摘要
《中国金融集成电路(IC)卡规范》(JR/T 0025,简称PBOC)是由中国人民银行发布的针对我国金融IC卡的实施技术规范性文件。JR/T 0025.16—2013中规定的IC卡互联网终端与金融机构处理中心间的安全通信方式存在可导致中间人攻击的安全缺陷,使按照规范设计的IC卡互联网终端产品存在被仿冒的风险。描述和分析这个位于安全通道握手过程中的安全缺陷,并提供了攻击流程和改进方案。
"China Financial Integrated Circuit Card Specifications"( JR / T 0025,referred to as"PBOC") is the technical specifications for financial IC card issued by the People's Bank of China.The secure communication method between IC card internet terminal and the processing centres of financial institutions specified by JR / T 0025.16—2013 has a man-in-the-middle attack security hole.All the IC card internet terminal products satisfying JR / T 0025.16—2013 have the risk of being counterfeited.This article describes and analyses the security hole in secure channel handshake process,and provides the attack process and fixing approach.
出处
《计算机应用与软件》
CSCD
北大核心
2014年第11期330-333,共4页
Computer Applications and Software
