No connection, No problem. Use NFC to Securely Authenticate your Contactless Peripherals
Abstract
An application note explaining NFC product authentication and specifically Analog Devices' solution in the form of secure authenticators. Application requirements will be answered, including genuine product verification, round checking, and appropriately ending the life of an NFC consumable.
Introduction
The NFC provides a solution to interconnect the devices without a physical contact. The NFC tags are commonly used for manufacturing information, product identification and authentication. In day-to-day lives, imagine the breadth of these products; passports, electronic tickets, employee badges, identification of medical peripherals and box store security tags to just name a few. Other competing technologies such as quick response (QR) codes can support product identification and information but cannot perform secure authentication of the product. The NFC and QR codes both have their strengths and weaknesses, but for security and user experience, the NFC wins. This is mostly thanks to a reader being in everyone's hand since almost all smartphones can now be used to read NFC tags. They can also be used to check an item's authenticity with no special hardware. For applications that do not have a smartphone available, there are many options for RFID readers that compliment most NFC tags.
This application note focuses on explaining product authentication and, specifically, Analog Devices' solution in the form of NFC secure authenticators. It answers application requirements including genuine product verification, round checking, appropriately ending the life of a consumable, and touch on other applications.
First, What is Authentication?
Authentication is a process with the objective to establish proof of identity between two or more entities. In the case of one-way authentication, just one party is involved in proving its identity to another. With two-way authentication, both parties prove their identity to each other. The most used method of authentication is the password. The main problem with passwords is that they are exposed when used, making them vulnerable to spying and discovery. This is the primary reasons QR codes are not good for security as it is a completely exposed password.
When examining the historical use of cryptography, in 1883 the Flemish linguist Auguste Kerckhoffs published his findings in a groundbreaking article on military cryptography. Kerckhoffs argued that instead of relying on obscurity, security should depend on the strength of keys because in the event of a breach, only the keys would need to be replaced, not the whole system.
A proven symmetric key-based authentication method works as shown in Figure 1. A secret key and the to-be-authenticated data ("message") are taken as input to compute a hashed message authentication code or HMAC. The HMAC is then attached to the message and transmitted upon request. The recipient of the message performs the same computation, using the same (referred to below as shared) secret key, and compares its version of the HMAC to the one received with the message. If both the HMACs match, the message is authentic. A weakness with this basic model, however, is that a static, intercepted message and HMAC can later, or subsequently, be replayed by an unauthentic sender and be mistaken as authentic.
To resolve the replay vulnerability and prove the authenticity of the HMAC originator (for example, the contactless peripheral or tag), the recipient (i.e., the host system to which the peripheral is in the near field) generates a random number and sends it as a challenge to the originator. The HMAC originator must then compute a new HMAC based on the shared secret, the message, and the challenge and send it back to the recipient. If the originator proves capable of generating a valid HMAC for any challenge, it is absolutely certain that it knows the shared secret and, therefore, can be considered authentic. Figure 2 shows this challenge-and-response authentication flow and the associated data elements.
In cryptography, an algorithm that generates a fixed-length hash from a message is called a one-way hash function. "One-way" indicates that it is mathematically infeasible to conclude from the fixed-length output hash from the usually larger input message. Combing the HMAC and SHA3 algorithms with a secret key is called a HMAC with the same "One-way" characteristic as the fixed-length output hash.
A thoroughly scrutinized and internationally certified one-way hash algorithm is the FIPS 202 SHA-3, which was standardized by the National Institute of Standards and Technology (NIST). The mathematics behind this algorithm is publicly available on the NIST website. Distinctive characteristics of the algorithm are as follows:
- Irreversibility: It is computationally infeasible to determine the input corresponding to the hash output.
- Collision-resistance: It is impractical to find more than one input message that produces the same hash output.
- High avalanche effect: Any change in input produces a significant change in the hash result.
For these reasons, as well as the international scrutiny of the algorithms, Analog Devices' selected SHA-3 for challenge-and-response authentication of its newest MAX66250 NFC secure authenticator. Further, Analog Devices' implemented the SHA-3-256 variant of SHA-3 algorithm in its latest products combined with the key sharing based HMAC algorithm.
Contactless Secure Authentication in a System
The proliferation of NFC enabled smartphones enables anyone to use a secure authenticator tag IC, such as the DeepCover® Secure Authenticator (MAX66250) without any special hardware as shown in Figure 3. This is because most smartphones have an integrated ISO 15693 compliant NFC reader and secure storage capability. Most phone operating systems offer a FIPS crypto software library which allows easy development. However, typical embedded applications do not utilize a smartphone and must use a dedicated NFC reader.
Alternatively, as shown in Figure 4, Analog Devices' has both a reader (MAX66301) and a tag IC for NFC secure authentication. The reader can easily be added to any embedded processing system as a peripheral IC interfaced to a microcontroller (μC). Following are the benefits of using a MAX66301 reader IC:
- Highly secure storage of the system main SHA3 secret.
- Offloading the SHA3 computation from the host μC.
- Offloading encoding & decoding of ISO15693 RF data.
- Optional secure programming of the system SHA3 secret using Analog Devices' preprogramming service.
Let's discuss a few applications now that systems are presented.
Genuine Product Verification
Limited-life consumable products are commonly targeted by aftermarket companies in an attempt to copy, produce and introduce unauthorized, and usually substandard products into the supply chain. Secure authentication can be used to prove that a product is OEM-genuine and can eliminate safety concerns, potential brand damage and loss of revenue that can result from counterfeits. Introducing secure authentication into the solution enables the host system to verify a peripheral is genuine and to take application-specific action if a counterfeit is detected. As shown in Figure 5, a challenge-and-response between the reader and the tag is exercised to confirm authenticity.
Round Checking
An interesting application of tags is to use it for round-check. This term refers to a person that, as part of their employment, is required to visit specific locations. Examples could be a healthcare worker who travels from home-to-home checking on patients or a security guard who performs a round check every few hours examining different doors and windows of a facility.
Other variations of round checking could be ships, aircraft, and industrial machinery. Any of these examples are instances that require checking of the important items. This is a growing area in many instances because it ties in proof of compliance, perhaps with fire, health, and safety regulations. An example may be a safety officer's requirement to check the serviceability of life-boats, life-jackets, and fire extinguishers onboard. However, a simple checklist does not provide the proof that the employee physically moved from their station to check each item. With NFC tags attached, the employee is required to be physically present and scan tags at each location with a smartphone or reader. Proof of compliance could be as simple as reading a serial number for item identification or be more sophisticated by adding authentication. Figure 6 shows how the MAX66250 IC can support all three of these functions.
The item identification can be satisfied when taking inventory of the tag by reading the 64-bit unique identifier (UID) intrinsic to all devices. The production information, such as serviceable lifetime, calibration, etc., can be written and protected in the user page of the tag at the factory or when deployed. The page data can be authenticated with a computed HMAC to confirm authenticity and transmitted to a secure cloud server. This provides additional accountability, and the secure cloud data center can then trust information read from the device. An expired serviceable items can be easily identified and reordered electronically through a reader or cloud service. Each read point is a digital record that can be stored on a secure cloud server which provides an automated compliance checking and notifications. Data transmitted to the cloud could include GPS coordinates from the smartphone for better accountability.
Consumable End of the Life
Many disposable consumables are limited to a single or few uses before being discarded. An unsophisticated tamper protections can be removed and placed onto a counterfeit unit and resold as genuine. The manufacturers of OEM devices want to avoid overuse or reuse, due to safety concerns, premature equipment failure, and liability issues.
Fortunately, there are a few ways to deal with unauthorized reuse. One way is the tag's antenna is made of brittle paper and ultra-thin etched aluminum antenna. This is just another type of NFC tag used to protect against items being reused, such as wine, cigars and other valuable items. The sophistication of the mechanics creates a tamper proof tag that when it is removed from the original item, it destroys the IC's antenna. However, this is not always practical since sometimes the tag is not removed at all, but the item is just replenished with material that is consumed.
As shown in Figure 7, a better way is to securely write something (an expiration value) to the actual peripheral tag that when read by the host equipment reader indicates that the item's life has expired and should not be trusted or reused. The MAX66250 provides a SHA3-HMAC protected command capability to support this secure write sequence. The reason for a secure authenticated write, instead of an insecure memory write, is to protect the memory from simply being reset and then put back into service or reused.
Another approach of securely managing a limited life peripheral is through the use of a non-resettable counter in the NFC tag IC. At the factory, the OEM equipment maker first sets the desired lifetime counter value for the number of times it will be used. Each time a peripheral is authenticated and used a read and decrement of the counter would be performed. The lifetime then expires when the counter reaches a value of zero. The MAX66250 provides a non-resettable, decrement-only counter to support this capability.
Brief Mention on Other Applications
Other applications include object identification, access control, and asset tagging. Each of these has been around for some time using tech such as QR codes, UHF RFID tags or NFC tags. The object identification is the simplest in that it is used to identify an item as unique compared to other similar items. An access control dictates who is allowed to have access to the item by only enabling 'right to use' when approved by a security mechanism. An asset tagging deals with the management of tracking an item as it moves.
For these applications, the NFC tags have a clear advantage in those NFC readers are so common in most of our hands with the smartphone link to the internet. The USB readers are readily available to enable the most computers as well. The same can be said for QR codes, but the limitation for them is the weakness of security. The NFC tags and UHF RFID tags have strong security. The QR codes can easily be spoofed with malicious intent. The UHF RFID tags are better suited for asset tagging since they work at greater distances where the whole pallet can be read at once, but they are limited in the breadth of readers available for them. For these reasons, it is good to consider the NFC tags for these applications.
NFC Authenticator Features by Analog Devices'
In the applications just discussed, Analog Devices' solution using the FIPS202-compliant SHA3-256 MAX66250 IC has security features to meet these cases. Fundamentally, the IC receives the input ingredients and computes a HMAC result. The changing ingredients feed into the compute engine for each operation type, creating a unique HMAC for the targeted use case. The host must be able to compute the same HMAC generated by the peripheral device to verify its authenticity. This type of secret usage is one of the requirements for a symmetric key-based secure system.
Challenge-and-Response Authentication HMAC
The MAX66250 Secure Authenticator's primary purpose is for challenge-and-response authentication of an NFC peripheral. In Figure 8, the host sends a random challenge and instructs the peripheral device to compute a HMAC response from the challenge, user memory page data, and other ingredients that together form an input message that is SHA3 hashed with the secondary secret.
When the computation is complete, the MAX66250 sends its HMAC to the host for verification. The host then duplicates the HMAC computation using a computed secondary secret (i.e., same shared secret) and the same input message ingredients that are used by the MAX66250. A match of the HMAC received from the peripheral provides authentication of the device, since only an authentic peripheral responds to the challenge-and-response sequence correctly. It is crucial that the challenge is based on random data. A never-changing challenge opens the door to replay the attacks using a valid static HMAC that is recorded and replayed instead of a HMAC that is instantly computed by an authentic peripheral.
HMAC Authenticated Write
The challenge-and-response authentication just discussed authenticates a peripheral to a host. Now, the reverse is going to be discussed where a peripheral authenticates a host to trust its data for a secure memory write. This is highly desirable since the user memory of a peripheral, as discussed in the Consumable End of the Life section, may contain sensitive status data that dictates whether the peripheral should be used or not. It may also dictate other sensitive status data, such as what features a product has enabled or what access level the tag holder has. For these reasons, write access to the EEPROM in a MAX66250 peripheral can be authenticated-write protected. A true authentic host knows, or can compute, the secondary secret and is able to generate a valid write-access HMAC.
To accomplish copying data to the EEPROM user page, the peripheral requires the requesting host to first compute the valid write-access HMAC with the secondary secret, new data, and old data read from the peripheral plus additional data. The host then sends an authenticated SHA-3 write memory sequence that contains this write-access HMAC, new page data and additional data. The MAX66250 stores the received data into its buffer and then computes its own HMAC from the new data, old data currently in the EEPROM memory page, its secondary secret, and additional data, as shown in Figure 9.
The MAX66250 compares the write-access HMAC to its own peripheral HMAC result. The new page data is transferred from the input buffer to the destination in EEPROM only if both the HMACs match. The memory pages that are write-protected and not authenticated-write protected cannot be modified, even if the HMAC compared result is correct.
Secret Generation and Protection
The architecture of the MAX66250 Secure Authenticator allows direct writing of the main secret into the peripheral, which is normally a one-time event done in a controlled and trusted environment (e.g., a secure factory). From the main secret, the peripheral can compute a unique secondary secret as shown in Figure 10, which is an event done in the non-trusted environment of the end application. This secondary secret is to be used for the generation of an authentication HMAC for reading page memory or an internal HMAC for write access verification. The main secret and the secondary secret are always secure within the device and are always read-protected. If desired, the main secret can be write-protected, which prevents altering the secret. The secret installation and protection settings should always be done at a secure facility.
The quality of the secret used can be effective by:
- The main secret used should be the same random value installed for all the peripherals at a secure factory.
- The shared secret between the host and the peripheral, when used in the end application, is to be a unique secondary secret by including the IC's device ROM ID number in the computation.
In the field, the peripheral generates a HMAC during a challenge-and-response authentication. The host computes the peripheral's secondary secret and computes its authentication HMAC for comparison. Because a secondary secret is used, the authentication HMAC created is exclusive to that peripheral only and provides additional strength of protection.
Some hosts don't have specific hardware to secure a main secret. For this reason, it is worth mentioning that hardware can be added to offload this burden. Analog Devices' has the MAX66301 IC that combines both a reader and secure memory in one device. With this IC, a host increases its security since the main secret is under multiple layers of advance physical security to provide secure storage.
Conclusion
With ubiquitous NFC applications in the world, Analog Devices' MAX66301 and MAX66250 ICs provide a contactless solution to meet both host and peripheral requirements for genuine product verification and advanced features to provide secure management features for limited-life peripherals. With these ICs that have both advance secret storage and strong HMAC authentication with SHA3, the benefits of protecting against counterfeiting cannot be ignored.