I am making an app using NFC tags and I have to prevent the NFC tag from cloning. I have seen many other NFC tags which when tried to be cloned, shows a pop up message "Cloning is restricted, tag is secured by secret key", I want the same security for my NFC tag.
That depends on what type of tag you use and what level of protection against cloning you want.
NFC tags (as defined by the NFC Forum) have no protection against cloning. Such tags are intended as containers for freely readable data (so called NDEF messages). Anyone could read an NDEF message from one tag and duplicate it to another tag.
Many NFC tags also contain a unique identifier that is pre-programmed by the tag manufacturer and cannot be modified on normal tags. You could use this unique identifier to determine if a tag was issued by you (i.e. you know its id) or forged (i.e. you don't know its id). Instead of using a list of genuine ids, you could also create a digital signature over the tag's id and its data. THat way, you could find out if data and signature are used on a tag with a different unique identifier. However, all data can still be extracted from your tag. Therefore, you should be aware of the fact, that specialized hardware (e.g. Proxmark, etc) and ready-made tags are available where an attacker can change the unique identifier to the value of your tag's id. So this is certainly not perfect cloning protection.
You could use a contactless smartcard/tag that provides communication encryption and shared-key based access control (e.g. MIFARE DESFire). With this approach, you could store data that you do not want an attacker to be able to clone in a key-protected memory area. However, if you want to be able to read that data from within your app (i.e. without having an online backend that directly communicates with the card), you would need to store the key to access the memory area within your app. Consequently, in an offline scenario (i.e. key stored in app), an attacker might be able to extract that key and use it to clone the tag.
You could use a tag/smartcard that contains a secret asymmetric key and provides a command to sign a cryptographic challenge with that key. In that case, in order to verify if the tag is genuine, you could request such a signature from the tag for a random challenge and verify the signature against the tags corresponding public key. This would certainly be the most secure solution as you do not need to store any shared secret within your app. The only ready-made NFC tag solution (that I'm currently aware of) that provides such functionality seems to be Inside Secure's VaultIC. Though you could create one yourself based on the asymmetric crypto functionality of a contactless smartcard (e.g. a Java Card).
Note that for all of the above cloning-protection scenarios you would have to create an app that checks if a tag is genuine or cloned. By default NFC phones only use the information in (1) and therefore do not perform any such checks.
Yes it's possible meanwhile to prevent cloning a Tag.
There is a new tag called the NTAG 413 - which can generate a new NDEF message every single time you tap it. (using AES krypto) This way it's not necessary to have a seperate app installed on your smartphone. You can incorporate the encryption in the URL of a NDEF for example and the host server can encrypt it with the same key. In case of copy the server will recognize it.
Some companies already offer them in different form factors, for key cards (hotels or access). More info can be found in this link but it's german..
https://www.variuscard.com/plastikkarten/chipkarten/nfc-ntag-413-dna/
While the original answer was correct it's getting a little bit out of date. Michael's addition (Oct 10, 17) added the NTAG413. There's now another additional NTAG424 DNA authentication NFC chip, which works in the same way. HID's Trusted Tag works in a similar way and there increasingly others.
Essentially the chips create a new unique code based on a stored key on each tap/scan. Code can be verified from a server.
There is no guaranteed way to restrict the nfc tag from getting clone as all nfc tags are by default . Other apps use secret key with in a nfc tag but that also can be cracked.
Related
What is the general workflow that I would develop to use wristbands equipped with NTAG213 NFC in order to authenticate gym members.
Currently in our database we have a "CardCode" field. In actuality it is named Barcode, but that is because the current method of authenticating is showing a barcode to a scanner that corresponds with a unique member.
Is the general workflow NTAG213 that I would "write" this member identifying information to the tag and then when that member tries to check-in it would attempt to read this field.
My previous experience with radio technology are RFID tags that would come pre-written from manufacturer with a site code and card code. Different vendors have different arrangements of the bits for site code, card code, and parity bits - so you have to know the bit format to read the tags and authenticate the member.
I get the feeling that the NTAG213 works more like a disk, I use a password from the MFG to be able to write to the NTAG213 and my readers use the information to authenticate. I suppose with this type of tech it would be unreasonable to have the MFG to pre-write something? I really don't know what the flow is.
For bonus, any example code with android.nfc would be awesome (I'm targeting Newland Nquire 304 (Android Kitkat 4.4)
Please advise.
A good place to start is the Tag's datasheet
At the low level the tag acts like a 2 dimensional array of memory 4 bytes wide and varying lengths.
As it is NFC Type 2 compliant you can use the NFC standard NDEF data encoding format and various OS's have methods to write NDEF encoded data without you having to worry about fitting the data correctly in to the 2 dimensional memory array.
Most cards come from the factory blank (but some vendors can add data to them for you with a cost).
While NTAG213 usually come from the factory with no password set on them, you have to set your own. The password can be set for write operations or both read and write operations.
The cards can also be made NDEF read-only but I would not recommend that, instead use the password.
How you use them depends on the level of security that is needed (to stop people cloning the cards to share one gym membership) and on if you want customers to read their own tags or if only certain hardware is required to read the tags that is tightly controlled.
Generally I would limit the hardware that can read/write to the tag, then you can set a password on read and write operations.
Then there would be 2 workflows.
New member
Get blank tag
configure the password for read and write
Authenticate with password
format the card for Ndef
Encode the data you want on the card using one or more Ndef records, at minimum, this should be your own Unique ID (Never use the Tag's UID as these are not Unique and can be cloned and are not protected by the password)
Gym checkin
Authenticate with password
Read the data from the Tag (At least the Unique ID you have written to the Tag)
I would recommend you use the ènableReaderMode Android API to tag detection, some code for that at https://stackoverflow.com/a/59397667/2373819
There are a lot of examples out there that use the older Android API enableForegroundDispatch but this is less reliable especially for writing data.
Overall you need to make sure decisions about what you want to store on the Tag and how you want to use it before you can decide how to write the code, otherwise the question is to big to answer in detail.
This is killing me... I am trying to find an NFC/RFID tag that:
Implements encryption and/or cryptographic signing of data sent to the tag such that the tag can be authenticated by the reader. I do not care if the tag attempts to authenticate the reader, and
Is widely supported by Android phones and the standard NFC libraries, and
Stores the cryptographic key(s) in a secure manner (reading it should be impossible after a config fuse is blown).
I do not care what sort of payload can be stored on the tag and I have no use for NDEF messages. I do not care if the encryption used is symmetric or asymmetric. All I want to do is send a bit of data to the tag and have it, using a shared secret, encrypt or sign that data and send it back to the phone, whereupon my code will perform the same function and compare the results with the tag's response to validate the tag.
I have samples of Atmel CryptoRF* tags and while they would probably do most of what I need, they aren't detected properly by the only Android phone I have. The phone dings and I'm filtering for 'android.nfc.action.TECH_DISCOVERED' with the appropriate tech-list entries but I get nothing. Atmel's tech support is worse than useless (because I wasted time asking questions they never bothered to answer). Logcat looks like:
09-04 21:03:53.474 1012-1012/? D/NativeNfcTag: Connect Failed - status = 146
09-04 21:03:53.474 1012-1012/? E/NFCJNI: doDisconnect() - Target already disconnected
I don't see any previous entries suggesting that the tag was ever recognized by Android.
This seems like such a simple, obvious and needed type of tag that it must exist somewhere.
NFCGuy or others - any ideas?
Thanks!
*The Atmel CryptoRF data sheet says the following, which may or may not be helpful in determining whether these things could ever be read by an Android phone:
ISO/IEC 14443-2:2001 Type B Compliant
ISO/IEC 14443-3:2001 Type B Compliant Anticollision Protocol
Mifare Desfire will do what you ask for except for one thing:
Crypto support is not available on API level.
You have to write code that does all the authentication and cryptography and talk to the Desfire tag directly. The Android API provides the tools to do so via the low-level access function IsoDep.transceive. The crypto functions itself can be found in javax.crypto.spec
Unlike other tags with cryptography documentation of the required steps to do authentication and encryption are available on the internet.
I have an app that design personalized tags that, when it is detected by an android phone, launches another app with some content. It all works fine and I know how to make a read only nfc Tag. The problem is, I would like to make a NFC Tag only readable by users of the other app. But I also want , if necessary, modify these tags in order to be rewritten. But I want to prevent from users to do themselves.
that's why a ndef.makeReadOnly() is not appropriate for me..
does anyone can help me ???
It depends somewhat on the exact tags you will be using. The standard NFC Forum tag types for storing NDEF messages that Android supports have no specific functionality defined for this. So the Android API does not provide it either. There is only makeReadOnly(), which in most cases makes the tag irreversibly read-only.
However, when you look at the chips inside the tags that actually implement the required NFC functionality, they often provide more functions. These extra functions may include access control for writing, allowing the chip to be configured like you want.
Some examples (all manufactured by NXP, as I am most familiar with those):
MIFARE Classic: the memory sectors are protected by 2 keys. One key can be configured for read-only, while the other can be used to write the memory. NB: not all Android devices can access these!
MIFARE Ultralight C: can provide additional password protection to prevent overwriting
MIFARE DESFire: multiple authentication keys and access rights can be configured, including read-only access without keys
ICODE SLI(X)-S: can provide additional password protection to prevent overwriting
Most of these tags are generally available for sale on-line. You will have to hunt a bit on the internet to gather all the information on how the configuration has to be done, though. There is PC software available in most cases.
The only 100% way to make NFC tag "read only" is to call makeReadOnly(), but this is irreversible.
You can use "out of the box" solution, like:
do not write data on NFC tag but instead save it locally (if data is limited to one device) or to a server/cloud (if data si global)
link your NFC Tag ID (getByteArrayExtra(NfcAdapter.EXTRA_ID)) with your saved data
when NFC Tag is read get its ID and find proper data via proper source (local or cloud DB)
.. if second app is "third party app" and cannot work with upper soultion, you can register your own NFC reading app (intent with right mimeType filter) and then pass your data (point no. 3) to main app using sendIntent (or similar supported method).
Hope it helps!
I'd like to write data to NFC tags such that I know that when I read it that it actually came from me. I could make the tag permanently read only but that only prevents writing of that particular tag. A bad actor could copy the data and impersonate the tag. How can I prevent this?
I could encrypt the data with my private key and then sign with my public key, which would mean that it definitely came from me and only I could read it. But what stops someone from simply duplicating the data and impersonating that tag.
Is there something unique to each tag that can be read and recorded and cannot be changed and is unique for all tags and all time? I could record that to make sure that tag is one that I've written.
Most NFC tags have a hardware UID that's unique to the tag. For instance, a Mifare Ultralight tag has a 7 byte UID that identifies the tag uniquely. Think of it as similar to a MAC address for your network card.
This UID is read-only and can't be changed after manufacture. If you read the spec for the particular tag, you can see where it's located. For Mifare Ultralight, these 7 bytes are located on the first few pages. See the spec here:
http://www.nxp.com/acrobat_download2/other/identification/M028634_MF0ICU1_Functional_Spec_V3.4.pdf
There's a free android app called NFC Tag Info that I use to poke around the page structure of a tag, as well as find the UID for a tag:
https://market.android.com/details?id=at.mroland.android.apps.nfctaginfo
Someone could still impersonate the UID on a custom card. If you made your own custom card you could include a validation algorithm of some sort that you could send random data to and get an expected response from. But standard tags are very susceptible to impersonation.
So here is my basic motivation for my question obfuscated a little:
I want to track a users loyalty to a particular store. Each store would have a NFC sticker on the register. On purchase the user would use an app on their phone (NFC available of course) and the sticker would send back some code that designates the store.
Now here is my question, one, can I send a simple code back to my application that is then, for example, added to some database? This link, near the bottom, provides a description of 'Content Options' none of which I want. Also, the NFC-Forum specifications don't tell me much (or I'm just not looking in the right place).
Also, how do I actually put this tag/code onto one of these stickers? If I do it myself can I make them read-only?
you can put arbitrary information on the NFC tag - there is no limitation what you can upload and in which format. Think about NFC tags like if they were normal data storage places like e.g. hardrive or CD - to those you can save to them files with arbitrarty format holding the arbitrary content. Same with NFC tags.
Anyway there is recommended NFC Forum standard for the content format called NDEF (NFC Forum Data Exchange Format is a lightweight binary message format designed to
encapsulate one or more application-defined payloads into a single message construct.)
Also for specific data (links, Phone number, calendar event, etc.) there is another recommended NFC Forum standard called RTD (Record Type Definition specifies the format and rules for building standard record types used by NFC Forum application definitions and third parties that are based on the NDEF data format).
So in fact you can use arbitrary data format or NDEF, for the data itself you can follow RTD recommendations or not... It is up to you.
For tag writing you can buy some existing software and USB NFC reader/writer or you can program your own software - this is more difficult, since you must know HW characteristic of tag you would like to use.
All tags allow permanent data locking.
Regards,
STeN
www.mautilus.com, petr.mazanec#mautilus.com
For Android devices, you would create a tag with an so-called Android Application Record (AAR). The AAR contains the package name of your application, and, using a technology called Beam, Android automatically launches your application. You are then free to access the other records contained within the NDEF message, which then probably would contain the id of the shop somehow, and contact your site.
I have tried AAR already and it works, also I have created an NFC Eclipse plugin which would get you up and running in no time, if you have an Android phone and some tag, of course ;-)