• State Not Answered
  • Replies 3 replies
  • Subscribers 67 subscribers
  • Views 2544 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 121037
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Potential pitfalls at the ISO-DEP Layer?

CurtisHx

I've come to the conclusion that NDEF doesn't provide the functionality that I'm looking for (primarily security). I spent some time playing around the SDK running in NFC_T4T_EMUMODE_PICC looking at the data in nfc_callback, and writing and Android app to interact with the nRF52 dev kit through the NFC peripheral.

It almost feels like I'm implementing or creating a proprietary card type. But I'm not familiar with the entire NFC ecosystem to fully understand the effects of doing what I'm doing. If I understand correctly, MIFARE Plus is a card protocol that's built on top of ISO7816. So if I continue down this path, my nRF52 devices will identify as being MIFARE Plus, but won't have any of the functionality of MIFARE Plus. Is that going to be a problem?

  • 0

    As far as I know only MIFARE Plus EV1 (introduced in 2016) is compliant with ISO7816-4 APDU layer (which can fit easily on top of ISO14443 Type A stack supported by nRF52). However I don't think that MIFARE Plus is supported as NFC Forum Tag Type format out of the box. One would also ask why the hell would anyone voluntarely implement such proprietary techno such as MIFARE Plus and also are you sure you are allowed to do it (because it's 100% owned by NXP and these guys are not giving license for even implementing their technology by your own for free, usually...)?

    Security of NFC is indeed problem (as any other wireless technology) but purpose of NFC Forum NDEF formats is interoperability, there is no space for security. If you are not satisfied with "it's so close range that no one can hear it = hence secure" then forget about any NFC Forum types and implement your proprietary secure channel on top of one of these formats. I would recommend to go straight with some GlobalPlatform or ISO or NIST mechanism on top of ISO7816-4 APDU which runs on ISO14443-1/2/3 Type A but that means to develop that pretty much on your own. If you want to use one of delivered libraries then you can map it on top of some formats (e.g. do secure channel on top of Tag Type 4 and do push/pull data exchange on top of some NDEF object) but it's obvious wasting of performance...

  • 0 in reply to endnode

    That clears up a lot of other questions I had. Thanks!

  • 0 in reply to endnode

    Hi, maybe this comment is not fully relevant, but if signature was enough in your case, you could use an NFC Forum standard NDEF Signature RTD, to sign your NDEF message. As written in the answer no encryption mechanisms are defined by the NFC Forum, at least for Reader Writer operating mode.

Related