How do NFC tags prevent copying?
Ten years ago, we opened our building's front door with a badge. Five years ago we paid public transports with an RFID card. Today we pay for our bread with the same system and tomorrow we would probably be able to authenticate ourselves with something similar.
Basically, an NFC tag is only a physical support, just as a DVD is. It is easy to imagine how it can be protected against malicious alteration or prevented from being read (i.e. understood) by an unauthorized third party.
However, to prevent it from being cloned as-is (even if encrypted) seems impossible to me.
What prevents me from creating kind of an ISO image of the NFC credit card of my customers, writing it on a blank tag and then using it to buy my cigs?
I dont know about the nfc technology. But i can imagine that a nfc-chip has actually a microprocessor in it that can decide what information to publish and also sign it digitally.
As far as I know, a NFC tag is unpowered. So embedding a microprocessor doesn't seem possible.
That depends on what type of tag you use and what level of protection against cloning you want.
NFC tags (as defined by the NFC Forum) have no protection against cloning. Such tags are intended as containers for freely readable data (so called NDEF messages). Anyone could read an NDEF message from one tag and duplicate it to another tag.
Many NFC tags also contain a unique identifier that is pre-programmed by the tag manufacturer and cannot be modified on normal tags because those memory segments are in read-only memory. Such a unique ID could be used to uniquely identify a tag (i.e. to match the ID against some form of database). This approach has been used by many access control systems in the past (and actually still is!). However, all data can still be extracted from the tag. Specialized hardware (e.g. Proxmark, etc) and ready-made tags are often available where an attacker can change the unique identifier. So this is certainly not perfect cloning protection. Nevertheless, some manufacturers still add new cloning protection features that rely on publicly readable (but supposed to be uncopyable) unique identifiers. One such manufacturer is NXP with their signature feature on new NTAG tags. (Basically they add a digital signature over the unique ID to the tag, but nothing prevents an attacker to create a clone that also contains a copy of that static signature.)
Contactless smartcards/tags that provide communication encryption and shared-key based mutual authentication (e.g. MIFARE DESFire) exist. With this approach, cloning could be prevented by protecting certain data on the tag with a secret password. However if an attacker is able to find out that secret password, nothing prevents the attacker from creating a clone of the tag. Many modern access control systems and closed-loop payment systems use such an approach.
Contactless tags/smartcards that contain a secret asymmetric key (that cannot be extracted from the card using the available communication interface) and provide a command to sign a cryptographic challenge with that key exist. Many such smartcards are built upon Java Card technology, so they contain a microcontroller that executes some custom application software (written in Java). Most modern EMV-based credit cards use this type of mechanism to prevent cloning.
Correct me if I'm wrong. But MIFARE has more than just a symetric encryption. They also use a kind of LFSR Challenge algo (not sure how to call that.) to check the authenticity of a tag without disclosing a secret cypher. Well, of course their algo was broken ages ago, but they improved it since.
@Taiko That challenge-response authentication is still based on a shared secret (i.e. one key that both parties know == symmetric), hence using symmetric cryptography.
ah... Yes, that's right. I would love to read more about their communication protocol. Any easily explained article ? (Like, when does the challenge response kicks in, how the password is supposed to be stored on the reader side etc...)
The question is if the symmetric key can be read by unauthenticated readers. If not it is at least protecting against cloning by reading (but not cloning by the admin).
@John Typically, all of them would work with an Android phone (though particular for (4) this might also depend on physical factors such as power consumption of the smartcard and antenna geometries).
@MichaelRoland, what's the point of NTAG213 originality signature if it can be cloned along with the UID into readily available Chinese UID changeable tags?
@fnieto-FernandoNieto I don't know what they had thought when they came up with that feature. Btw. I'm not aware of any existing Chinese UID changable tags that would support the NTAG21x protocol.
After some investigation I learnt 'originality signature' is meant to prevent mass cloning by counterfeit tag manufacturers (you can only clone a tag if you put your hands on it). If you search in Alibaba for "ntag213 uid changeable" you can find quite a few... not sure you can also write the 'originality signature' on those, but I asume if you can write the UID you can write the rest of the manufacturer fields as well.