摘要
NFC技术,即近距离无线通讯技术,是在RFID技术上发展而来的一项新技术,近年来被广泛应用于移动支付、物联网、数据交流等领域。本文在对NFC最重要的数据交换协议—NDEF协议的研究分析基础上,采用模糊测试的思想,使用ACR122U等工具,设计了一套基于NFC数据交换格式协议的漏洞挖掘系统。详细阐明了此系统的用例构造、自动化测试、异常监控等几大模块的设计方案和实现方法,并介绍了异常监控的方法与实现,还对使用此系统挖掘出的漏洞进行了简要的分析并给出相应建议。
Developed on the base of RFID(Radio Frequency Identification)technology,NFC(Near Field Communication)is a short distance wireless communication technology and has been widely applied in mobile payment,Internet of Things,data exchange and other fields in recent years.Based on the research and analysis of NDEF which is the most important protocol of NFC,a vulnerability mining system is designed in this paper by utilizing the fuzzing test method,ACR122U and other tools.Design and implementation of several major modules in the system are also introduced in detail,including usecase construction,automation test and abnormal monitoring.Moreover,the principle and implementation of the abnormal monitoring are presented.The vulnerabilities mined by the system are briefly analyzed and some suggestions were given for these mined vulnerabilities.
作者
王志强
董宏宇
张健毅
WANG Zhiqiang;DONG Hongyu;ZHANG Jianyi(Beijing Electronic Science and Technology Institute,Beijing 100070,P.R.China;State Information Center,Beijing 100045,P.R.China)
出处
《北京电子科技学院学报》
2018年第4期28-35,共8页
Journal of Beijing Electronic Science And Technology Institute
基金
国家重点研发计划资助(2018YFB1004101)
中央高校基本科研业务费专项资金资助(328201804)
