Authentication Rings: Part 1
After accidentally reverse-engineering the Tesla Key Card protocol, I started thinking about what things I could make with that information. Many fantasy and sci-fi novels have some concept of a technological/magical artifact that is needed to accomplish some goal to further some plot point: Holy Grail, Sith Wayfinder, Ring of Power, etc. Imagine being able to start your car, open your front door, and log into your bank with the wave of your hand, like magic. That’s what I wanted.
I could now build a custom key card that would work just like an official Tesla Key Card. But, unlike the official single-purpose key cards, I could also add additional applets to it: like an NDEF applet for a NFC business card (or how-to-return-to-owner instructions), Yubico’s OATH applet for keeping track of 2nd factor codes, and a U2F token for signing into Google, Github, Twitter, etc. With a little extra work, I could add Tesla Key Card support to the physical access control system that I have set up with my front door — which would allow me to open my front door with the same key card that opens and starts my car.
Badge cards are fairly convenient for getting into a building at work, but I’m not going to wear a retractable badge holder just to have convenient access to my house and car. Contactless smart cards that aren’t retractable badges are difficult to use for access control because the most straightforward place to store them in a wallet. When you want to open your car or enter your house, you need to take the card out of your wallet first — which is tricky if your hands are already full. You could keep it in your pocket, but then it is even easier to lose. Let’s consider if there are better options:
What about an implant? An implant would be always available and ready to use. You’d never have to worry about it getting lost or being stolen. Plus there is that sci-fi factor of waving you hand and having something wonderful happen. However, I’m not looking to go under the knife just yet. I’d like something a little less permanent, especially while trying to work out the bugs.
What about a ring? A ring could be worn all the time, making it similarly always available and ready to use. While not impossible to lose or steal, it is significantly more difficult than, say, your keys. Unlike the implant it is painlessly reversible, plus we get to keep that cool sci-fi/magic factor. Sounds worth looking into.
When I first heard about contactless smart rings, I wasn’t really interested — the kind of chips being used in most of the rings that were available were cryptographically limited at best and, besides, I didn’t wear jewelry. But with the introduction of the OMNI by NFC|Ring/Mclear, I was starting to re-think that aversion.
OMNI is a beautiful smart ring that contains a Java Card 3.0.1-compatible secure element. It’s made of ceramic, looks great, feels comfortable, and is exceptionally well-tuned for excellent NFC reader range. It seemed perfect, and I was excited to see if I could use it for this project.
Unfortunately, as of the time of this writing, the version of OMNI that is currently available is irreversibly pre-personalized to an incompatible contactless protocol: specifically, it uses 14443 Type B. The Tesla Key Card and FIDO U2F¹ protocols require Type A. This was rather disappointing — OMNI is a beautiful ring that feels great in/on your hand. It would be the ideal ring for this project were it not for the protocol mismatch.
But maybe I could build my own? It wouldn’t be made of ceramic, but perhaps I could build something out of epoxy resin. I had already given some thought to this but figured I didn’t have all of the tools on-hand to do such a build. I imagined needing a lathe and a drill press at least. It turns out the only tool that I needed that I couldn’t make myself was a Vector Network Analyzer, which I needed for coil tuning. I was able to fabricate everything else I needed, from ring molds to coil-winding tools.
Here is the finished product:
And a picture during construction:
This ring contains a NXP P60D144 secure element (J3H145). The secure element came from a combo contact/contactless smart card I purchased from here. The resonant frequency is a little low at 13.2MHz, but that is close enough to 13.5MHz that it performs adequately. It was encapsulated in TAP Plastics Super-Hard Epoxy using a mica-based pigment. It is water proof and drop/shock proof. It doesn’t have nearly the same heft as the OMNI, but it will do until Mclear releases a Type A version.
It currently supports securely peforming the following interactions:
- Opening/Starting Paired Tesla Model 3/Y Vehicles (or anything else that will work with Tesla Key Cards, like my front door)
- Use with Yubico Authenticator for generating OATH codes
- Android/iOS-Compatible FIDO U2F Registration/Authentication
- Short NDEF Business Card
All of these interactions are implemented using open-source software projects, one of which is my own. All have my own modifications to make them more suitable to the form factor(like removing the reset command for ykneo-oath, making ledger-u2f-javacard support iOS, multiple counters, etc).
And, yes, it all works flawlessly on iOS, Android, my car, and my front door. With a little hack, FIDO U2F works great on macOS, too. I can’t make payments with it, but I’ll elaborate in a later post in this series why that might be for the best.
Over the next few weeks I’m going to elaborate on what all went into making this ring, including the theory of operation, threat models, software, and prototype hardware fabrication. As I finish each part I will add a link below. There is a lot to discuss, so I hope you will join me.
Footnotes
¹ This technically isn’t true: I can’t find any FIDO specification that limits NFC authenticators to being of Type A. However, both Android and iOS refuse to use Type B FIDO authenticators—so practically speaking Type A is required.
