A week ago we received from NXP Company new NFC chips with a built-in cryptography for testing. We notified our community on this good news immediately and now our team has drafted a review article for you.
May be, that’s the first time you hear about RFID, or Radio Frequency Identification, however, you have used this technology many times. The majority of RFID tags have already become fully integrated into our everyday life.
RFID tags functioning principle
RFID tags differ not only in form but also in data communication protocols.
How do they work? RFID system is made up of two parts. It’s a tag or a transponder with a compact antenna (usually a printed one) and a reader, a fully-featured device with a big antenna.
At the same time, the tag electronics is usually so simple and low-power that this radiation is often more than enough to supply a microcircuit built in the tag.
Tags are usually broken down by the frequency (band) within which they operate. There are LF (125–134 KHz), HF (13,56 MHz) and UHF (860–960 MHz) bands. In the Russian market, HF band chips are most common.
NFC — tag and smartphone connection
The increasing use of RFID tags was fueled by the development of NFC (Near Field Communication) — a set of standards establishing communication between devices that are brought close to each other. It could be two smartphones. Or a smartphone and a RFID tag. NFC devices are compatible with HF band RFID tags. The only thing is, it should be a smartphone running Android[1] or iOS[2].
Communication protocols on such devices are based on RFID standards including the first generation of ISO 14443 standards. All these standards were developed and promoted on a mass scale with the assistance of NFC Forum non-profit association that was founded in 2004 by NXP, Sony and Nokia.
Short messages like the website address, the e-mail address, the phone number may be programmed into the tag. For instance, you can program a URL: the user brings the smartphone to the tag and the browser opens the web page by following this address.
NFC Forum now describes five types of NFC tags which differ in speed, functionality and resilience to attacks.
Possible hacking attacks
Some tags can be hacked. NFC protocol stack doesn’t imply the use of cryptography in the course of transmission[3]. Standards of data storage in tags and cards and also their emulation do not provide for cryptoprotection during storage. Weak cryptographic algorithms are applied in the implementation of many cards, Smart cards and their emulation.
Now on a big number of NFC smartphones it’s easy to create a card emulation and record random data into it including malicious data: SQL injections, command execution on the server side, etc.
The following NFC attacks are well known and have been well described:
- wiretapping in the course of NFC transmission;
- unauthorized (concealed/invisible for the user) information read-out from NFC devices;
- “lock-attack” — switch of the emulated card/tag to a read-only mode and blocking of information recording by the reader;
- “time-attack” — if the card or service expiration date is written on the card itself, this data can be changed;
- “replay-attack” — information capturing and multiple duplication or application — allows using services, goods or gaining access on behalf of another person;
- “clone-attack” — is similar to the one mentioned above, the attack of NFC devices cloning;
- “relay-attack” — a scam uses two NFC devices, one of them reads data from the victim’s device, transfers the data to the second device, and the second device provides the captured data to the reader and utilizes the service on behalf of the victim;
- Classic attacks on server and infrastructural part of NFC services.
There is a solution!
Chip producers definitely continue advancing towards the improvement of tag protection. For instance, now chips under Mifare DESfire and NTAG DNA series produced by NXP are considered not hacked.
Such tags use different methods against copying and analysis of the recorded information (including the physical level), they have a cryptographic coprocessor, use challenge-response authentication during reading as well as generation of session keys.
A detailed analysis of protection methods for each type of attack will be covered in the next article.
RFID and anti-counterfeit
The concept of radiofrequency identification is a perfect solution in the fight against counterfeit products. Indeed, you just stick a unique tag on a product and here you have identification of an original product. However, in real life the implementation of this scheme features a number of significant details.
Firstly, the system implementation concerns producers. They need, at least, to organize the placement of tags on the package or on the product itself. They also need to organize polygraphic and digital personalization.
Secondly, such systems may also track the product journey that obliges intermediaries between the producer and the distributor to add the information on the product route.
Thirdly, the end consumer should have a technical capacity to verify product authenticity.
Fourthly, if the system implementation is the initiative of the third party towards the producer (for example, the state), it is necessary to provide audit authorities with a technical capacity for verification.
Fifthly, considering that only RFID tags placed on expensive goods are economically viable, scams are also encouraged to try hacking the chip and falsifying it to use for counterfeit products.
NFC and Digmus
Digmus has developed a solution based on all the above-mentioned features, also making sure that the utilization of the system will not influence the final price of the product for the consumer.
So, for example, NTAG 413 DNA (NFCForum type 4), the most recent development by NXP in the area of radiofrequency identification, that not only provides a cryptographic guarantee of product authenticity but also allows doing it via an ordinary mobile phone (even an iPhone in spite of iOS Core NFC limitations) is used as a tag.
Considering the possibilities of guaranteed identification and product tracking on the Digmus system level, the decision to use this functionality also becomes optional. The solution will be based on an economic model of each product for each producer.
Thus, the implementation of NTAG413 DNA cryptographic NFC tags in the Digmus system offers unique opportunities for all the users (from the producer to the end consumer) combining capacities of top global RFID developers and Digmus technical solutions.
LINKS
[1] Android NFC API guide — https://developer.android.com/guide/topics/connectivity/nfc/index.html
[2] iOS Core NFC — https://developer.apple.com/documentation/corenfc
[3] Analysis. NFC security — http://www.securitylab.ru/blog/personal/sborisov/301200.php
