stackoom
  简体   繁体   中英

Mifare Desfire symmetric authentication with master key on android

 原文  2016-12-21 22:40:44       android/ authentication/ nfc/ mifare/ encryption-symmetric

Question

I wanted to use the Mifare Desfire chip for product authentication purposes, where the chip would be embedded into products. As such, I am looking for a NFC solution that makes it virtually impossible(or as hard as possible) to clone the chip.

The current solution I had in mind using the Desfire was to use the supported symmetric authentication to have a memory-locked part of the chip where we would store the product information. Then we would create diversified keys, using a master key, UID of the chip, and some metadata and use that diversified key to conduct the symmetric authentication(more information on it can be found here .

Now, the problem lies in the fact that the symmetric authentication has to be done on an android app, meaning we would have to store the master key on the android app or send it over network to a potentially malicious version of the app. So I was wondering if anyone had a suggestion on how to protect the master key or an entirely different authentication solution to prevent chip cloning using the Mifare Desfire or other similar NFC chips.

2 answers

solution1
 0  2017-02-16 16:59:27

There is absolutely no way the master key would be safe in the app.

Instead, use your app only to send the received random number encrypted with the key to your server, and implement the process to decode this info with the master key IN your server, so you can return the response with the new random number encrypted to your app.

Once you are authenticated, you could also send and receive the info to write.

This way you can be sure that your key and the information you handle won't be exposed to anyone.

UPDATE

Since you are using android, then trust me, you are gonna need this library so you can make the validation in the server without getting an 0x1C error (ILLEGAL COMMAND). This error happens when step 2 in authentication is delayed for more than 100 ms.

https://gist.github.com/Thorbear/f7c48e90d3e71bde13cb

Hope this helps anybody with this problem

solution2
 0  2017-02-19 10:44:48

You'll need access to the Secure Element. Depending on your use-case, you might use an external (as in over USB) Secure Element dongle.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Mifare Plus vs Mifare DESfire (Android) Android NFC communication with Mifare DESFire EV1 Android Mifare Classic authentication Key A not working How well does the Android NFC API support Mifare Desfire? Using Mifare DESFire for authenticating with Android app and lock system How can I read (and write) Mifare DesFire Cards with Android Access MIFARE DESFire Card Communication with Mifare DESFire in Delphi Android Mifare Classic authentication fails Mifare Ultralight C Authentication on Android
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM