Method for detecting security vulnerabilities of a cpu card based on side channel communication analysis
By using side-channel communication analysis and machine learning models, we have achieved accurate detection and quantitative assessment of CPU card security vulnerabilities. This solves the problem that existing technologies cannot deeply analyze CPU card security risks, and provides objective detection results and documentation. It is applicable to CPU cards from different manufacturers and models.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- TOEC ANCHEN INFORMATION TECH
- Filing Date
- 2026-04-27
- Publication Date
- 2026-06-05
AI Technical Summary
In existing technologies, sniffing devices can only passively receive wireless communication signals between the card reader and the CPU card. They cannot deeply analyze the integrity and confidentiality of the interactive data, nor can they identify security risks such as authentication deficiencies, algorithm defects, and data leaks. Therefore, they cannot meet the security assessment requirements of CPU cards.
By employing a side-channel communication analysis approach, including radio frequency signal sniffing, data repair, feature extraction, and multi-dimensional security analysis, combined with machine learning models, we can achieve accurate detection and quantitative assessment of CPU card security vulnerabilities. This includes packet capture, feature factor extraction, protocol matching, random number property analysis, and encryption correlation analysis.
It enables accurate identification and quantitative assessment of CPU card security vulnerabilities, provides objective and accurate detection results, is compatible with CPU cards from different manufacturers and models, is non-invasive in the detection process, provides standardized detection documentation, and supports product development and security maintenance.
Smart Images

Figure CN122160179A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of information security technology, and in particular relates to a method for detecting security vulnerabilities in CPU cards based on side-channel communication analysis. Background Technology
[0002] In existing technologies, sniffing devices passively receive wireless communication signals between the reader and the electronic tag via an RF front-end antenna. The received analog signal is down-converted to baseband, then processed by an FPGA for high-speed sampling, filtering, demodulation, and decoding to reconstruct the original binary data stream. An ARM processor then assembles this data into a complete data frame and adds a timestamp, finally transmitting it to a host computer for analysis via USB or Bluetooth. This entire process is passive and signal-free, enabling real-time monitoring and basic protocol analysis of RFID communication.
[0003] Currently available card readers with eavesdropping capabilities can only collect and restore the data exchanged between the CPU card (smart access card) and the access control terminal. They are limited to simply acquiring data and cannot conduct in-depth analysis and security verification of the integrity and confidentiality of the exchanged data. They cannot effectively identify security risks such as authentication deficiencies, algorithm defects, and data leaks that exist in the communication process between the CPU card and the card reader terminal. As a result, they cannot meet the security assessment needs in CPU card product development, security testing, and operation and maintenance management. Summary of the Invention
[0004] In view of this, the present invention aims to overcome the shortcomings of the above-mentioned problems in the prior art and proposes a CPU card security vulnerability detection method based on side-channel communication analysis. Through passive sniffing, data repair, feature extraction, multi-dimensional security analysis and optional replay verification, the method can achieve accurate detection and quantitative assessment of CPU card security vulnerabilities.
[0005] To achieve the above objectives, the technical solution of the present invention is implemented as follows:
[0006] A method for detecting CPU card security vulnerabilities based on side-channel communication analysis includes the following steps:
[0007] Step 1: RF signal sniffing and raw data packet capture: Deploy the sniffing device in the communication area between the card reader and the CPU card to passively listen to and capture the RF signals between the two, and obtain the raw data packets containing UID, random number, encrypted authentication information, and protocol interaction instructions;
[0008] Step 2: Raw data processing based on triple cue filtering method: Repair, filter, repair and feature extraction of the sniffed raw data packets to generate complete interactive data and core feature factors;
[0009] Step 3: Interactive data security analysis based on feature factors: Perform protocol matching, random number property analysis and encryption correlation analysis on the extracted feature factors to identify security vulnerabilities;
[0010] Step 4: Security Analysis Results Output: Integrate the analysis results from each step to generate standardized CPU card security vulnerability detection results.
[0011] Furthermore, the radio frequency signals include radio frequency commands sent by the card reader in Miller encoding and radio frequency responses returned by the CPU card in Manchester encoding.
[0012] Furthermore, the triple-clue filtering method in step 2 specifically includes:
[0013] First clue processing: Create a first clue data container, segment the raw data based on REQA instructions, filter out the complete data packets with the most interactions, verify the compliance of ISO14443A protocol and ISO7816-4 protocol APDU instructions, and extract RF layer feature factors and application layer instruction feature factors.
[0014] Second clue processing: Create a second clue data container, analyze the raw data packet by packet in time stamp order, remove invalid data packets, perform feature matching between the valid data packets and the data in the first clue data container, extract new feature factors and store them in the second clue data container;
[0015] Third clue processing: merge the first clue data container and the second clue data container to generate a complete interactive data feature set.
[0016] Furthermore, step 2 also includes a machine learning optimization step: using the interaction data features of CPU cards from different manufacturers and models with access control terminals as training materials, inputting them into the machine learning model, and generating a data analysis model; when the second clue data container is not empty, the model determines the insertion position of the newly added feature factor in the complete interaction data based on the learned interaction logic.
[0017] Furthermore, the machine learning model adopts an ensemble learning model based on decision trees, with input features including radio frequency layer features, application layer features, and data quality features, and training methods including offline pre-training and online incremental learning.
[0018] Furthermore, the random number property analysis in step 3 includes:
[0019] Entropy estimation: Calculate the Shannon entropy and minimum entropy of random numbers to assess the unpredictability of random numbers;
[0020] Linear complexity analysis: The Berlekamp-Massey algorithm is used to calculate the linear complexity and feedback polynomial of the random number sequence to determine whether the random number generator has any algorithmic defects.
[0021] Furthermore, the encryption correlation analysis in step 3 includes:
[0022] Linear correlation coefficient and mutual information measure: Calculate the Pearson correlation coefficient and mutual information between random numbers and ciphertext to determine whether there is a linear or non-linear dependency between them;
[0023] Entropy estimation and distribution consistency test: Calculate the Shannon entropy of the random number and the ciphertext respectively, and perform a chi-square test on the ciphertext to determine whether the randomness of the ciphertext has decreased significantly.
[0024] Furthermore, the method also includes replay attack verification: the communication interaction logic extracted in step 2 is written into a blank CPU card, and a legitimate card is simulated for actual card swiping test to verify whether a replay attack vulnerability exists.
[0025] Furthermore, the replay attack verification trigger condition is as follows: when step 3 determines that the CPU card has any medium-to-high risk vulnerability among authentication vulnerabilities, random number vulnerabilities, or encryption algorithm vulnerabilities, the replay attack verification is automatically triggered.
[0026] Furthermore, the security analysis results output in step 4 include vulnerability classification and risk level division:
[0027] Vulnerability categories include: authentication vulnerabilities, random number vulnerabilities, encryption algorithm vulnerabilities, and replay attack vulnerabilities;
[0028] Risk levels include: high risk, medium risk, and low risk.
[0029] Compared with existing technologies, the CPU card security vulnerability detection method based on side-channel communication analysis described in this invention has the following advantages:
[0030] 1. Filling the gap in existing technology and realizing the concrete security analysis of wireless communication signals: Transforming the imperceptible wireless radio frequency signals between the card reader and the CPU card into analyzable, verifiable, and quantifiable structured data, enabling in-depth analysis of the integrity and confidentiality of the data exchanged between the CPU card and the card reader terminal, solving the core problem that existing technologies can only collect data but cannot identify security risks;
[0031] 2. Comprehensive detection dimensions and accurate vulnerability identification: It integrates four major detection dimensions: protocol matching, random number property detection, encryption algorithm analysis, and replay attack verification. It comprehensively covers the security risk points of CPU cards from the data layer, algorithm layer, and application layer. It can accurately identify various security vulnerabilities such as authentication vulnerabilities, random number vulnerabilities, encryption algorithm vulnerabilities, and replay attack vulnerabilities. It also determines the vulnerability risk level through quantitative indicators, and the detection results are accurate and objective.
[0032] 3. The data processing method is efficient and self-optimizing with strong adaptability: The proposed triple clue filtering method can effectively repair the problems of discontinuity, errors and missing frames in sniffing data, and achieve accurate extraction of effective feature factors; combined with machine learning to form a positive feedback iterative mechanism, the accuracy and efficiency of data processing will continue to improve with the number of uses, and it can adapt to the data processing needs of CPU cards from different manufacturers, models and application scenarios, without the need for customized development for specific CPU cards;
[0033] 4. Scientific and traceable detection process with highly practical results: The interactive data features are integrated into the machine learning model, making the detection and analysis process more scientific and systematic. All analysis processes are based on quantitative indicators and objective data, without subjective judgment. At the same time, it can automatically generate and archive standardized detection documents, which contain core contents such as vulnerability lists, risk assessments, and remediation suggestions, providing first-hand objective data for CPU card product development, vulnerability remediation, and security operation and maintenance.
[0034] 5. Non-invasive detection method with high safety: The entire process uses passive sniffing to collect radio frequency signals without any active signal transmission. It does not interfere with the normal communication between the card reader and the CPU card, and does not contact the internal hardware and software of the object being tested. It will not cause any hardware damage or software logic disruption to the CPU card or card reader. The detection process is safe and non-invasive, and can be carried out directly in practical application scenarios. Attached Figure Description
[0035] The accompanying drawings, which form part of this invention, are used to provide a further understanding of the invention. The illustrative embodiments of the invention and their descriptions are used to explain the invention and do not constitute an undue limitation of the invention. In the drawings:
[0036] Figure 1 This is a schematic diagram of the method flow of the present invention;
[0037] Figure 2 This is a diagram of the interactive data structure of the present invention;
[0038] Figure 3 This is a schematic diagram of the security analysis process of the present invention. Detailed Implementation
[0039] It should be noted that, unless otherwise specified, the embodiments and features described in the present invention can be combined with each other.
[0040] In the description of this invention, it should be understood that the terms "center," "longitudinal," "lateral," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," and "outer," etc., indicating orientations or positional relationships based on the orientations or positional relationships shown in the accompanying drawings, are only for the convenience of describing the invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation, and therefore should not be construed as a limitation of the invention. Furthermore, the terms "first," "second," etc., are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of indicated technical features. Thus, a feature defined with "first," "second," etc., may explicitly or implicitly include one or more of that feature. In the description of this invention, unless otherwise stated, "a plurality of" means two or more.
[0041] In the description of this invention, it should be noted that, unless otherwise explicitly specified and limited, the terms "installation," "connection," and "linking" should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral connection; they can refer to a mechanical connection or an electrical connection; they can refer to a direct connection or an indirect connection through an intermediate medium; and they can refer to the internal connection of two components. Those skilled in the art will understand the specific meaning of the above terms in this invention based on the specific circumstances.
[0042] The present invention will now be described in detail with reference to the accompanying drawings and embodiments.
[0043] Example 1:
[0044] like Figure 1 , 3 As shown, this invention provides a CPU card security vulnerability detection method based on side-channel communication analysis, comprising the following steps:
[0045] Step 1: Radio Frequency Signal Sniffing and Raw Data Packet Capture
[0046] By deploying the sniffing device's RF antenna close to the effective communication area between the card reader and the CPU card, and issuing a sniffing start command to the sniffing device, the device enters passive listening mode, completely recording all RF signals during the communication process between the two, including the RF commands sent by the card reader in corrected Miller encoding and the RF responses returned by the CPU card in Manchester encoding. This accurately captures complete raw data packets containing the UID (Unique Card Identifier), random number, encrypted authentication information, and protocol interaction commands, providing fundamental data support for subsequent data processing and security analysis.
[0047] Step 2: Raw data processing based on the triple-clue filtering method.
[0048] Ideally, all sniffed raw data is undistorted, and each data packet is successfully transmitted to the application layer. The data structure then consists of standard ISO14443A protocol exchange data and standard ISO7816-4 protocol APDU command exchange data, such as... Figure 2 As shown.
[0049] However, during actual sniffing, factors such as environmental interference, electromagnetic noise, and communication distance can easily lead to problems like data fragmentation, byte errors, and missing frame structures in the raw data packets, making them unsuitable for direct security analysis. Therefore, a triple-clue filtering method is used to repair, filter, and extract features from the raw data. Simultaneously, machine learning is combined to achieve self-optimization and iteration of the method, ultimately obtaining complete and effective interaction data and core feature factors. This method relies on the raw data captured by the hardware sniffing device and reprocesses the raw data to support further systematic analysis. The specific process is as follows:
[0050] 1. First Clue Processing: Create a first clue data container. Using REQA (card search instruction, which is the starting point for every communication interaction between the card reader and the CPU card) as the data segmentation basis, segment the raw sniffing data and store the segmented data packets in the first clue container. Extract the interaction count feature value for each data packet, sort all data packets in the container in descending order of interaction count, and select at least two complete data packets with the largest interaction count. Verify sequentially starting from the first packet. First, verify the ISO14443A protocol interaction part (including 4 interaction groups and 8 data packets). Verify its protocol compliance based on data length matching rules, instruction semantic legality, and data check code verification rules. If it meets the protocol requirements, extract radio frequency layer feature factors such as UID, communication configuration parameters, and ATS (acknowledgment selection) response. Then, verify the ISO7816 protocol APDU instruction interaction part and extract application layer instruction feature factors such as CLA (instruction type), INS (instruction code), P1 parameter, and P2 parameter.
[0051] 2. Second Clue Processing: Create a second clue data container, analyze all raw sniffing data packet by packet in timestamp order, and remove invalid data packets with byte errors or frame structure corruption by using the built-in check bits of the data packets; perform precise feature value matching between the filtered valid data packets and the data packets in the first clue container. If the match is successful, the packet is discarded directly (no new valid features are added). If the match fails, it is determined that there are missing features in the interaction data of the first clue container, and the new feature factors of the data packet are extracted and stored in the second clue container.
[0052] 3. Third Clue Processing: If the second clue data container is not empty, merge it with the first clue data container to generate the third clue data container, integrate all valid feature factors, and form a complete interactive data feature set; if the second clue data container is empty, it indicates that the first clue data container has contained all valid feature factors, and the first clue data container is directly used as the final feature set; compare and analyze multiple packets of valid interactive data, extract random number feature factors, and prepare for subsequent security analysis.
[0053] 4. Machine Learning Optimization: The interaction data features between CPU cards from different manufacturers and models and access control terminals are used as training materials and input into the machine learning model. This allows the model to learn and deeply understand the communication interaction logic, protocol execution rules, and feature factor distribution patterns of various CPU cards, generating targeted data analysis models. When the second-clue data container is not empty, the model can accurately determine the insertion position of newly added feature factors in the complete interaction data based on the learned interaction logic, improving the accuracy and efficiency of data processing. With increased usage, the model's learning and understanding capabilities and feature matching accuracy continuously improve, and the application effect of the triple-clue filtering method is continuously optimized, forming a positive feedback iterative mechanism to adapt to the CPU card data processing needs of different scenarios.
[0054] The model adopts an ensemble learning model based on decision trees (XGBoost), which combines lightweight computation with high feature matching accuracy. It is compatible with the ARM processor hardware computing environment of the detection tool and does not require independent GPU computing power.
[0055] The input features include three main categories and a total of 18 feature factors: radio frequency layer features (UID, communication configuration parameters, ATS response data, number of interactions), application layer features (CLA command type, INS command code, P1 / P2 parameters, APDU command length), and data quality features (data packet integrity, checksum pass rate, timestamp interval).
[0056] The training methods include: ① Offline pre-training: collecting interaction data between different models of CPU cards and card readers from mainstream manufacturers (Huada, Fudan Microelectronics, ChipON Microelectronics, etc.), constructing a standardized training set, completing model pre-training, and solidifying the basic detection model; ② Online incremental learning: every time the detection tool completes a CPU card detection, it automatically adds the collected interaction logic materials (including feature factors and data processing results) to the training set, and completes incremental training of the model through mini-batch gradient descent to update the model parameters.
[0057] Step 3: Interactive Data Security Analysis Based on Feature Factors
[0058] First, a standardized APDU instruction database is built, containing all standard APDU instructions and characteristic parameters specified in the ISO7816-4 protocol. The APDU characteristic factors in the third-party data container are then polled and precisely matched against the database to verify whether they are standard APDU instructions. Finally, based on the matching results, in-depth security analysis is conducted according to different scenarios.
[0059] 1. If the matching result is a standard APDU instruction, further check whether there is a two-way authentication mechanism between external authentication and internal authentication in the communication process between the CPU card and the card reader. If there is no two-way authentication mechanism, directly output the security analysis result and determine that the CPU card has a security vulnerability of authentication deficiency.
[0060] 2. If a two-way authentication mechanism exists during communication, or if the APDU instruction matching result is a non-standard instruction, extract the random number R and ciphertext C from the interactive data. Since the encryption key and encryption algorithm of the CPU card and card reader are unknown during the detection process, the correctness of the encrypted data cannot be verified in a positive direction. Therefore, security analysis is carried out from two core dimensions: random number property analysis and encryption correlation analysis between random number R and ciphertext C, to verify the randomness of the random number and the security of the encryption algorithm.
[0061] (1) Analysis of the properties of random numbers
[0062] By using two methods—entropy estimation and linear complexity analysis—we verify the randomness and unpredictability of random numbers from both information theory and algorithmic perspectives, and determine the security level of the random number generator.
[0063] Entropy estimation methods specifically include:
[0064] From an information theory perspective, the "uncertainty" of random numbers is measured by the entropy value. The higher the entropy value, the stronger the unpredictability and the higher the security of the random numbers. The specific implementation process is as follows:
[0065] The formula for Shannon's entropy is:
[0066]
[0067] Wherein, P(x i ) is a specific value x i The probability of occurrence, log2 represents the base 2, therefore the unit of entropy is bits.
[0068] Assume the random number is 1 byte (8 bits) of data. There are 256 possible values from 0x00 to 0xFF. Calculate the empirical probability by counting the number of times each value appears in the N samples captured during the detection process.
[0069]
[0070] The Shannon entropy value of random numbers is calculated based on the Shannon entropy formula. Under an ideal uniform distribution, the entropy value is 8 bits. If the actual calculated entropy value is less than 8 bits, it indicates that the random number distribution is uneven and predictable. The lower the entropy value, the stronger the predictability.
[0071] The minimum entropy is used for secondary verification, based on the formula.
[0072]
[0073] Where P max It represents the probability of the value with the highest probability of occurrence. The lower the minimum entropy, the less unpredictable the random number, and the higher the risk of it being cracked by an attacker.
[0074] Linear complexity analysis methods specifically include:
[0075] Suppose that random numbers are generated by a common hardware structure—a linear feedback shift register (LFSR). The Berlekamp-Massey algorithm (BM algorithm) is used to analyze the LFSR. Given a binary sequence, the algorithm finds the shortest LFSR (including its order L and feedback polynomial) that can generate the sequence.
[0076] The mathematical model of LFSR is: the next output bit Sn is a linear combination of the previous L bits, that is:
[0077]
[0078] The addition here is performed over a binary finite field (i.e., the XOR operation).
[0079] Linear complexity analysis includes the following steps:
[0080] Step 1: Data Collection. Capture the continuous random binary sequences sent by the CPU card during multiple communications. .
[0081] Step 2: Run the BM algorithm. Input the sequence into the algorithm, and it will iteratively calculate and try to fit the sequence with increasingly longer LFSRs.
[0082] Step 3: Obtain the linear complexity profile. The algorithm outputs two key results:
[0083] Linear complexity L: The order of the shortest LFSR that can generate this sequence.
[0084] Feedback polynomial C(x): A mathematical expression describing the tap position of the LFSR.
[0085] After the algorithm runs, it outputs two core results: the linear complexity L (order) of the shortest LFSR that can generate the sequence and the feedback polynomial C(x). If the linear complexity L is less than 1 / 4 of the sequence length, or if L grows slowly during the fitting process and eventually stabilizes at a small value, it indicates that the random number generator is based on the LFSR design and has significant algorithmic defects, making it extremely vulnerable to being cracked by attackers. An ideal truly random sequence has a linear complexity L of about half the sequence length and is highly unpredictable.
[0086] (2) Correlation analysis between random number R and ciphertext C
[0087] By using two methods—linear correlation coefficient and mutual information measurement, and entropy estimation and distribution consistency test—the security of the encryption algorithm is verified from three perspectives: linear dependence, overall dependence, and distribution characteristics, to determine whether the ciphertext C has an inappropriate dependency relationship with the random number R.
[0088] The linear correlation coefficient and mutual information measurement methods specifically include:
[0089] In an ideal strong encryption algorithm, the ciphertext C should be independent of the random number R, with their linear correlation coefficient approaching 0 and mutual information I(R;C)=0. If the encryption algorithm is linear, or if there are linear residuals in the encryption process due to implementation defects, then there will be a significant linear dependence between the two, and the linear correlation coefficient will be non-zero. If there is a non-linear dependence, the mutual information will be greater than 0, and the higher the mutual information value, the stronger the dependence.
[0090] The Pearson correlation coefficient is used to measure the linear dependence between the two, and the mutual information formula is used to measure their overall dependence. Wherein:
[0091] Pearson correlation coefficient (for numerical series):
[0092]
[0093] Mutual information (for discrete random variables):
[0094]
[0095] Where p(r,c) is the joint probability distribution, and p(r) and p(c) are the marginal distributions.
[0096] The correlation coefficient and mutual information cannot be directly calculated from a single pair (R,C). Therefore, the random number R and the ciphertext C are divided into multiple sub-blocks by bytes or bits for statistical analysis. The correlation coefficient and mutual information of the corresponding bytes / bits are calculated. If the correlation coefficient is significantly non-zero, it indicates that there is a linear dependency between the two. If the mutual information is greater than 0, it indicates that there is a non-linear dependency between the two. In both cases, the encryption algorithm is judged to have a security flaw.
[0097] Entropy estimation and distribution consistency testing methods specifically include:
[0098] A secure encryption algorithm should output ciphertext that is statistically indistinguishable from a random number; that is, the entropy of C should be close to its theoretical maximum value, and its distribution should not differ significantly from a uniform distribution. If the encryption algorithm is simple (such as directly using R as the key to encrypt fixed plaintext) or has statistical flaws, the distribution of C may deviate from a uniform distribution, leading to a decrease in entropy. By comparing the entropy and distribution characteristics of R and C, it can be determined whether C maintains the expected randomness.
[0099] Entropy H(X) measures the uncertainty of a random variable; the lower the entropy value, the more regular the data. The chi-square test is used to verify whether the observed distribution conforms to the theoretical uniform distribution. If the chi-square value is too large (corresponding to a very small p-value), the uniformity hypothesis is rejected, suggesting that C may be generated by a deterministic process.
[0100] Calculate the entropy values of the random number R and the ciphertext C using the Shannon entropy formula, and compare the differences between the two entropy values; verify the uniformity of the distribution of the ciphertext C using the chi-square test formula (where O0...). i The observation frequency of each value of the ciphertext C. Here, N is the expected frequency, N is the total number of samples, k is the total number of values, and the degrees of freedom are... );
[0101] Shannon entropy (for discrete variables):
[0102]
[0103] Where p i Let k be the probability of the i-th value, and k be the total number of values (e.g., 256 bytes).
[0104] Chi-square test statistic:
[0105]
[0106] Among them O i Let E be the observation frequency of the i-th value. i =N / k is the expected frequency (N is the total number of samples).
[0107] Capture multiple sets of (R,C) data, or extract multiple bytes of random number R and ciphertext C from a single set of data as samples. Calculate and compare the entropy values of R and C, and the chi-square value of ciphertext C. If the entropy value H(C) of ciphertext C is significantly lower than the entropy value H(R) of random number R, or the chi-square test result of ciphertext C is p<0.05 (rejecting the uniformity hypothesis), it indicates that the randomness of ciphertext C has significantly decreased, there is an improper encryption association between random number R and ciphertext C, and the encryption algorithm has obvious security risks.
[0108] Step 4: Replay Attack Verification
[0109] Triggering conditions: When the security analysis determines that the CPU card has any medium-to-high risk vulnerability among authentication vulnerabilities, random number vulnerabilities, and encryption algorithm vulnerabilities, a replay attack verification will be automatically triggered; if only low-risk vulnerabilities or no vulnerabilities are detected, you can manually choose whether to trigger it according to the detection requirements.
[0110] To verify the security vulnerabilities of the CPU card at the application layer, a replay attack verification was conducted: the complete communication interaction logic between the CPU card and the access control terminal extracted in step 2 (including protocol instructions, feature factors, encrypted data, etc.) was written into a blank CPU card using a dedicated card writing device. The actual card swiping operation between the legitimate CPU card and the card reader was simulated to verify whether the card reader could successfully authenticate and complete the communication interaction. This was to determine whether a replay attack vulnerability existed in the communication process between the CPU card and the card reader.
[0111] Step 5: Output of security analysis results
[0112] By integrating the protocol matching results, random number property analysis results, encryption correlation analysis results, and optional replay verification results from the above steps, and according to the vulnerability classification standards and risk level classification standards, standardized CPU card security vulnerability detection results are generated, which clearly define the vulnerability type, risk level, vulnerability cause, and related data basis, providing precise guidance for subsequent vulnerability remediation.
[0113] The vulnerability categories include:
[0114] Authentication vulnerabilities include: lack of two-way authentication mechanism, missing authentication commands, and logical flaws in non-standard authentication commands.
[0115] Random number vulnerabilities include: excessively low random number entropy, excessively low linear complexity, and uneven distribution of random numbers.
[0116] Vulnerabilities in encryption algorithms include: linear / non-linear dependence between random numbers and ciphertext, and a significant decrease in the randomness of ciphertext.
[0117] Replay attack vulnerabilities: These vulnerabilities can be exploited by copying interaction logic to achieve fake card swiping authentication and lack of replay protection mechanisms.
[0118] Risk level classification includes:
[0119] Authentication vulnerabilities include: lack of two-way authentication mechanism, missing authentication commands, and logical flaws in non-standard authentication commands.
[0120] Random number vulnerabilities include: excessively low random number entropy, excessively low linear complexity, and uneven distribution of random numbers.
[0121] Vulnerabilities in encryption algorithms include: linear / non-linear dependence between random numbers and ciphertext, and a significant decrease in the randomness of ciphertext.
[0122] Replay attack vulnerabilities: These vulnerabilities can be exploited by copying interaction logic to achieve fake card swiping authentication and lack of replay protection mechanisms.
[0123] Example 2
[0124] The detection method of this invention is implemented using a dedicated sniffing detection tool. The hardware requirements for this tool are as follows: ① The radio frequency front-end supports the 13.56MHz band (ISO14443A protocol standard band) with a receiving sensitivity ≤-90dBm; ② The FPGA sampling rate is ≥100MSPS, supporting high-speed filtering, demodulation, and decoding; ③ The ARM processor has a main frequency of ≥1GHz, supporting high-speed data frame assembly and feature extraction; ④ It supports USB 3.0 / Bluetooth 5.0 data transmission to meet the requirements for high-speed uploading of raw data.
[0125] This detection tool incorporates a triple clue filtering module, a machine learning module, a security analysis module, a replay verification module, and a report generation module, enabling full automation from data acquisition to report output. The specific operation process and implementation results are as follows:
[0126] 1. Sniffing Data Acquisition: Deploy the RF antenna of the sniffing detection tool in the communication area between the card reader and the CPU card. Send test commands to the tool through the host computer to start the RF signal sniffing function; operate the CPU card and the card reader to complete at least 10 communication interactions. The tool automatically records and saves all raw RF data packets. After the interaction is completed, upload the raw data to the host computer via USB 3.0.
[0127] 2. Data Processing and Model Learning: The tool calls the triple cue filtering module to segment, filter, and repair the original data packets, extract complete multi-packet interaction data and core feature factors, and save the feature factors to the data container; at the same time, the interaction logic material is automatically transferred to the machine learning module to complete the iterative learning and optimization of the model and improve the adaptability of subsequent data processing.
[0128] 3. In-depth security analysis: The tool calls the security analysis module, first polling and matching APDU feature factors with the built-in standardized APDU instruction database, and then sequentially completing random number property analysis (entropy estimation + linear complexity analysis) and encryption correlation analysis between random numbers and ciphertext (linear correlation coefficient + mutual information + chi-square test), automatically identifying potential security risks and initially determining the vulnerability type and risk level;
[0129] 4. Replay Attack Verification: The tool calls the replay verification module, generates standardized card writing data based on the extracted CPU card communication interaction logic, and writes the data to a blank CPU card through a dedicated card writing device; uses the blank card and a card reader to perform actual card swiping tests, records the card swiping authentication results, verifies whether there is a replay attack vulnerability, and corrects the vulnerability risk level.
[0130] 5. Detection Document Generation: The tool calls the report generation module, integrates all detection data, analysis process, verification results and vulnerability judgment criteria, and automatically generates standardized CPU card security vulnerability detection documents. The documents include detection object information, detection environment, data processing results, security analysis details, vulnerability list, risk assessment, remediation suggestions, etc., and support document export and archiving.
[0131] This method enables passive detection of the entire communication process between CPU cards and card readers from different manufacturers and models. It can effectively identify various security risks such as authentication failures, random number generator defects, encryption algorithm vulnerabilities, and replay attacks. The detection process does not require contact with the internal hardware / software of the CPU card and card reader, has no signal transmission, and does not interfere with normal communication. The detection efficiency is more than 80% higher than traditional methods, and it is suitable for the security detection needs of industrial-grade and civilian-grade CPU cards.
[0132] The above description is merely a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.
Claims
1. A method for detecting CPU card security vulnerabilities based on side-channel communication analysis, characterized in that: Includes the following steps: Step 1: RF signal sniffing and raw data packet capture: Deploy the sniffing device in the communication area between the card reader and the CPU card to passively listen to and capture the RF signals between the two, and obtain the raw data packets containing UID, random number, encrypted authentication information, and protocol interaction instructions; Step 2: Raw data processing based on triple cue filtering method: Repair, filter, repair and feature extraction of the sniffed raw data packets to generate complete interactive data and core feature factors; Step 3: Interactive data security analysis based on feature factors: Perform protocol matching, random number property analysis and encryption correlation analysis on the extracted feature factors to identify security vulnerabilities; Step 4: Security Analysis Results Output: Integrate the analysis results from each step to generate standardized CPU card security vulnerability detection results.
2. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 1, characterized in that: The radio frequency signals include radio frequency commands sent by the card reader in Miller encoding and radio frequency responses returned by the CPU card in Manchester encoding.
3. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 1, characterized in that: The triple cue filtering method in step 2 specifically includes: First clue processing: Create a first clue data container, segment the raw data based on REQA instructions, filter out the complete data packets with the most interactions, verify the compliance of ISO14443A protocol and ISO7816-4 protocol APDU instructions, and extract RF layer feature factors and application layer instruction feature factors. Second clue processing: Create a second clue data container, analyze the raw data packet by packet in time stamp order, remove invalid data packets, perform feature matching between the valid data packets and the data in the first clue data container, extract new feature factors and store them in the second clue data container; Third clue processing: merge the first clue data container and the second clue data container to generate a complete interactive data feature set.
4. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 3, characterized in that: Step 2 further includes a machine learning optimization step: using the interaction data features of CPU cards from different manufacturers and models with access control terminals as training materials, inputting them into the machine learning model, and generating a data analysis model; when the second clue data container is not empty, the model determines the insertion position of the newly added feature factor in the complete interaction data based on the learned interaction logic.
5. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 4, characterized in that: The machine learning model adopts an ensemble learning model based on decision trees. The input features include radio frequency layer features, application layer features, and data quality features. The training methods include offline pre-training and online incremental learning.
6. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 1, characterized in that: The random number property analysis in step 3 includes: Entropy estimation: Calculate the Shannon entropy and minimum entropy of random numbers to assess the unpredictability of random numbers; Linear complexity analysis: The Berlekamp-Massey algorithm is used to calculate the linear complexity and feedback polynomial of the random number sequence to determine whether the random number generator has any algorithmic defects.
7. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 1, characterized in that: The encryption correlation analysis in step 3 includes: Linear correlation coefficient and mutual information measure: Calculate the Pearson correlation coefficient and mutual information between random numbers and ciphertext to determine whether there is a linear or non-linear dependency between them; Entropy estimation and distribution consistency test: Calculate the Shannon entropy of the random number and the ciphertext respectively, and perform a chi-square test on the ciphertext to determine whether the randomness of the ciphertext has decreased significantly.
8. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 1, characterized in that: The method also includes replay attack verification: the communication interaction logic extracted in step 2 is written into a blank CPU card, and a legitimate card is simulated for actual card swiping test to verify whether a replay attack vulnerability exists.
9. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 8, characterized in that: The replay attack verification is triggered when step 3 determines that the CPU card has any one of the medium-to-high risk vulnerabilities, such as authentication vulnerabilities, random number vulnerabilities, or encryption algorithm vulnerabilities.
10. The CPU card security vulnerability detection method based on side-channel communication analysis according to claim 1, characterized in that: The security analysis results output in step 4 include vulnerability classification and risk level division: Vulnerability categories include: authentication vulnerabilities, random number vulnerabilities, encryption algorithm vulnerabilities, and replay attack vulnerabilities; Risk levels include: high risk, medium risk, and low risk.