Security features in compatible with ST25R95 tags.

JCres.1 · ‎2020-02-25

Hello,

We are planing to use ST25R95 in a new product. It's now in a component selection stage, but we have some eval boards and test code already done, so we would like to use this IC.

We need enough security to authenticate tags and prevent tag copying by users. Users reading the tag information is not an issue, as they can't copy the tag.

Well, at this point I found that for doing this an standard tag is not enough, because the security features are tag signed uuid (I can copy the sign and the uuid using "black market tags") and password protected read (is not safe because password is transmitted in plain text).

At this point, I find that I can use some more advanced tags as the NXP propietary Mifare desfire EV2 or Mifare Plus EV1, but, correct me if I'm wrong, I think ST does not provide support for those technologies, so in order to use it, we would have to use an NXP reader/writer.

My question is if you can suggest me a way to achieve what I need. Tag authentication preventing copy, if it's possible with an ST25R95.

Thanks!

Ulysses HERNIOSUS · ‎2020-02-26

Hi,

I was just mentioning the Trust25 approach as it was not clear to me that you had already looked at it.

ST25R readers do support all the frames necessary to talk to Mifare DESFire / Plus. So it is compatible. The implementation of all the commands and cryptography (3DES, AES) is up to the host MCU. Similar as for any other competition NFC frontend. So even when using DESFire you are not bound to use also an NXP reader.

One exception is the Mifare Classic / Crypto 1 stuff which is directly supported by some competition devices. I assume you are not even considering this old technology of Mifare Classic/Plus cards which is now completely broken for more than 12 years.

Regards, Ulysses

View solution in original post

Ulysses HERNIOSUS · ‎2020-02-26

Hi,

I guess you had a look at Trust25 already:

https://www.st.com/content/st_com/en/landing-page/trust25-digital-signature-from-factory-to-consumer.html?icmp=tt12662_gl_lnkon_sep2019

True security using asymmetric cryptography is typically done using smart cards uing e.g. the ST31 family:

https://www.st.com/en/secure-mcus/st31-arm-sc000.html

All the cryptography is done on APDU layer and any ST25R reader will be able to perform the necessary frame exchanges.

Best Regards, Ulysses

JCres.1 · ‎2020-02-26

Hi Ulysses,

About the Trust25, as I read in the document:

https://www.st.com/content/ccc/resource/sales_and_marketing/promotional_material/brochure/group0/d0/48/95/f5/89/7f/48/4a/TruST25_Digital_signature_Authenticity_with_ST25NFC_RFID_tags/files/TruST25_Digital_signature_Authenticity_with_ST25NFC_RFID_tags_brochure.pdf/_jcr_content/translations/en.TruST25...

It says in possible fake cases:

"The tag features a UID assigned to the legitimate manufacturer and embeds a copy of a digital signature issued by the legitimate manufacturer. By verifying the uniqueness of the UID, the reader can readily determine that the UID is a duplicate – hence the tag is a fake."

In this case, how can I verify the uniqueness of the UID? If an user copies the tag content, the UID and the sign to share the access with other person, I think there is not possibility to detect it.

About the ST31, I cannot find PVC cards avalilable in the market with that chipset. Also I understand it uses MIFARE Plus or DESFire, which doesn't seems to be compatible with ST25R95.

Ulysses HERNIOSUS · ‎2020-02-26

Hi,

I was just mentioning the Trust25 approach as it was not clear to me that you had already looked at it.

ST25R readers do support all the frames necessary to talk to Mifare DESFire / Plus. So it is compatible. The implementation of all the commands and cryptography (3DES, AES) is up to the host MCU. Similar as for any other competition NFC frontend. So even when using DESFire you are not bound to use also an NXP reader.

One exception is the Mifare Classic / Crypto 1 stuff which is directly supported by some competition devices. I assume you are not even considering this old technology of Mifare Classic/Plus cards which is now completely broken for more than 12 years.

Regards, Ulysses

ArnaudR · ‎2020-02-27

Here are some more information to help you in your analysis of risk Vs cost in you specific use-case:

About "how can I verify the uniqueness of the UID?", this can be done depending on the use-case: if the overall system consists of several readers at different locations with a centralized network: the reader transmits the read UID to a central entity which can detect that the same UID has been read at two locations in a time frame that is impossible for a human. When this event occurs, the central entity inform the reader to deny the access. In addition, the system will also prevent the same UID to be read in too short time frame at same location. This use case typically apply to ski resorts.

About "I can copy the sign and the uuid using "black market tags"", those are cloning market-leading tags which are NFC type 2. If your ecosystem uses another type of tag with proprietary commands, there's no known clone. CR95 may then use the proprietary command as an additional step of the identification procedure, thus reducing greatly the probability to have a clone. Typically, using ST25TV02K with command "Fast Read Multiple Blocks" is a very good candidate because not-only it is a custom command code of NFC type 5 tags, but also it changes the low-level protocol (modulation speed). In future, there might be clones or emulators but again only an analysis of the value of the asset to protect and the cost of the protection system can decide if it fits your use-case.