Intelligent card system man-in-the-middle attack verification platform and test method

Abstract

The invention relates to an intelligent card system man-in-the-middle attack verification platform and a test method. One end of the verification platform conducts communication with an intelligent card, and the other end of the verification platform conducts communication with a card reader. A control management module is arranged in the verification platform and used for loading an attack test program and storing and processing instructions and responses sent by the card reader and the intelligent card. By the adoption of the intelligent card system man-in-the-middle attack verification platform of the structure and the test method, the uniformity of an intelligent card system design scheme and the practical running process can be verified, and authenticity and effectiveness of a security evaluation result is guaranteed; the evaluation result has higher persuasion and authority; due to the fact that a middle attack needs to be executed actually, cost of the man-in-the-middle attack can be quantified effectively and accurately, the ability of an intelligent card system in resisting the man-in-the-middle attack can be evaluated accurately, and thus the security level of the intelligent card system to be tested is confirmed.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to the security test and verification of a smart card system, specifically a smart card system man-in-the-middle attack verification platform and a test method. Background technique [0002] A smart card system usually consists of two parts: a smart card and a card reader (including the background). Smart card systems can be divided into contact smart card systems and contactless smart card systems. [0003] Typical contact smart card systems such as bank chip cards and SIM cards; typical contactless smart card systems such as bus cards. Contact smart cards communicate with the reader through the smart card's contacts; contactless smart cards communicate through radio frequency. Smart card communication is master-slave, the card reader sends APDU commands, and the smart card sends APDU responses. All communication is initiated by the reader, and the smart card is onl...

AI Technical Summary

Problems solved by technology

[0010] The purpose of the present invention is to overcome the above-mentioned shortcoming of the prior art, aiming at the problem that there is no man-in-the-middle attack test and verification tools in the current smart card system security testing process, a smart card system man-in-the-middle attack verification platform and test method are proposed to realize smart card Test, verify and display the man-in-the-middle attack of the system, so as to confirm the anti-man-in-the-middle attack capability of the smart card system to be tested, and finally evaluate the security of the smart card system

Images