Smart Card Channel Encryption Scheme Based on Chaotic Map
1 Overview
Due to the limitations of ISO 7816-3, the data on the I/O line of the smart card is basically not packaged, so it is easy to intercept the data on the I/O line by using the RS232 serial port on the PC. For the transmission of some sensitive data, external authentication of the private key, etc., the data must be encrypted to ensure channel security. The traditional method writes the private key into the card NVM (Non Volatile Memory) in the card personalization stage, and the authentication process is as follows: (1) The 8 Byte (16 Byte) random number is taken out from the card by taking the random number instruction. (2) Using a private key to encrypt the random number as DES (3DES)] to generate a ciphertext. (3) Send the ciphertext to the card using an external authentication command. (4) The COS (Card Operation System) decrypts the ciphertext using the private key and compares it with the random number generated by the process (I) to complete the external authentication. It can be seen that the above authentication process (ciphertext exchange process) is vulnerable to plaintext attacks, and the security of authentication depends on the quality of the key and the random number solidified on the NVM, and the low cost of a real random number generator like the CIU51G128. In terms of cards, the above mechanism is meaningless.
The Logistic sequence has the characteristics of sensitivity to initial value, randomness and reproducibility. After entering the chaotic state, it has the advantages of uniform distribution, simple iterative formula and easy digital implementation. This paper discusses and implements the use of Logistic chaotic map to synchronously generate server-side and card-side keys, which improves the security of message exchange.
2 Logistic chaotic mapping theory and its characteristics
Chaotic phenomena are a deterministic, random-like process in nonlinear dynamic systems. Due to the extreme sensitivity of the initial conditions of the chaotic power system, a large number of aperiodic, continuous wideband spectra, noise-like, and reproducible chaotic signals can be generated. Logistic chaotic map is a kind of chaotic map that is widely studied. Its expression is
.jpg){kind=small}
Among them, 0 Figure 2 shows the difference of chaotic sequence values ​​of two different initial values ​​when Xo takes 0.663 489 000, 0.663 489 001, and μ = 3.99. It can be seen that the two initial values ​​differ only by 0.000 000 001. In the first 20 iterations, the difference between the two is small, approximately 0, but as the number of iterations increases, the values ​​of the two sequences show a In an irregular situation, the difference between the two is also obvious. Therefore, it can be seen that the system is very sensitive to changes in initial values ​​and has an avalanche effect. (2) The mean of the Logistic chaotic sequence (3) Logistic autocorrelation and cross-correlation Among them, λ has nothing to do with the selection of the initial value. For Logistic mapping, consider the parameter 3.4 ≤ μ ≤ 4, if P In equation (9), (2L-Xn) is equivalent to complementing XK, (2L-Xn) and XK are both L bits, the product is 2L bit, and multiplied by μ of Lbit to obtain the product of 3L bit. Then divide by 2L to shift the product to the right by L bit and take the high L bif as the output result, as shown in Figure 3. Figure 4 shows the contents of the system area on the FLASH viewed by the emulator. Due to the Bank mechanism, the code area occupies Bank 0 and Bank 1. The data area occupies Bank 2 and Bank 3. The address space of each bank is 0x8000. ~0xFFFF has a total of 32 KB space, so the logical address 0x0000 of the data area corresponds to 0x8000 of Bank 2. After 200 iterations, X200, Y200 and Z200 are shown in Table 3. For example, if the encrypted data plaintext is {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}, the aforementioned 3DES algorithm is used, the first round of encryption uses the key X200, and the second round of decryption uses the key Y200, the first The three-pass encryption uses the key Z200, and the final ciphertext result is {0xE3, 0x1D, 0x61, 0xEF, 0x68, 0x9D, 0xFB, 0x72}. After receiving the ciphertext, the server finds the corresponding classification parameter and initial value according to the ICCID of the card, and generates the key after 200 iterations. The first round decrypts the key 200, and the second round uses the key Y200. The third round of decryption uses the key: Z200, and the plaintext {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88} is obtained, thus completing a message exchange. black dish rack Jiangmen Xinhui Siqian Xiangyu Metalwork Factory , https://www.xydryingrack.com.jpg)
.jpg)
(1) The probability density distribution function of the Logistic chaotic sequence is .jpg)
.jpg){kind=small}
Let a(1) and a(2) denote two different Logistic chaotic map sequences of length N, respectively, and n denote the state of a? at time i. When N→∞, the autocorrelation and cross-correlation functions of the sequence are respectively .jpg)
among them, .jpg){kind=small}
Represents the complex conjugate of ai (1). It can be seen that the Logistic chaotic map sequence has good autocorrelation and cross-correlation properties.
(4) Lyapunov index of Logistic chaotic sequence
The Lyapunov exponent is a quantitative characterization of the overall effect of the motion trajectories generated by nonlinear mapping approaching or separating from each other. For chaotic systems, the positive Lyapunov exponent indicates that the trajectory is unstable at each locality and the adjacent orbits are separated exponentially. At the same time, the positive Lyapunov exponent also indicates the loss of information of adjacent points. The larger the value, the more serious the loss of information and the higher the degree of chaos.
In the one-dimensional dynamic system X n+1 =F(X n), the Li Zhipunov index is .jpg)
3 Dynamic 3DES encryption scheme based on chaotic mapping
3.1 Ciphertext exchange process design
The DES algorithm is a well-recognized good encryption algorithm and has become the de facto standard for trade, finance, communications and other industries. But the DES algorithm is a public algorithm whose security depends entirely on the protection of the key. There must be a reliable channel to distribute the key, and the single DES algorithm key is too short, only 8 Bytes.
To compensate for this shortcoming, people have designed Triple DES (3DES). That is, the DES algorithm is enhanced by using a single DES algorithm three times, each time using a combination of encryption, decryption, and different keys. The commonly used 3DES algorithm models are:
(1) DES-EEE2: Double key encryption method. A process of using encryption-encryption-encryption, in which the first encryption process and the third encryption process use the same key.
(2) DES-EDE2: Double key encryption method. A process of using encryption-encryption-encryption, in which the first encryption process and the third encryption process use the same key.
(3) DES-EEE3: Three-key encryption method. Using encryption-encryption-encryption processes, each encryption process uses a different key.
(4) DES-EDE3: Three-key encryption method. Using a process of encryption-encryption-encryption, each encryption and decryption process uses a different key.
In order to enhance security, this paper adopts a scheme, that is, each round of single DES operation uses a different key, so that even if one of the keys is broken, the ciphertext will not be cracked, and each round of the key is configured. Logistic chaotic sequences of different fractal parameters are generated.
In order to solve the problem of key distribution, the card-side and server-side synchronization key generation scheme is adopted, that is, in the card pre-personalization stage, the server randomly generates three classification parameters μI, μ2, μ3 and initial values ​​X0, Y0, z0. And corresponding to the serial number of each card (ICCID: Integrate Circuit Card Identifier), then write the 3 typing parameters and initial values ​​into the NVM of the card, and the server stores the 3 typing parameters and initial values ​​into the database. This is equivalent to the server and the card end two chaotic systems have the same initial value and parameter configuration. As long as the number of iterations of the server and the card end is the same every time the external authentication or ciphertext is delivered, the keys used by the two ends are guaranteed to be the same, thus solving the problem of key distribution. At the same time, the card end and the server end save the iteration result as the initial value of the next iteration. This achieves a one-time dynamic encryption, effectively preventing plaintext attacks and brute force attacks.
3.2 Algorithm design of Logistic chaotic sequence
Since the 8-bit 51-core CPU has a limited word length, the resulting sequence may only be approximated by the theoretical value and the sequence must be periodic, but from an engineering point of view, the sequence is sufficiently complex as long as the period is long enough. Combining the above factors, considering the storage space, computational efficiency, sequence complexity and DES operation on the key length requirements, a double variable is used to store the typing parameters and initial values, that is, each parameter occupies 8 Bytes of storage space.
In order to use the general-purpose floating-point representation, the floating-point representation specified in IEEE Std 754-1985 is used. Since X n∈(0,1) of the Logisic chaotic sequence, X is written in binary form, ie .jpg)
.jpg)
4 Implementation of Digital Algorithm for Logistic Chaotic Map
The implementation of the above algorithm uses CIU51G128 smart card chip of CLP Huada, and the IDE (Integrated Development Environment) adopts Keilvision2. Flash is generally divided into code area and data area. It uses 64 KB code and 64 KB data planning method. The data is divided into system area, user data area and backup area. Among them, the system area mainly stores important data such as free pointers, card status, MF (Master File) address and algorithm constants, so the entire system area
XOR check or CRC check is generally used to ensure data consistency and correctness. See Table 1 for the planning of the system area. .jpg)
Note: physical address = 0x 0000 + logical address
Using the server generated split parameters μI, μ2, μ3 and initial values ​​X0, Y0, z0 are shown in Table 2, and the generated floating point numbers are stored on the card using the Big Endian method. .jpg)
.jpg)
.jpg)
5 Conclusion
The dynamic channel encryption scheme proposed in this paper has the advantages of fast speed, small code, low cost and good security, and is suitable for external authentication and transmission of sensitive data. With the continuous expansion of the application field of smart cards, this solution has a broad application prospect in the occasions where security requirements such as remote identity authentication and financial transactions are relatively high.
(Text / Tianjin University of Technology Optical Fiber Communication Laboratory, Wang Jiechi, Ma Xiurong, Zhang Jiaming)