Cryptographic NFC/RFID Tag?

StackOverflow https://stackoverflow.com/questions/18627176

  •  27-06-2022
  •  | 
  •  

Question

This is killing me... I am trying to find an NFC/RFID tag that:

  1. Implements encryption and/or cryptographic signing of data sent to the tag such that the tag can be authenticated by the reader. I do not care if the tag attempts to authenticate the reader, and

  2. Is widely supported by Android phones and the standard NFC libraries, and

  3. Stores the cryptographic key(s) in a secure manner (reading it should be impossible after a config fuse is blown).

I do not care what sort of payload can be stored on the tag and I have no use for NDEF messages. I do not care if the encryption used is symmetric or asymmetric. All I want to do is send a bit of data to the tag and have it, using a shared secret, encrypt or sign that data and send it back to the phone, whereupon my code will perform the same function and compare the results with the tag's response to validate the tag.

I have samples of Atmel CryptoRF* tags and while they would probably do most of what I need, they aren't detected properly by the only Android phone I have. The phone dings and I'm filtering for 'android.nfc.action.TECH_DISCOVERED' with the appropriate tech-list entries but I get nothing. Atmel's tech support is worse than useless (because I wasted time asking questions they never bothered to answer). Logcat looks like:

  • 09-04 21:03:53.474 1012-1012/? D/NativeNfcTag: Connect Failed - status = 146
  • 09-04 21:03:53.474 1012-1012/? E/NFCJNI: doDisconnect() - Target already disconnected

I don't see any previous entries suggesting that the tag was ever recognized by Android.

This seems like such a simple, obvious and needed type of tag that it must exist somewhere.

NFCGuy or others - any ideas?

Thanks!

*The Atmel CryptoRF data sheet says the following, which may or may not be helpful in determining whether these things could ever be read by an Android phone:

  • ISO/IEC 14443-2:2001 Type B Compliant
  • ISO/IEC 14443-3:2001 Type B Compliant Anticollision Protocol
Was it helpful?

Solution

Mifare Desfire will do what you ask for except for one thing:

Crypto support is not available on API level.

You have to write code that does all the authentication and cryptography and talk to the Desfire tag directly. The Android API provides the tools to do so via the low-level access function IsoDep.transceive. The crypto functions itself can be found in javax.crypto.spec

Unlike other tags with cryptography documentation of the required steps to do authentication and encryption are available on the internet.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top