Digital Signal Processing Reference
In-Depth Information
•
Two random numbers are always encrypted simultaneously. This rules out the
possibility of performing an inverse transformation using
R
A
to obtain token 1,
with the aim of calculating the secret key.
•
The token can be encrypted using any algorithm.
•
The strict use of random numbers from two independent sources (transponder,
reader) means that recording an authentication sequence for playback at a later
date (replay attack) would fail.
•
A random key (session key) can be calculated from the random numbers generated,
in order to cryptologically secure the subsequent data transmission.
8.2 Authentication Using Derived Keys
One disadvantage of the authentication procedure described in Section 8.1 is that all
transponders belonging to an application are secured using an identical cryptological
key
K
. For applications that involve vast quantities of transponders (e.g. the ticketing
system for the public transport network, which uses several million transponders) this
represents a potential source of danger. Because such transponders are accessible to
everyone in uncontrolled numbers, the small probability that the key for a transponder
will be discovered must be taken into account. If this occurred, the procedure described
above would be totally open to manipulation.
A significant improvement on the authentication procedure described can be achieved
by securing each transponder with a different cryptological key. To achieve this, the
serial number of each transponder is read out during its production. A key
K
X
is cal-
culated (
→
derived) using a cryptological algorithm and a
master key K
M
,andthe
transponder is thus initialised. Each transponder thus receives a key linked to its own
ID number and the master key
K
M
.
The mutual authentication begins by the reader requesting the ID number of the
transponder (Figure 8.2). In a special security module in the reader, the
SAM
(security
authentication module), the transponder's specific key is calculated using the master
key
K
M
, so that this can be used to initiate the authentication procedure. The SAM
Production
time
GET_ID
Reader
ID-Number
ID-Number
GET_CHALLENGE
Random A
Key K
M
K
M
Transponder
Token 1
Token 2
Key K
X
Key K
X
Figure 8.2
In an authentication procedure based upon derived keys, a key unique to the
transponder is first calculated in the reader from the serial number (ID number) of the transpon-
der. This key must then be used for authentication
Search WWH ::
Custom Search