Page 15 - Read Online
P. 15
Page 116 Calderoni et al. J Surveill Secur Saf 2020;1:106-18 I http://dx.doi.org/10.20517/jsss.2019.01
NXP documentation that these symmetric AES keys are sometimes shared with NXP’s licensees to check
[26]
if the tags are genuine . This information could be maliciously used to produce a complete clone of a
genuine NXP tag.
To this end, please note that the tag UID and the corresponding NXP digital signature may be acquired
through a legitimate tag inspection (as described in the “Results” section) and copied to the cloned tag as
well.
To overcome this issue, further security protocols should be adopted. A significant example is represented
[15]
by electronic passports . The guidelines for e-Passport issuance and management are provided by the
International Civil Aviation Organization (ICAO), and include a detailed description of the security
protocols and the logical data structure used to store and arrange data into the RFID chip. To prevent
chip cloning attacks, ICAO designed the Active Authentication security protocol. This protocol relies on
asymmetric cryptography and requires a dedicated key pair. Briefly, during the chip’s customization phase,
the secret key is stored in the chip’s secure memory, while the public key is stored in one of the chip’s
elementary files. When the reader needs to check whether or not the chip is genuine, it sends a random
nonce to the chip, which signs it using the private key as signing key, according to the adopted cypher. The
reader then reads the chip’s public key from the corresponding EF and decrypts the string. On a positive
match, the protocol succeeds. As the private key is stored in the chip’s secure memory, it is very hard to
read for an attacker. Moreover, as the protocol relies on asymmetric cryptography, there is no need for
the licensees to handle the private key. This missing piece (the private key) and the introduced protocol
represent a strong defense against chip cloning attacks. A similar solution could be adopted to strengthen
the security features of NT4H2421Gx.
4.4 Tag forging
When we talk about tag forging, we refer to the ability of an attacker to produce a new tag from scratch
claiming that it is genuine and that it is produced by some trusted organization (such as NXP). This
procedure differs from the cloning one, as in this case the attacker does not copy the same tag UID in the
forged chip, where the aim is to couple the tag with a new different UID.
The deep inspection performed on the NT4H2421Gx tag proved that this technology is strongly resistant
with respect to forging activities. In fact, the Read_Sig command provides the reader with a digital
signature which was computed signing the tag UID with an NXP elliptic curve private key (see Figure 7
for reference). Hence, to forge the tag, the attacker should sign the new UID with the same private key and
should store the resulting signature in the tag ROM. Differently from symmetric AES keys, this private key
never leaves the NXP hardware security module. As such, to forge a genuine NXP chip, the attacker must
be able to break strong asymmetric encryption (which is usually deemed impossible under reasonable
settings).
4.5 Soft security settings
To facilitate user experience and tag interoperability, this tag also supports a soft security setting named
SDM. This feature may be set up for a single file (namely the NDEF one) through the ChangeFileSettings
command. Besides, as depicted in Figure 5, SDM is enabled in the tag studied. SDM allows for confidential
and integrity-protected data exchange, without requiring a preceding authentication. The NDEF file content
may be accessed without any authentication. Encrypting part of the file content (together with tag UID or
SDMReadCtr) is a valid option to reach the maximum interoperability with any RFID/NFC reader, while
preserving some form of security. As predictable, when the involved application context requires strong
security settings, SDM should not be considered a valid option.