- After the completion of conflict, before starting transceiving data with selected smart card, read-write terminal records current timestamp t1, and send key Check command gives the smart card;The read-write terminal receives the key verification command response that smart card returns;The read-write is eventually End records current timestamp t2, and according to the timestamp t1With the timestamp t2Calculate holding for the key verification order The row time, by judging whether to be attacked the execution time of the key verification order by relaying compared with set threshold value Hit.
Second aspect, the embodiment of the present invention provide a kind of read-write terminal, and the terminal includes key verification order sending module, For after the completion of anti-collision, before starting transceiving data with selected smart card, recording current timestamp t1, and send key Check command gives the smart card;Key verification command response receiving module, for receiving the key verification life of smart card return Order response;Key verification order performs time judgment module, for recording current timestamp t2, and according to the timestamp t1 With the timestamp t2The execution time of the key verification order is calculated, by by the execution time of the key verification order Judge whether compared with set threshold value by relay attack.
The third aspect, the embodiment of the present invention provide a kind of detecting system of smart card relay attack, and the system includes read-write Terminal, for after the completion of anti-collision, before starting transceiving data with selected smart card, recording current timestamp t1, concurrently Key verification order is sent to receive the key verification command response that smart card returns to the smart card, record current timestamp t2, and according to the timestamp t1With the timestamp t2The execution time of the key verification order is calculated, by will be described close The execution time of key check command judges whether by relay attack compared with set threshold value;Smart card, for receiving The key verification order of read-write terminal transmission is stated, performs the key verification order, and send the key verification command response To the read-write terminal.
Fourth aspect, the embodiment of the present invention provide a kind of electronic equipment, including memory and processor, the processor and The memory completes mutual communication by bus;The memory storage has and can referred to by the program of the computing device Order, the processor call described program instruction to be able to carry out following method:After the completion of anti-collision, opened with selected smart card Before beginning transceiving data, read-write terminal records current timestamp t1, and key verification order is sent to the smart card;The reading Write terminal and receive the key verification command response that smart card returns;The read-write terminal records current timestamp t2, and according to The timestamp t1With the timestamp t2The execution time of the key verification order is calculated, by the way that the key verification is ordered The execution time of order judges whether by relay attack compared with set threshold value.
5th aspect, the embodiment of the present invention provide a kind of computer-readable recording medium, are stored thereon with computer program, The computer program realizes following method when being executed by processor:After the completion of anti-collision, start to receive and dispatch with selected smart card Before data, read-write terminal records current timestamp t1, and key verification order is sent to the smart card;The read-write terminal Receive the key verification command response that smart card returns;The read-write terminal records current timestamp t2, and according to it is described when Between stab t1With the timestamp t2The execution time of the key verification order is calculated, passes through holding the key verification order The row time judges whether by relay attack compared with set threshold value.
Detection method, read-write terminal and the system of smart card relay attack provided in an embodiment of the present invention, it can read and write Terminal is with before smart card proper communication, judging whether by relay attack solve prior art and be difficult to prevent relay attack Problem, communication can be interrupted in time when detecting by relay attack, avoid losing.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs Some bright embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with root Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the detection method flow chart of smart card relay attack provided in an embodiment of the present invention;
Fig. 2 is the detection method flow chart of another smart card relay attack provided in an embodiment of the present invention;
Fig. 3 is the structural representation of read-write terminal provided in an embodiment of the present invention;
Fig. 4 is the structural representation of another read-write terminal provided in an embodiment of the present invention;
Fig. 5 is the detecting system structural representation of smart card relay attack provided in an embodiment of the present invention;
Fig. 6 is the structural representation of electronic equipment provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
In the communication of smart card and read-write terminal, receiving and sending messages and reading and writing due to read-write terminal and contact type intelligent card Operation is completed by radio wave, easily by relay attack.After relay attack, read-write terminal and contactless intelligence It can block and be communicated by trunking (such as non-contact read-write chip PN532, NFC mobile phone).Read-write terminal and contactless intelligence Communication between blocking is forwarded or even is tampered by trunking, so that attacker reaches illegal objective.
For the infringement that brings of defence relay attack, can after the completion of read-write terminal and contact type intelligent card anti-collision, The detection of relay attack is carried out in advance before starting transceiving data, if detected by relay attack, interrupts contact type intelligent card With the communication of read-write terminal, so as to reach defence purpose.
Fig. 1 is the detection method flow chart of smart card relay attack provided in an embodiment of the present invention.As shown in figure 1, the party Method includes:
Step 101, after the completion of anti-collision, before starting transceiving data with selected smart card, read-write terminal record is current Timestamp t1, and key verification order is sent to the smart card;
Wireless communication technology, the read-write terminal with contact intelligent card are used between read-write terminal and contact type intelligent card There is a special deck different, it is understood that there may be multiple smart cards are appeared in the communication range of read-write terminal.Therefore, reading and writing Before terminal starts proper communication with contact type intelligent card, anti-collision processing is carried out first, selects a smart card to be led to Letter.
After the completion of anti-collision, before starting transceiving data with selected smart card, read-write terminal records current timestamp t1, and key verification order is sent to the smart card;Smart card for meeting ISO/IEC 7816-4 standards, the key Check command can use internal verification (Internal Authentication) to order, and can also use what smart card was supported Other are used for the order for verifying smart card validity.The AES of the key verification order can be data encryption standards (Data Encryption Standard, DES), 3DES (Triple DES) or Advanced Encryption Standard (Advanced Encryption Standard, AES) scheduling algorithm, arranged by read-write terminal and smart card.
The key verification order includes random number plain text;The smart card receives described close including random number plain text After key check command, the random number plain text is encrypted according to the AES arranged with the read-write terminal, will The random number plain text is changed into random number ciphertext.
Step 102, the read-write terminal receive the key verification command response that smart card returns;
The key verification command response includes the random number ciphertext.
Step 104, the read-write terminal record current timestamp t2, and according to the timestamp t1With the timestamp t2The execution time of the key verification order is calculated, by the way that the execution time of the key verification order is entered with set threshold value Whether row multilevel iudge is by relay attack.
The execution time of the key verification order is t2-t1, by by the execution time of the key verification order and institute Judge whether if threshold value is compared by relay attack.Because by after relay attack, read-write terminal is with smart card in Communicated after equipment, therefore call duration time has extension than the time of proper communication, based on this principle, can rule of thumb set The fixed set threshold value, the execution time of the key verification order is completed during as read-write terminal and smart card proper communication, Then by the execution time of the key verification order obtained in detection process compared with set threshold value, if can obtain The execution time for going out the key verification order is more than set threshold value, then can be determined that there occurs relay attack, and the read-write is eventually End can interrupt the communication with the smart card;, whereas if the execution time of the key verification order is not more than set threshold Value, then can be determined that and relay attack do not occur, the read-write terminal can be with the smart card proper communication.
The embodiment of the present invention from read-write terminal to smart card by before read-write terminal and smart card proper communication, sending close Key check command, and by the execution time of key verification order compared with set threshold value, and then judge whether to be relayed Attack, solve the problems, such as that prior art is difficult to prevent relay attack, can be interrupted in time when detecting by relay attack Communication, avoids losing.
Further, it is described by by the execution time of the key verification order and set threshold based on above-described embodiment Value, which is compared, to be judged whether to be specifically included by relay attack:
Judge whether the execution time of the key verification order exceedes set threshold value, if the key verification order is held The row time exceedes set threshold value, then knows by relay attack;If the execution time of the key verification order is not less than set Threshold value, then know and be not affected by relay attack;Wherein, the system for the execution time that the set threshold value passes through the key verification order Evaluation obtains.
Because in the communication of read-write terminal and smart card, the execution time of key verification order is incomplete same.To homotype The execution time of number key verification order of read-write terminal and smart card based on selected encryption algorithm is counted, and can be obtained close The statistical value of the execution time of key check command, the statistical value of the executions time of key verification order can reflect read-write terminal and The execution time of key verification order during smart card proper communication.Therefore, the set threshold value can pass through the key The statistics of the execution time of check command is worth to.The set threshold value can be that t+ (4~6) σ, wherein t is the key verification The average value of the execution time of order, is by smart card designs specification, in the card reader that smart card manufacturer specifies more specifically Under, perform the average time needed for the key verification order;σ is the standard deviation of the execution time of the key verification order, More specifically, it is by smart card designs specification, under the card reader that smart card manufacturer specifies, performs the key verification order The standard deviation of required time.
The read-write terminal judges whether the execution time of the key verification order in detection process exceedes set threshold Value, if the execution time of the key verification order exceedes set threshold value, know by relay attack, the read-write terminal can To interrupt the communication with the smart card;If the execution time of the key verification order not less than set threshold value, is known not By relay attack, the read-write terminal can be with the smart card proper communication.
On the basis of above-described embodiment, the statistical value for the execution time that the embodiment of the present invention passes through key verification order obtains To set threshold value, and by the execution time of key verification order compared with the size of set threshold value, so judge whether by To relay attack, accuracy and reliability that relay attack detects are improved.
Further, based on above-described embodiment, the set threshold value is t+5 σ, and wherein t is the key verification order The average value of time is performed, σ is the standard deviation of the execution time of the key verification order.
On the basis of above-described embodiment, the embodiment of the present invention obtains more reasonably set threshold value by testing, and improves The accuracy and reliability of relay attack detection.
Further, based on above-described embodiment, the key verification order that smart card return is received in the read-write terminal rings After answering, current timestamp t is recorded2Also include before:
If the read-write terminal judges to know that the key verification command response is illegal, interrupt and the intelligent cartoon Letter, no longer performs subsequent step.
Fig. 2 is the detection method flow chart of another smart card relay attack provided in an embodiment of the present invention.As shown in Fig. 2 This method includes:
Step 101, after the completion of anti-collision, before starting transceiving data with selected smart card, read-write terminal record is current Timestamp t1, and key verification order is sent to the smart card;
Step 102, the read-write terminal receive the key verification command response that smart card returns;
If step 103, the read-write terminal judge to know that the key verification command response is illegal, interrupt and the intelligence Energy cartoon letters, no longer perform subsequent step.
Because the communication between read-write terminal and smart card is by after relay attack, trunking is supervised to Content of Communication Depending on that can forward communication data or communication data is distorted.If the key verification that the smart card that read-write terminal receives is sent Command response is different from expected key verification command response, that is, receives illegal key verification command response, then explanation relaying Equipment is distorted to communication data, would know that the communication between read-write terminal and smart card by relay attack, is then interrupted With the smart card communications, subsequent step is no longer performed.
If the key verification command response that the smart card that read-write terminal receives is sent is rung with expected key verification order Should be identical, that is, legal key verification command response is received, then illustrates that trunking is not distorted to communication data, but not It is capable of determining whether by relay attack, because if trunking is only forwarding data, then the key verification command response is still It is so legal.
Therefore when the key verification command response is legal, step 104 need to be further performed, by performing step 104 Further determine whether by relay attack.
Step 104, the read-write terminal record current timestamp t2, and according to the timestamp t1With the timestamp t2The execution time of the key verification order is calculated, by the way that the execution time of the key verification order is entered with set threshold value Whether row multilevel iudge is by relay attack.
Wherein, step 101, step 102 and step 104 are identical with Fig. 1 flow, and here is omitted.
On the basis of above-described embodiment, during the embodiment of the present invention is judged by the legitimacy of key verification command response After the generation of attack, the efficiency that relay attack detects is improved.
Fig. 3 is the structural representation of read-write terminal provided in an embodiment of the present invention.As shown in figure 3, the read-write terminal bag Include key verification order sending module 10, key verification command response receiving module 20 and key verification order and perform time judgement Module 40, wherein:
Key verification order sending module 10 is used for after the completion of anti-collision, starts transceiving data with selected smart card Before, record current timestamp t1, and key verification order is sent to the smart card;
Smart card for meeting ISO/IEC 7816-4 standards, the key verification order can be ordered using internal verification Order, other orders for being used to verify smart card validity that smart card can also be used to support.The key verification order adds Close algorithm is arranged by read-write terminal and smart card.
The key verification order includes random number plain text;The smart card receives described close including random number plain text After key check command, the random number plain text is encrypted according to the AES arranged with the read-write terminal, will The random number plain text is changed into random number ciphertext.
Key verification command response receiving module 20 is used for the key verification command response for receiving smart card return;
The key verification command response includes the random number ciphertext.
Key verification order performs time judgment module 40 and is used to record current timestamp t2, and according to the timestamp t1With the timestamp t2The execution time of the key verification order is calculated, during by by the execution of the key verification order Between judge whether compared with set threshold value by relay attack.
The execution time of the key verification order is t2-t1, by by the execution time of the key verification order and institute Judge whether if threshold value is compared by relay attack.The set threshold value can be rule of thumb set, as read-write terminal It is the execution time with completing the key verification order during smart card proper communication, then described close by what is obtained in detection process The execution time of key check command is compared with set threshold value, if the execution time of the key verification order can be drawn More than set threshold value, then it can be determined that there occurs relay attack;, whereas if the execution time of the key verification order is little In set threshold value, then it can be determined that and relay attack do not occur.
The embodiment of the present invention from read-write terminal to smart card by before read-write terminal and smart card proper communication, sending close Key check command, and by the execution time of key verification order compared with set threshold value, and then judge whether to be relayed Attack, solve the problems, such as that prior art is difficult to prevent relay attack, can be interrupted in time when detecting by relay attack Communication, avoids losing.
Further, perform time judgment module 40 based on above-described embodiment, key verification order and be additionally operable to:
Judge whether the execution time of the key verification order exceedes set threshold value, if the key verification order is held The row time exceedes set threshold value, then knows by relay attack;If the execution time of the key verification order is not less than set Threshold value, then know and be not affected by relay attack;Wherein, the system for the execution time that the set threshold value passes through the key verification order Evaluation obtains.
Because in the communication of read-write terminal and smart card, the execution time of key verification order is incomplete same.To homotype The execution time of number key verification order of read-write terminal and smart card based on particular encryption algorithm is counted, and can obtain institute The statistical value of the execution time of key verification order is stated, the statistical value of the execution time of key verification order can reflect read-write eventually End and the execution time of key verification order during smart card proper communication.Therefore, the set threshold value can pass through the key The statistics of the execution time of check command is worth to.The set threshold value can be that t+ (4~6) σ, wherein t is the key verification The average value of the execution time of order, σ are the standard deviations of the execution time of the key verification order.
Key verification order performs the execution that time judgment module 40 judges the key verification order in detection process Whether the time exceedes set threshold value, if the execution time of the key verification order exceedes set threshold value, knows and is relayed Attack;If the execution time of the key verification order not less than set threshold value, is known and is not affected by relay attack.
On the basis of above-described embodiment, the statistical value for the execution time that the embodiment of the present invention passes through key verification order obtains To set threshold value, and by the execution time of key verification order compared with the size of set threshold value, so judge whether by To relay attack, accuracy and reliability that relay attack detects are improved.
Further, based on above-described embodiment, the set threshold value is t+5 σ, and wherein t is the key verification order The average value of time is performed, σ is the standard deviation of the execution time of the key verification order.
On the basis of above-described embodiment, the embodiment of the present invention obtains more reasonably set threshold value by testing, and improves The accuracy and reliability of relay attack detection.
Fig. 4 is the structural representation of another read-write terminal provided in an embodiment of the present invention.As shown in figure 4, the read-write is eventually End includes key verification order sending module 10, key verification command response receiving module 20, key verification command response and judged Module 30 and key verification order perform time judgment module 40, wherein:
Key verification order sending module 10 is used for after the completion of anti-collision, starts transceiving data with selected smart card Before, record current timestamp t1, and key verification order is sent to the smart card;
Key verification command response receiving module 20 is used for the key verification command response for receiving smart card return;
Key verification command response judge module 30 is used for the key verification that smart card return is received in the read-write terminal After command response, current timestamp t is recorded2Before, if judging to know that the key verification command response is illegal, interrupt With the smart card communications, subsequent step is no longer performed.
If the key verification command response that the smart card that key verification command response receiving module 20 receives is sent with it is pre- The key verification command response of phase is different, that is, receives illegal key verification command response, then illustrates trunking to the number that communicates According to being distorted, key verification command response judge module 30 would know that communication between read-write terminal and smart card by After attack, then interrupt and perform time judgment module 40 with the smart card communications, no longer triggering key verification order and act.
If the key verification command response that the smart card that key verification command response receiving module 20 receives is sent with it is pre- The key verification command response of phase is identical, that is, receives legal key verification command response, then illustrates trunking not to communication Data are distorted, but key verification command response judge module 30 not can determine that the communication between read-write terminal and smart card Whether by relay attack, then trigger the key verification order execution action of time judgment module 40 and determined whether.
Key verification order performs time judgment module 40 and is used to record current timestamp t2, and according to the timestamp t1With the timestamp t2The execution time of the key verification order is calculated, during by by the execution of the key verification order Between judge whether compared with set threshold value by relay attack.
Wherein, key verification order sending module 10, key verification command response receiving module 20 and key verification order The 26S Proteasome Structure and Function of execution time judgment module 40 is identical with Fig. 3, and here is omitted.
On the basis of above-described embodiment, during the embodiment of the present invention is judged by the legitimacy of key verification command response After the generation of attack, the efficiency that relay attack detects is improved.
Fig. 5 is the detecting system structural representation of smart card relay attack provided in an embodiment of the present invention.As shown in figure 5, The system includes read-write terminal 100 and smart card 200, wherein:
Read-write terminal 100 is used for after the completion of anti-collision, before starting transceiving data with selected smart card, records current Timestamp t1, and key verification order is sent to the smart card;Receive the key verification command response that smart card returns;Record Current timestamp t2, and according to the timestamp t1With the timestamp t2Calculate the execution time of the key verification order; By the way that the execution time of the key verification order is judged whether by relay attack compared with set threshold value;
Smart card 200 is used to receive the key verification order that the read-write terminal is sent, and performs the key verification order, And the key verification command response is sent to the read-write terminal.
Read-write terminal 100 before starting transceiving data with smart card 200, records current timestamp after the completion of anti-collision t1, and key verification order is sent to smart card 200;Smart card for meeting ISO/IEC 7816-4 standards, the key Check command can use internal verification order, and other that can also be supported using smart card are used to verify smart card validity Order, the AES of the key verification order are arranged by read-write terminal and smart card.
The key verification order includes random number plain text;The smart card receives described close including random number plain text After key check command, the random number plain text is encrypted according to the AES arranged with the read-write terminal, will The random number plain text is changed into random number ciphertext.
Smart card 200 sends the key verification command response for including the random number ciphertext to read-write terminal 100, and read-write is eventually End 100 records current timestamp t after receiving the key verification command response of smart card return2, and according to the timestamp t1 With the timestamp t2Calculate the execution time t of the key verification order2-t1, by by the execution of the key verification order Time judges whether compared with set threshold value by relay attack, can rule of thumb set the set threshold value, as Read-write terminal and the execution time that the key verification order is completed during smart card proper communication.Read-write terminal 100 will detect The execution time of the key verification order obtained in journey is compared with set threshold value, if the key school can be drawn The execution time for testing order is more than set threshold value, then can be determined that there occurs relay attack;, whereas if the key verification life The execution time of order is not more than set threshold value, then can be determined that and relay attack does not occur.
The embodiment of the present invention from read-write terminal to smart card by before read-write terminal and smart card proper communication, sending close Key check command, and by the execution time of key verification order compared with set threshold value, and then judge whether to be relayed Attack, solve the problems, such as that prior art is difficult to prevent relay attack, can be interrupted in time when detecting by relay attack Communication, avoids losing.
Further, it is additionally operable to based on above-described embodiment, read-write terminal 100:Judge the execution of the key verification order Whether the time exceedes set threshold value, if the execution time of the key verification order exceedes set threshold value, knows and is relayed Attack;If the execution time of the key verification order not less than set threshold value, is known and is not affected by relay attack;Wherein, institute The statistics for stating the execution time that set threshold value passes through the key verification order is worth to.
The statistical value of the execution time of key verification order can reflect read-write terminal and key during smart card proper communication The execution time of check command.Therefore, the set threshold value can pass through the statistics of the execution time of the key verification order It is worth to.The set threshold value can be t+ (4~6) σ, wherein t be the key verification order the execution time average value, σ It is the standard deviation of the execution time of the key verification order.
Read-write terminal 100 judges whether the execution time of the key verification order in detection process exceedes set threshold Value, if the execution time of the key verification order exceedes set threshold value, know by relay attack;If the key verification The execution time of order not less than set threshold value, is then known and is not affected by relay attack.
On the basis of above-described embodiment, the statistical value for the execution time that the embodiment of the present invention passes through key verification order obtains To set threshold value, and by the execution time of key verification order compared with the size of set threshold value, so judge whether by To relay attack, accuracy and reliability that relay attack detects are improved.
Further, based on above-described embodiment, the set threshold value is t+5 σ, and wherein t is the key verification order The average value of time is performed, σ is the standard deviation of the execution time of the key verification order.
On the basis of above-described embodiment, the embodiment of the present invention obtains more reasonably set threshold value by testing, and improves The accuracy and reliability of relay attack detection.
Further, it is additionally operable to based on above-described embodiment, read-write terminal 100:Receiving the key school of the return of smart card 200 Test after command response, record current timestamp t2Before, if judging to know that the key verification command response is illegal, in It is disconnected to be communicated with the smart card 200, no longer perform subsequent step.
If the key verification command response that the smart card that read-write terminal 100 receives is sent and expected key verification order Response is different, that is, receives illegal key verification command response, then illustrate that trunking is distorted to communication data, reads and writes Terminal 100 would know that the communication between read-write terminal and smart card is led to by relay attack, then interruption with the smart card 200 Letter.
If the key verification command response that the smart card that read-write terminal 100 receives is sent and expected key verification order Respond identical, that is, receive legal key verification command response, then illustrate that trunking is not distorted to communication data, still Whether read-write terminal 100 not can determine that communication between read-write terminal and smart card by relay attack, need to further pass through by The execution time of the key verification order is judged compared with set threshold value.
On the basis of above-described embodiment, during the embodiment of the present invention is judged by the legitimacy of key verification command response After the generation of attack, the efficiency that relay attack detects is improved.
Read-write terminal provided in an embodiment of the present invention and system are for the above method, and concrete function can refer to above-mentioned side Method flow, here is omitted.
Fig. 6 is the structural representation of electronic equipment provided in an embodiment of the present invention.As shown in fig. 6, electronic equipment 1 includes place Manage device 301, memory 302 and bus 303.Wherein, the processor 301 and the memory 302 are complete by the bus 303 Into mutual communication;The processor 301 is used to call the programmed instruction in the memory 302, to perform above-mentioned each side The method that method embodiment is provided, such as including:After the completion of anti-collision, before starting transceiving data with selected smart card, read Write terminal and record current timestamp t1, and key verification order is sent to the smart card;The read-write terminal receives intelligence Block the key verification command response returned;The read-write terminal records current timestamp t2, and according to the timestamp t1And institute State timestamp t2The execution time of the key verification order is calculated, by by the execution time of the key verification order and institute Judge whether if threshold value is compared by relay attack.
The embodiment of the present invention discloses a kind of computer program product, and the computer program product is non-transient including being stored in Computer program on computer-readable recording medium, the computer program include programmed instruction, when described program instructs quilt When computer performs, computer is able to carry out the method that above-mentioned each method embodiment is provided, such as including:Completed in anti-collision Afterwards, before starting transceiving data with selected smart card, read-write terminal records current timestamp t1, and send key verification order To the smart card;The read-write terminal receives the key verification command response that smart card returns;The read-write terminal record is worked as Preceding timestamp t2, and according to the timestamp t1With the timestamp t2The execution time of the key verification order is calculated, is led to Cross and judge whether the execution time of the key verification order by relay attack compared with set threshold value.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium storing program for executing, the non-transient computer readable storage Medium storing computer instructs, and the computer instruction makes the computer perform the side that above-mentioned each method embodiment is provided Method, such as including:After the completion of anti-collision, before starting transceiving data with selected smart card, when read-write terminal records current Between stab t1, and key verification order is sent to the smart card;The read-write terminal receives the key verification life that smart card returns Order response;The read-write terminal records current timestamp t2, and according to the timestamp t1With the timestamp t2Described in calculating The execution time of key verification order, by the way that the execution time of the key verification order is judged compared with set threshold value Whether by relay attack.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program Upon execution, the step of execution includes above method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or light Disk etc. is various can be with the medium of store program codes.
The embodiments such as electronic equipment described above are only schematical, illustrate wherein described as separating component Unit can be or may not be physically separate, can be as the part that unit is shown or may not be thing Manage unit, you can with positioned at a place, or can also be distributed on multiple NEs.It can select according to the actual needs Some or all of module therein is selected to realize the purpose of this embodiment scheme.Those of ordinary skill in the art are not paying wound In the case of the work for the property made, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can Realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on such understanding, on The part that technical scheme substantially in other words contributes to prior art is stated to embody in the form of software product, should Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including some fingers Make to cause an electronic equipment (can be personal computer, server, or network equipment etc.) to perform each embodiment Or the method described in some parts of embodiment.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims (10)

  1. A kind of 1. detection method of smart card relay attack, it is characterised in that including:
    After the completion of anti-collision, before starting transceiving data with selected smart card, read-write terminal records current timestamp t1, and Key verification order is sent to the smart card;
    The read-write terminal receives the key verification command response that smart card returns;
    The read-write terminal records current timestamp t2, and according to the timestamp t1With the timestamp t2Calculate described close The execution time of key check command, by the way that judgement is compared with set threshold value by the execution time of the key verification order It is no by relay attack.
  2. 2. according to the method for claim 1, it is characterised in that described by by the execution time of the key verification order Judge whether to be specifically included by relay attack compared with set threshold value:
    Judge whether the execution time of the key verification order exceedes set threshold value, if during the execution of the key verification order Between exceed set threshold value, then know by relay attack;If the execution time of the key verification order not less than set threshold value, Then know and be not affected by relay attack;Wherein, the statistical value for the execution time that the set threshold value passes through the key verification order Obtain.
  3. 3. according to the method for claim 2, it is characterised in that the set threshold value is t+5 σ, and wherein t is the key school The average value of the execution time of order is tested, σ is the standard deviation of the execution time of the key verification order.
  4. 4. according to any methods described of claims 1 to 3, it is characterised in that receive what smart card returned in the read-write terminal After key verification command response, current timestamp t is recorded2Also include before:
    If the read-write terminal judges to know that the key verification command response is illegal, interruption and the smart card communications, no Subsequent step is performed again.
  5. A kind of 5. read-write terminal, it is characterised in that including:
    Key verification order sending module, for after the completion of anti-collision, before starting transceiving data with selected smart card, recording Current timestamp t1, and key verification order is sent to the smart card;
    Key verification command response receiving module, for receiving the key verification command response of smart card return;
    Key verification order performs time judgment module, for recording current timestamp t2, and according to the timestamp t1And institute State timestamp t2The execution time of the key verification order is calculated, by by the execution time of the key verification order and institute Judge whether if threshold value is compared by relay attack.
  6. 6. read-write terminal according to claim 5, it is characterised in that also including key verification command response judge module, It is specifically used for:
    After the key verification command response that the read-write terminal receives that smart card returns, current timestamp t is recorded2Before, If judgement knows that the key verification command response is illegal, interruption and the smart card communications, subsequent step is no longer performed.
  7. A kind of 7. detecting system of smart card relay attack, it is characterised in that including:
    Read-write terminal, for after the completion of anti-collision, before starting transceiving data with selected smart card, recording current timestamp t1, and key verification order is sent to the smart card;Receive the key verification command response that smart card returns;Record currently Timestamp t2, and according to the timestamp t1With the timestamp t2Calculate the execution time of the key verification order;Passing through will The execution time of the key verification order judges whether by relay attack compared with set threshold value;
    Smart card, the key verification order sent for receiving the read-write terminal, performs the key verification order, and send The key verification command response gives the read-write terminal.
  8. 8. system according to claim 7, it is characterised in that the read-write terminal is additionally operable to:
    After the key verification command response that smart card returns is received, current timestamp t is recorded2Before, if judging to know institute It is illegal to state key verification command response, then interruption and the smart card communications, no longer perform subsequent step.
  9. 9. a kind of electronic equipment, it is characterised in that including memory and processor, the processor and the memory pass through total Line completes mutual communication;The memory storage has and can adjusted by the programmed instruction of the computing device, the processor The method as described in Claims 1-4 is any is able to carry out with described program instruction.
  10. 10. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the computer program quilt The method as described in Claims 1-4 is any is realized during computing device.
CN201710779601.0A 2017-09-01 2017-09-01 A kind of detection method, read-write terminal and the system of smart card relay attack Pending CN107707527A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710779601.0A CN107707527A (en) 2017-09-01 2017-09-01 A kind of detection method, read-write terminal and the system of smart card relay attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710779601.0A CN107707527A (en) 2017-09-01 2017-09-01 A kind of detection method, read-write terminal and the system of smart card relay attack

Publications (1)

Publication Number Publication Date
CN107707527A true CN107707527A (en) 2018-02-16

Family

ID=61171402

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710779601.0A Pending CN107707527A (en) 2017-09-01 2017-09-01 A kind of detection method, read-write terminal and the system of smart card relay attack

Country Status (1)

Country Link
CN (1) CN107707527A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111383011A (en) * 2018-12-29 2020-07-07 华为技术有限公司 Method for processing relay attack and security unit
CN112688774A (en) * 2020-12-09 2021-04-20 天地融科技股份有限公司 Secure communication method and system for protecting key negotiation by using timing communication
CN114513371A (en) * 2022-04-19 2022-05-17 广州万协通信息技术有限公司 Attack detection method and system based on interactive data
WO2022121938A1 (en) * 2020-12-09 2022-06-16 天地融科技股份有限公司 Secure communication method and system for protecting key negotiation by using timing communication
CN115086072A (en) * 2022-07-20 2022-09-20 紫光同芯微电子有限公司 Smart card attack testing method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102047606A (en) * 2008-05-26 2011-05-04 Nxp股份有限公司 Decoupling of measuring the response time of a transponder and its authentication
CN103095346A (en) * 2011-11-04 2013-05-08 Nxp股份有限公司 Proximity assurance for short-range communication channels
CN103679058A (en) * 2013-12-25 2014-03-26 湖北警官学院 System and method of non-contact IC card for defending relay attack
CN104821945A (en) * 2015-04-30 2015-08-05 南京邮电大学 Defensive system of relay attack of near-field mobile payment and realization method thereof
CN105046177A (en) * 2014-04-29 2015-11-11 恩智浦有限公司 Proximity check for communication devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102047606A (en) * 2008-05-26 2011-05-04 Nxp股份有限公司 Decoupling of measuring the response time of a transponder and its authentication
CN103095346A (en) * 2011-11-04 2013-05-08 Nxp股份有限公司 Proximity assurance for short-range communication channels
CN103679058A (en) * 2013-12-25 2014-03-26 湖北警官学院 System and method of non-contact IC card for defending relay attack
CN105046177A (en) * 2014-04-29 2015-11-11 恩智浦有限公司 Proximity check for communication devices
CN104821945A (en) * 2015-04-30 2015-08-05 南京邮电大学 Defensive system of relay attack of near-field mobile payment and realization method thereof

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111383011A (en) * 2018-12-29 2020-07-07 华为技术有限公司 Method for processing relay attack and security unit
CN111383011B (en) * 2018-12-29 2023-09-29 华为技术有限公司 Method for processing relay attack and safety unit
CN112688774A (en) * 2020-12-09 2021-04-20 天地融科技股份有限公司 Secure communication method and system for protecting key negotiation by using timing communication
WO2022121938A1 (en) * 2020-12-09 2022-06-16 天地融科技股份有限公司 Secure communication method and system for protecting key negotiation by using timing communication
CN114513371A (en) * 2022-04-19 2022-05-17 广州万协通信息技术有限公司 Attack detection method and system based on interactive data
CN115086072A (en) * 2022-07-20 2022-09-20 紫光同芯微电子有限公司 Smart card attack testing method and device
CN115086072B (en) * 2022-07-20 2022-12-16 紫光同芯微电子有限公司 Smart card attack testing method and device

Similar Documents

Publication Publication Date Title
CN107707527A (en) A kind of detection method, read-write terminal and the system of smart card relay attack
EP3537745B1 (en) Physical and logical detections for fraud and tampering
CN102547682B (en) Control protected built-in function and the method and apparatus of application in microcircuit card
CN103778730B (en) Improve the method for mobile terminal near-field communication payment safety, system and terminal thereof
CN107645482A (en) A kind of risk control method and device for business operation
CN102542453B (en) Mobile payment identity verification method
WO2017128976A1 (en) Credit payment method and device based on card emulation of mobile terminal
CN106997527A (en) Credit payment method and device based on mobile terminal P2P
CN103699997B (en) A kind of method, apparatus and electronic equipment of locking mobile payment service
CN103268547A (en) NFC (Near Field Communication) mobile phone payment system with fingerprint authentication mechanism
CN101918985A (en) Contactless biometric authentication system and authentication method
CN108810831A (en) Method for pushing, electronic device and the readable storage medium storing program for executing of short message verification code
CN105324777A (en) Device and authentication system
CN104363589A (en) Identity authentication method, device and terminal
CN103794000A (en) Method for processing in case of non-contact IC card data reading failure and device for implementing method
CN101872513B (en) Data processing method, device and system based on POS (Point-Of-Sale) machine
Radu et al. Practical EMV relay protection
CN204242233U (en) A kind of NFC mobile phone payment system
CN102779374B (en) The transaction processing method of stored value card and system
CN103684779B (en) communication network authentication method and system
CN107294981B (en) Authentication method and equipment
CN104169942A (en) Card swiping method and device for determining mobile terminal for swiping card, utilizing intensity of ultrasonic signal
CN107862768A (en) A kind of intelligent bicycle lock control method and device
US11403639B2 (en) Method of auto-detection of an attempted piracy of an electronic payment card, corresponding card, terminal and program
CN104573765B (en) Smart card information processing method and processing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180216

RJ01 Rejection of invention patent application after publication