[SmartcardServices-Users] Store key on NFC tag that is acceptable to sc_auth?

Miller, Timothy J. tmiller at mitre.org
Mon Feb 2 12:05:34 PST 2015 

I don't see anything in the NTAG data sheet that leads me to believe that a login solution based on it would be secure against eavesdropping, cloning, and replay attacks.  We used to call these "barking bar codes" and for security sensitive operations (such as authentication) they are not safe.

If you're OK with that, well, it's your headache not mine.  But I'd never buy one.

Password ACLs controlling memory write operations is not the same as what happens in a smart card.  For secure use, you need--at a minimum--an IC capable of computing a response to a challenge.  Ideally you do this by performing a cryptographic operation using a secret unique to the IC.  In NXP's offerings (quickly poking around their offerings), that probably puts you in the SmartMX line, but you'd need a platform that integrates that IC with and NFC controller (e.g., NXP's PT501)--something like the NXP MIFARE platform.

-- T

> -----Original Message-----
> From: smartcardservices-users-bounces at lists.macosforge.org
> [mailto:smartcardservices-users-bounces at lists.macosforge.org] On Behalf
> Of Henrik Brautaset Aronsen
> Sent: Monday, February 02, 2015 1:42 PM
> To: Yoann Gini
> Cc: smartcardservices-users at lists.macosforge.org
> Subject: Re: [SmartcardServices-Users] Store key on NFC tag that is
> acceptable to sc_auth?
> 
> On 21 Jan 2015, at 12:14, Yoann Gini <yoann.gini at gmail.com> wrote:
> >
> > If the built in pc/sc detect the reader, it’s a good start. It means it’s working
> on the reader side.
> >
> > Now you need to look at your cards. Which NFC chipset do you use? And
> with which TockenD module?
> 
> My chipset is NXP NTAG [1], and it seems I have to develop a TokenD module
> for it.  If I don't find anyone who's already done it, that is.  C++ isn't my
> strongest language, to say the least :)
> 
> > Don’t forget that SmartCards aren’t just storage cards, you have a
> microprocessor and a small system on it to store yours keys and handle the
> secure communication.
> 
> Yeah, it seems I have to get past that, since I only want to use a tag and not a
> full smartcard.
> 
> Thanks for your input!
> 
> Henrik
> 
> [1] http://www.nxp.com/documents/data_sheet/NTAG213_215_216.pdf
> 
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users

More information about the SmartcardServices-Users mailing list