Zaɓi Harshe

Binciken Tsaro na Biyan Kuɗi ta NFC: Hare-haren Wormhole da Maganganun Rigakafi

Binciken fasaha na raunin biyan kuɗi ta hanyar Sadarwa ta Kusa (NFC), mai mai da hankali kan hare-haren wormhole akan Apple Pay da Google Pay, tare da shawarwarin tsaro da aka gabatar.
contact-less.com | PDF Size: 0.4 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Binciken Tsaro na Biyan Kuɗi ta NFC: Hare-haren Wormhole da Maganganun Rigakafi
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Binciken Tsaro na Biyan Kuɗi ta NFC: Hare-haren Wormhole da Maganganun Rigakafi

1. Gabatarwa

Sadarwa ta Kusa (NFC) ta kawo sauyi mai girma ga hulɗar mara waya ta ɗan gajeren nisa, musamman a cikin biyan kuɗi mara lamba. Duk da yake ana yabanta saboda saukinsa da tsaron da ake ganin yana da shi saboda buƙatar kusanci, wannan takarda tana bayyana muhimman raunuka. Marubutan suna ƙalubalantar zaton cewa kusancin jiki yayi daidai da tsaro, suna nuna "harin wormhole" wanda zai iya ketare wannan ƙuntatawa ta asali. Tare da hasashen cewa za a yi ciniki sama da dala biliyan 190 ta hanyar masu amfani miliyan 60 nan da shekara ta 2020, fahimtar waɗannan kurakurai ba na ilimi ba ne—yana da mahimmanci na kuɗi.

2. Fasahohin Biyan Kuɗi na Asali

Don fahimtar tsaron NFC, takardar ta fara bincika tsarin da aka riga aka yi, tana nuna raunansu na asali a matsayin ma'auni don kwatanta.

2.1 Katunan Magnetic Stripe

Katunan magnetic stripe suna adana bayanai masu tsayawa, waɗanda ba a ɓoye su ba akan waƙoƙi uku. Wannan ƙirar ba ta da tsaro sosai, kamar "rubutun hannu akan takarda." Takardar ta yi cikakken bayani game da harin tabbatar da ra'ayi inda masu bincike daga MIT suka musanya bayanan waƙoƙi tsakanin katunan ID, suna nuna sauƙin kwafi da kuma kwaikwayi. Tare da na'urorin zazzagewa waɗanda ke da ƙaramin farashi kamar dala 20 kawai, waɗannan katunan ba su da ɗan tsaro kaɗan, wannan aibi ana amfani da shi sosai a cikin zamba na ATM.

3. Bayyani Game da Fasahar NFC

NFC tana aiki a 13.56 MHz, tana ba da damar sadarwa a cikin kusan cm 10. Tana goyan bayan hanyoyi uku: mai karatu/marubuci, tsakanin abokan aikinta, da kuma kwaikwayon kati. Don biyan kuɗi, yanayin kwaikwayon kati yana da mahimmanci, yana ba da damar wayar hannu ta zama katin wayo mara lamba. Fasahar ta ginu akan ƙa'idodin RFID (ISO/IEC 14443, 18092) amma ta gabatar da ƙarin ƙa'idodi masu sarƙaƙiya don amintattun ma'amaloli.

4. Tsarin Tsaro na Biyan Kuɗi ta NFC

Tsarin zamani kamar Apple Pay da Google Pay suna amfani da tsarin ƙirƙira alamar. Ainihin Lambar Asusun Farko (PAN) ana maye gurbinsa da Lambar Asusun Na'ura (DAN) ko alamar da aka adana a cikin abu mai tsaro (SE) ko Kwaikwayon Kati na Mai Masaukin baki (HCE). Ana ba da izinin ma'amaloli ta hanyar cryptogram mai ƙarfi, wanda ya sa su fi tsaro fiye da magstripes masu tsayawa. Duk da haka, tsaron tashar sadarwar rediyo (RF) da kanta ya kasance madaidaicin mahaɗin rauni.

5. Samfurin Barazana & Hanyoyin Kai Hari

Takardar ta gano babban rauni: rashin ƙaƙƙarfan tabbatar da asali a lokacin ma'amala. Kasancewar mai amfani ana ƙididdige shi kawai ta hanyar kusancin na'ura da kuma buɗe bayanan halittar mutum (wanda ƙila ya faru mintuna da suka gabata). Wannan yana haifar da dama don harin mika sako ko "wormhole," inda ake kama sadarwar NFC kuma ake mika ta a kan nisa mai nisa (misali, intanet) zuwa tashar maƙaryaci.

6. Harin Wormhole: Hanyoyi & Sakamako

Babban gudummawar marubutan shine aiwatar da harin wormhole mai amfani. Harin yana buƙatar na'urori biyu: mai karatu na wakili da aka sanya kusa da wayar hannu wanda aka azabtar (misali, a cikin wuri mai cunkoso) da kuma katin wakili kusa da tashar biyan kuɗi halatta. Waɗannan na'urorin suna mika siginonin NFC a ainihin lokacin, suna haifar da "wormhole" wanda ke yaudarar tashar ta gaskanta cewa wayar hannu wanda aka azabtar tana nan a zahiri.

Muhimmin Binciken Gwaji

An nuna harin cikin nasara akan duka Apple Pay da Google Pay, wanda ya haifar da biyan kuɗi mara izini daga asusun masu bincike da kansu a wurare masu nisa da wurin harin.

7. Shawarwarin Tsaro

Takardar ta ba da shawarar matakan rigakafi da suka fi mayar da hankali kan karya tashar mika sako:

  • Ƙa'idodin Iyakance Nisa: Aiwatar da ƙa'idodin ɓoyayyen bayanai waɗanda ke auna lokacin dawowa na musayar ƙalubale da amsa don iyakance nisan sadarwa a zahiri. Wani gwajin sauƙi da aka gabatar ya haɗa da auna lokacin yaduwar siginar $t_{prop}$ da kuma tabbatar da cewa ya gamsar da $t_{prop} \leq \frac{2 \cdot d_{max}}{c}$, inda $c$ shine saurin haske kuma $d_{max}$ shine matsakaicin nisan da aka yarda (misali, cm 10).
  • Tabbatar da Asali na Mahallin: Yi amfani da na'urori masu auna wayar hannu (GPS, hasken muhalli, Bluetooth) don ƙirƙirin yatsan mahallin wurin ma'amala kuma a buƙaci daidaito tsakanin mahallin wayar hannu da wurin da ake zaton tashar tana ciki.
  • Tabbatar da Ma'amala da Mai Amfani Ya Fara: Buƙatar aiki na zahiri, na baya-bayan nan na mai amfani (misali, danna maɓalli a cikin app ɗin biyan kuɗi) nan da nan kafin sadarwar RF ta fara.

8. Fahimtar Masanin Bincike na Asali

Fahimta ta Asali: Kuskuren asali na masana'antu shine haɗa kusanci da tabbatar da asali. An ƙera tsarin biyan kuɗi na NFC tare da samfurin barazana daga zamanin magstripe—hana zazzagewa ta zahiri—amma sun kasa hasashen hare-haren mika sako masu amfani da hanyar sadarwa waɗanda ke ƙirƙira kusanci. Abu mai tsaro yana kare bayanai a lokacin hutawa, amma tashar RF ita ce sabon wurin kai hari.

Tsarin Ma'ana: Hujjar takardar tana da ma'ana mai lalacewa. 1) Tsarin da aka gada (magstripes) sun lalace saboda bayanai masu tsayawa. 2) NFC tana inganta wannan tare da cryptograms masu ƙarfi. 3) Duk da haka, tabbatar da asalin niyya da kasancewar mai amfani har yanzu yana da rauni. 4) Saboda haka, ana iya ramowa tashar RF. 5) Harin mu na wormhole ya tabbatar da haka. Wannan ba karyewar ɓoyayyen bayanai mai sarƙaƙiya ba ne; yana da kyakkyawan amfani da makafin ƙirar tsarin.

Ƙarfi & Kurakurai: Ƙarfin takardar shine gwajin ta na zahiri, tabbatar da ra'ayi akan manyan tsarin kasuwanci. Yana motsa hare-haren mika sako daga ka'ida zuwa aiki. Duk da haka, kuskurenta shine mai da hankali sosai kan wurin siyarwa. Ba ta ba da muhimmanci ga rawar tsarin gano zamba na baya da masu bayarwa ke amfani da su (kamar waɗanda aka kwatanta ta hanyar samfuran haɗarin Visa) waɗanda ƙila su yi alama ga ma'amaloli marasa al'ada bayan haka, kuma ba ta ƙididdige wahalar aiki na sanya mai karatu na wakili a ɓoye ba. Duk da haka, ƙa'idar ta tsaya: tabbatar da asali na gaba bai isa ba.

Fahimta Mai Aiki: Ga manajoji samfura: ba da umarnin binciken iyakance nisa don ƙarni na gaba na kayan aiki. Ga masu haɓakawa: aiwatar da gwaje-gwajen mahallin da aka ba da shawarar yanzu ta amfani da na'urori masu auna da suke akwai. Ga masu amfani: ku san cewa barin wayar ku a buɗe a cikin jama'a yana ƙara haɗari. Ga masu tsari: yi la'akari da ƙa'idodin da ke ba da umarnin tabbatar da ma'amala mai iyakacin lokaci, kama da ma'anar EMV na guntu-da-PIN amma don hanyar haɗin mara waya. Gyaran yana buƙatar sauyi daga "bayanan amintattu" zuwa "mahallin amintacce."

9. Cikakkun Bayanai na Fasaha & Samfurin Lissafi

Harin wormhole yana amfani da daidaitawar lokaci a cikin NFC. Samfurin sauƙaƙa na jinkirin harin ($\Delta_{attack}$) shine:

$\Delta_{attack} = \Delta_{proxy\_process} + \frac{d_{relay}}{c_{medium}}$

Inda $\Delta_{proxy\_process}$ shine jinkirin sarrafawa a na'urorin wakili na maƙaryaci, kuma $\frac{d_{relay}}{c_{medium}}$ shine jinkirin yaduwa akan matsakaicin mika sako (misali, intanet). Don harin mai nasara, dole ne $\Delta_{attack}$ ya zama ƙasa da ƙimar lokacin tasha na tashar $\tau_{terminal}$. Tashoshin yanzu suna da lokacin jira mai karimci ($\tau_{terminal}$ sau da yawa > 100ms), suna ba da damar mika sako mai girman intanet. Ƙa'idar iyakance nisa za ta tilasta babban iyaka mai tsauri bisa saurin haske $c$ don kewayon cm 10 da ake tsammani:

$\tau_{max} = \frac{2 \cdot 0.1\,m}{3 \times 10^8\,m/s} \approx 0.67\,ns$

Wannan buƙatun lokaci na nanosecond shine abin da ke sa iyakance nisa na aiki ya zama ƙalubale mai mahimmanci na ƙira na kayan aiki da ƙa'ida.

10. Sakamakon Gwaji & Bayanin Chati

Hoto na 1 (daga PDF): Hoton hagu yana nuna mai bincike (Dennis) yana zazzage katin MIT da aka gyara a wurin mai karatu. Hoton dama yana nuna tashar nuni tana gabatar da hoto da bayanan asusun wani mutum daban (Linda). Wannan yana nuna a zahiri nasarar kwafin magstripe da harin kwaikwayi, yana kafa raunin ma'auni.

Sakamakon Harin Wormhole da Ake Nufi: Duk da yake rubutun PDF bai haɗa da takamaiman chati don harin NFC ba, an bayyana sakamakon. Babban sakamakon shine kashi 100% na nasara a cikin gwaje-gwajen da aka sarrafa don ƙaddamar da ma'amaloli ta hanyar wormhole. Ma'auni mai mahimmanci shine ikon kammala biyan kuɗi a Tasha B yayin da wayar hannu wanda aka azabtar ke kusa da Wakilin A kawai, tare da adadin ma'amala da cikakkun bayanan ɗan kasuwa suna cikin ikon mai kai hari a Tasha B.

11. Tsarin Bincike: Nazarin Lamari

Lamari: Tantance Sabon Samfurin Biyan Kuɗi ta NFC

Mataki na 1 - Tabbatar da Asali na Tashar: Shin ƙa'idar tana da tsarin don tabbatar da kusancin jiki na ɓangarorin da ke sadarwa? (misali, iyakance nisa, kewayon ultra-wideband). Idan a'a, yi alama "Babban Haɗari" don hare-haren mika sako.

Mataki na 2 - Haɗin Mahallin: Shin ma'amalar tana ɗaure ta hanyar ɓoyayyen bayanai zuwa mahallin da mai amfani ya tabbatar da shi na baya-bayan nan? (misali, daidaitawar GPS da abu mai tsaro ya sanya hannu bayan tabbatar da asalin halittar mutum na baya-bayan nan). Idan a'a, yi alama "Matsakaicin Haɗari" don ƙaddamar da ma'amala mara nema.

Mataki na 3 - Niyyar Ma'amala: Shin akwai aiki na zahiri, na nan take na mai amfani da ake buƙata don wannan takamaiman ma'amala? (Danna maɓallin gefe sau biyu + kallo don Apple Pay yana da kyau, amma ana iya inganta shi). Yi maki bisa jinkiri tsakanin tabbatar da asali da sadarwar RF.

Aikace-aikace: Yin amfani da wannan tsarin ga tsarin da ke cikin takardar, duka Apple Pay da Google Pay za su yi maki mara kyau akan Mataki na 1, matsakaici akan Mataki na 2, kuma da kyau akan Mataki na 3, suna bayyana hanyar harin mai nasara.

12. Aikace-aikace na Gaba & Hanyoyin Bincike

Raunin da aka gano yana da tasiri fiye da biyan kuɗi:

  • Sarrafa Shiga ta Jiki: Makullin ƙofofi na tushen NFC suma suna da saukin kamuwa da hare-haren wormhole, suna ba da damar "biye da wutsiya ta zahiri." Tsarin gaba dole ne su haɗa UWB don kewayon amintacce.
  • Makullin Dijital na Motoci: Ƙa'idodi kamar CCC Digital Key 3.0 sun riga suna motsawa zuwa UWB/BLE don daidaitawar wuri daidai don hana hare-haren mika sako don shiga mara aiki da farawa.
  • Asali da Takaddun Shaida: Lasisin tuƙi na dijital da fasfo da aka adana akan wayoyin hannu suna buƙatar tabbaci mafi girma. Bincike kan "kusanci marar amana" ta amfani da haɗakar na'urori masu auna da yawa (NFC, UWB, lambobin gani na tushen kyamara) yana da mahimmanci.
  • Daidaituwa: Akwai buƙatar gaggawa don ƙa'idodin ISO/IEC ko NFC Forum waɗanda ke ayyana matakan rigakafi na harin mika sako na tilas ga duk aikace-aikacen ma'amala masu daraja.

Gaba yana cikin motsawa daga ƙa'idodin sadarwa zuwa ƙa'idodin tabbatarwa, inda tabbatar da "rayuwa" da "wuri" yana da mahimmanci kamar ɓoyayyen bayanai.

13. Nassoshi

  1. Statista. (2018). Hasashen Ƙimar Ma'amalar Biyan Kuɗi ta NFC ta Wayar Hannu. Hasashen Kasuwar Statista.
  2. Forrest, B. (1996). Tarihin Fasahar Magnetic Stripe. IEEE Annals of the History of Computing.
  3. ISO/IEC 7811. Katunan tantancewa — Fasahar rikodi.
  4. Krebs, B. (2017). Masu Zazzagewa ATM: Jagora don Yadda ake Yi ga Masu Fashin Banki. Krebs akan Tsaro.
  5. Hancke, G. P., & Kuhn, M. G. (2005). Ƙa'idar Iyakance Nisa ta RFID. IEEE SecureComm. [Hukuma ta Waje - Takarda mai mahimmanci akan hare-haren mika sako]
  6. NFC Forum. (2023). Fasahar NFC: Cikakkun Bayanai. Gidan Yanar Gizon NFC Forum. [Hukuma ta Waje - Hukumar Ƙa'idodi]
  7. Tsaro na Dandalin Apple. (2023). Tsaron Apple Pay. Takaddun Hukuma na Apple. [Hukuma ta Waje - Aiwar Mai Sayarwa]
  8. EMVCo. (2022). Cikakkun Bayanai na EMV® Mara Lamba. EMVCo LLC.