如何prevent NFC标签克隆? [英] How to prevent NFC tag cloning?
问题描述
我正在使用NFC标签的应用程序,我不得不从cloning.I prevent NFC标签已经看到,当试图克隆许多其他NFC标签,显示了一个弹出的messge克隆受到限制,标签通过密钥保护,我想为我的NFC标签相同的安全性。
I am making an app using NFC tags and i have to prevent nfc tag from cloning.I have seen many other nfc tags which when tried to be cloned,shows a pop up messge "Cloning is restricted,tag is secured by secret key", i want the same security for my nfc tag.
推荐答案
那要看你用什么类型的标签和保护反对克隆你想要什么样的水平。
That depends on what type of tag you use and what level of protection against cloning you want.
-
NFC标签(由 NFC论坛定义)毫无防备克隆。此类标签旨在作为容器用于自由地可读数据(所谓的NDEF消息)。任何人都可以从一个标签读取NDEF消息,并将其复制到另一个标签。
NFC tags (as defined by the NFC Forum) have no protection against cloning. Such tags are intended as containers for freely readable data (so called NDEF messages). Anyone could read an NDEF message from one tag and duplicate it to another tag.
许多NFC标签还包含一个独特的标识符是$ P $对 - 编程由标签制造商,不能修改在正常标签。你可以使用这个唯一的标识符,以确定是否一个标签是由您发出的(即你知道它的ID)或伪造(即你不知道它的ID)。相反,使用正版ID的列表中,你也可以创建数字签名在标签的ID和它的数据。这样的话,你可以看看数据和签名用于在标签上使用不同的唯一标识符。 然而,所有的数据仍然可以提取您的标记。因此,你应该知道这样一个事实,即专门的硬件(如Proxmark等),现成的标签都可以在这里攻击者可以修改唯一标识符到您的标签的id的值。因此,这肯定是不完美的克隆保护。
Many NFC tags also contain a unique identifier that is pre-programmed by the tag manufacturer and cannot be modified on normal tags. You could use this unique identifier to determine if a tag was issued by you (i.e. you know its id) or forged (i.e. you don't know its id). Instead of using a list of genuine ids, you could also create a digital signature over the tag's id and its data. THat way, you could find out if data and signature are used on a tag with a different unique identifier. However, all data can still be extracted from your tag. Therefore, you should be aware of the fact, that specialized hardware (e.g. Proxmark, etc) and ready-made tags are available where an attacker can change the unique identifier to the value of your tag's id. So this is certainly not perfect cloning protection.
您可以使用接触式智能卡/标签,提供通信加密和共享密钥的访问控制(如MIFARE DESFire非)。通过这种方法,你可以存储你不希望攻击者能够在一个关键的保护存储区复制数据。不过,如果你希望能够从你的应用程序中读取数据(即不具有在线后台直接与卡的通信),你就需要存储到你的应用程序中访问的存储区域的关键。因此,在脱机情况下(即密钥存储在应用程序),攻击者可能能够提取键,并用它来克隆的标记。
You could use a contactless smartcard/tag that provides communication encryption and shared-key based access control (e.g. MIFARE DESFire). With this approach, you could store data that you do not want an attacker to be able to clone in a key-protected memory area. However, if you want to be able to read that data from within your app (i.e. without having an online backend that directly communicates with the card), you would need to store the key to access the memory area within your app. Consequently, in an offline scenario (i.e. key stored in app), an attacker might be able to extract that key and use it to clone the tag.
您可以使用标签/智能卡包含一个秘密的非对称密钥,并提供了一个命令,签署与该密钥加密的挑战。在这种情况下,为了验证该标签是真实的,则可以要求来自Tag这样的签名为随机询问,并验证对相应的公用密钥的标签的签名。这无疑将是最安全的解决方案,因为你不需要保存你的应用程序中的任何共享的秘密。唯一现成的NFC标签解决方案(我目前所知道的),提供了这样的功能似乎是内部安全的VaultIC。虽然你可以创建一个自己的基于非接触式智能卡的对称密码的功能(如Java卡)。
You could use a tag/smartcard that contains a secret asymmetric key and provides a command to sign a cryptographic challenge with that key. In that case, in order to verify if the tag is genuine, you could request such a signature from the tag for a random challenge and verify the signature against the tags corresponding public key. This would certainly be the most secure solution as you do not need to store any shared secret within your app. The only ready-made NFC tag solution (that I'm currently aware of) that provides such functionality seems to be Inside Secure's VaultIC. Though you could create one yourself based on the asymmetric crypto functionality of a contactless smartcard (e.g. a Java Card).
请注意,上述所有克隆保护情况下,您需要创建一个应用程序来检查,如果一个标签是正版还是克隆。默认情况下NFC手机只使用(1),因此不进行任何此类检查的信息。
Note that for all of the above cloning-protection scenarios you would have to create an app that checks if a tag is genuine or cloned. By default NFC phones only use the information in (1) and therefore do not perform any such checks.
这篇关于如何prevent NFC标签克隆?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
