Ten years ago, we opened our building\'s front door with a badge. Five years ago

Question

Ten years ago, we opened our building's front door with a badge. Five years ago we paid public transports with an RFID card. Today we pay for our bread with the same system and tomorrow we would probably be able to authenticate ourselves with something similar.

Basically, an NFC tag is only a physical support, just as a DVD is. It is easy to imagine how it can be protected against malicious alteration or prevented from being read (i.e. understood) by an unauthorized third party.

However, to prevent it from being cloned as-is (even if encrypted) seems impossible to me.

What prevents me from creating kind of an ISO image of the NFC credit card of my customers, writing it on a blank tag and then using it to buy my cigs?

Explanation / Answer

That depends on what type of tag you use and what level of protection against cloning you want.

NFC tags (as defined by the NFC Forum) have no protection against cloning. Such tags are intended as containers for freely readable data (so called NDEF messages). Anyone could read an NDEF message from one tag and duplicate it to another tag.

Many NFC tags also contain a unique identifier that is pre-programmed by the tag manufacturer and cannot be modified on normal tags because those memory segments are in read-only memory. Such a unique ID could be used to uniquely identify a tag (i.e. to match the ID against some form of database). This approach has been used by many access control systems in the past (and actually still is!). However, all data can still be extracted from the tag. Specialized hardware (e.g. Proxmark, etc) and ready-made tags are often available where an attacker can change the unique identifier. So this is certainly not perfect cloning protection. Nevertheless, some manufacturers still add new cloning protection features that rely on publicly readable (but supposed to be uncopyable) unique identifiers. One such manufacturer is NXP with their signature feature on new NTAG tags. (Basically they add a digital signature over the unique ID to the tag, but nothing prevents an attacker to create a clone that also contains a copy of that static signature.)

Contactless smartcards/tags that provide communication encryption and shared-key based mutual authentication (e.g. MIFARE DESFire) exist. With this approach, cloning could be prevented by protecting certain data on the tag with a secret password. However if an attacker is able to find out that secret password, nothing prevents the attacker from creating a clone of the tag. Many modern access control systems and closed-loop payment systems use such an approach.

Contactless tags/smartcards that contain a secret asymmetric key (that cannot be extracted from the card using the available communication interface) and provide a command to sign a cryptographic challenge with that key exist. Many such smartcards are built upon Java Card technology, so they contain a microcontroller that executes some custom application software (written in Java). Most modern EMV-based credit cards use this type of mechanism to prevent cloning.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.