[SmartcardServices-Users] Store key on NFC tag that is acceptable to sc_auth?

Shawn Geddis geddis at icloud.com
Mon Feb 2 12:24:43 PST 2015 

Henrik,

You could write a basic TokenD then which just populates one item as a Key which would be set to the value you get from the ID of that tag.  Then Your Apps could use that Key (Tag ID). Keep in mind Tim’s comments if you think about taking this beyond tinkering.

- Shawn
_____________________________________________________________________
Shawn Geddis				  			        geddis at {Mac | Me | iCloud}.com
Security and Certifications Engineer, Apple                geddis at apple.com

Smart Card Services  Project/Dev Lead:                                                                                 
				Project Wiki:		          [SmartCardServices.MacOSFforge.Org <http://smartcardservices.macosfforge.org/>]
				Mailing Lists:		         [Lists.MacOSForge.Org/mailman/listinfo <http://lists.macosforge.org/mailman/listinfo>]
				SCS Contact:				           [scs-cotact at macosforge.org <mailto:scs-cotact at macosforge.org>]
				SCS Admin:				           [scs-admin at macosforge.org <mailto:scs-admin at macosforge.org>]
_____________________________________________________________________

> On Feb 2, 2015, at 12:16 PM, Henrik Brautaset Aronsen <henrik at synth.no> wrote:
> 
> On 02 Feb 2015, at 21:05, Miller, Timothy J. <tmiller at mitre.org> wrote:
>> 
>> I don't see anything in the NTAG data sheet that leads me to believe that a login solution based on it would be secure against eavesdropping, cloning, and replay attacks.  We used to call these "barking bar codes" and for security sensitive operations (such as authentication) they are not safe.
>> 
>> If you're OK with that, well, it's your headache not mine.  But I'd never buy one.
>> 
>> Password ACLs controlling memory write operations is not the same as what happens in a smart card.  For secure use, you need--at a minimum--an IC capable of computing a response to a challenge.  Ideally you do this by performing a cryptographic operation using a secret unique to the IC.  In NXP's offerings (quickly poking around their offerings), that probably puts you in the SmartMX line, but you'd need a platform that integrates that IC with and NFC controller (e.g., NXP's PT501)--something like the NXP MIFARE platform.
> 
> Hi Timothy,
> 
> Thanks for the input!  I'm totally OK with the security implications.  I'm not doing this for a commercial product, it's merely a hobby project of mine.  If I could get it to just check the NFC ID, that would be perfect.
> 
> Cheers,
> Henrik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20150202/0e0fd9bc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4457 bytes
Desc: not available
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20150202/0e0fd9bc/attachment-0001.p7s>

More information about the SmartcardServices-Users mailing list