Search code examples
nfcsmartcardrfidjavacardmifare

NFC smartcard that is impossible to clone

First, I want to apologize. I am complete noob in this area and many of my thoughts are probably misleading.

I need to verify that a user of my app is on a specific place in order to be authirized to perform an action. I want to use NFC for this purpose. The user have to put his smartphone by a NFC tag in order to be authorized to perform the action. Easy but I need it to be reasonably hackerproof. It means that the NFC tag must be impossible to clone without physical damage to the plastics around the NFC chip. It also means that the NFC chip must not contain only static data. The NFC chip must contain an app, that can receive some data (cryptographic challenge) and signs them using secure built-in private key (which must be unreadable through NFC interface). When the user wants to perform the action, he will ask server for the challenge, then he lets the chip to sign it, and then he sends the signed challenge back to the server which will verify the signature using known public key. This should be achievable using NFC JavaCard. But do these NFC JavaCards actually exist? I wasn't able to find a company which would be able to produce such NFC tags for me. When I try to explain my requirements to a NFC tags producer he looks like he has never heard of NFC JavaCards. I have tried about 10 producers without luck.

Can a commonly available chip meet my requirements? I mean a chip from the Mifare familly. I suspect that Mifare DESfire might be able to meet my requirements, but I am not sure.

Feel free to respond with an advertisement, because relevant advertisement is exactly what I look for :)

Solution

  • The answer a was looking for is not a chip which runs a custom code. Although this might be possible it is definitely not the best way to achieve the target.

    I was looking for a solution that enables strong authentication using NFC data. There might be multiple chips that offers this, but probably the most available chip is NTAG 424 DNA TT. It works like this:

    1. The chip has a memory, which is not readable through NFC. Private key is stored there.
    2. The chip has a read counter. It increments everytime the data are read through NFC.
    3. The chip can generate an AES-128 signature of string UID (chip serial number) + counter using the private key in the inaccessible part of the memory.
    4. The chip can dynamicaly inject the data above into a URL that is stored in the readable memory.

    So the solution will be like (I am waiting for delivery of NFC tags right now, so I don't know for sure yet):

    1. Read the tag UID (serial number) and the actual counter value (should be 0 on an unused tag)
    2. Generate the key-pair
    3. Load private key to the chip
    4. Load some data (URL, eg: https://my.app/) to the chip
    5. Store UID, public-key, last-counter on the server
    6. Configure the chip to inject UID, counter, signature to the URL stored on the chip

    When a client reads the data, they should contain required variables, eg: https://my.app/?counter=1&uid=ff:ff:ff:ff&signature=xyz. Then on the server:

    1. Fetch stored info (public-key, last-counter) using uid as a primary key
    2. verifies the signature
    3. verifies the counter that must be > last-counter
    4. stores counter as the last-counter
    5. successfully authorized

    Is anyone able to hack this without reading the hidden memory of the chip which would require physical tampering with the chip?