So are NFC tags really UNIQUE from each other, at least in their SERIAL NUMBER? And can we rely on the fact that no 2 NFC tags can have the same serial number? I'm highly skeptical about this as there are (and will be more) NFC tags out there and I don't think anyone is controlling the serials...
The reason I'm asking is that I'm developing a key based system using NFC tags. I don't need to write to the tags, I basically just need their serial numbers. But I need them to be truly unique.
Also, I would like to know if the serial numbers can be cloned (I know the content of tags can always be read and cloned, but can one program another tag to have exactly the same ID/serial?)
Are serial numbers of NFC tags truely unique?
That depends on the tag product and what you consider truely unique. E.g.:
ISO 14443 Type A tags with 4 byte serial numbers: There certainly exist duplicates (mainly because there is no clear scheme to divide the available range of serial numbers among the various manufacturers) and you can expect that within a batch of tags, there will be significant similarity between serial numbers (e.g. running sequences).
ISO 14443 Type A tags with 7 byte serial number (similarly for serial numbers of ISO 15693 tags): Each manufacturer is allocated a block of serial numbers (e.g. NXP serial numbers start with 0x04, Infineon with 0x05, etc). Within that block many manufacturers (I'm not sure about all of them) guarantee that they use each serial number only once. So these serial numbers are often unique (each manufacturer has a block of trillions of serial numbers). Still there will often be significant similarities between serial numbers of each batch (e.g. running sequences). Moreover, it seems that even within the serial number ranges that are supposedly guaranteed to be unique by manufacturers there appear counterfeit tag products that have duplicate serial numbers (see this question on duplicate serial numbers of counterfeit(?) NTAG203 chips).
Can serial numbers be cloned?
Yes, definitely. If you look for instance at MIFARE Classic, you can easily get cards with freely customizable serial number from a Chinese vendor of your choice. There is also devices like Proxmark with which you can emulate a card with a freely customizable serial number. And, moreover, it is relatively easy and cheap to build a device that emulates the protocol and consequently emulates a serial number of your choice. (Also see this question on emulating arbitrary serial numbers using Android NFC smartphones.)
As an attacker, the interesting part now is how you find a legit serial number for a specific system (i.e. a serial number that successfully authenticates to the system):
Read someone's card and clone the serial number.
Intercept communication between the legit card and the legit reader.
Make a guess based on other cards from the same batch (that's why similarity between serial numbers also matters).
Is it a good idea to design an access control system that's based solely on serial numbers?
No, definitely not. Still there exist lots of such systems. But more and more of these systems introduce additional security mechanisms.
Related
I know that for most programs, a pseudo-random number is sufficient but there are ways that machines can generate truly random numbers. For example, devices that generate unpredictable processes. But, they tend to be biased somehow. So, is it possible to use or make devices that can generate unpredictable processes and being unbiased?
Yes. You can buy cards or USB devices to plug into your computer that use physical effects, such as quantum mechanics, to generate true random numbers. A simple Geiger counter would be an example, though commercially available devices are more complex with a higher bit rate.
Google "Quantis RNG" for some examples.
I have an small presentation about FPGA techonology. My questions is: If your FPGA has 85k logic cells, does this mean it can run 85k operations simultaneously?
What I am trying to achieve is to shock the audience with some crazy illustrated facts about FPGA technology or facts. The people who listens now very little about FPGA, so I want to impress them.
What's inside a 'cell' can vary per manufacturer, but the Xilinx definition (using this manufacturer as an example, as these are the devices that I'm familiar with) is one four-input look-up table, and one register. Xilinx devices are made up of a number of 'slices', and these contain a number of functional elements. These might include:
Look-up tables
Registers
Multiplexers
Logic for use in carry chains
etc
As an example, a Spartan6 LX4 has 600 slices, and the marketing material claims that this is equivalent to 3840 'logic cells'. You can look in the user guide for a device to determine exactly what is contained inside a slice.
In addition to this, there are other resources such as multipliers, memories, PLLs, etc.
I suppose you could say that one logic cell can perform one operation, but a single cell is only capable of very simple operations, for example an AND gate, 2:1 multiplexer, etc.
I would say no, but it depends on what you mean by an operation. A logic cell has the capability to implement a number of logical functions (and/or/xor), and it has the ability to hold a state with storage elements. These two functions are how every digital system under the sun operates. Even addition and subtraction are higher level constructs built on top of logical functions. As in other answers, FPGA manufacturers publish guides on what is inside of their logic cell. It is this fundamental cell that is stamped repeatedly in the die to create this "array" as in Field Programmable Gate "Array".
This yields a distinctly "more or less" answer. The logic blocks can be used in multiple modes, and you might even be able to pack more than one function in one (including with two independent outputs), but you must also be able to transport meaningful data to work on. It sounds like you have a 7z020 as an example. You may want to note that besides those logic cells, it also has 220 hardware multiply+add blocks. That amount is not random; the surrounding logic is enough to keep them fed in particular cases, every cycle. Looking in 7 Series FPGAs Configurable Logic Block User Guide (UG474), we find that the Logic Cells number given is an estimate of equivalent 4LUT+FF configurations. The reason this number is lower than the number of flipflops (106k) is that the input arguments for the two 5luts you can split a 6lut into must overlap.
My question is about performance of JavaCard smart-card on AT90SC25672RCT chip.
The matter is that I want to develop project related to cryptography using JavaCard for educational purposes.
Right now is time to buy smart-card and that's why I wonder if card with this chip will cover my needs. The matter is that I've decided to use some cryptographic protocol that will require some calculations both on desktop and smart-card side.
So my question is addressed to people that have JavaCard now and can tell me if it is possible to run random generator and compute couple of hash values in within sane amount of time or I should use some protocol that requires less calculations?
Recommendations devices or minimal requirements are also welcome.
As already mentioned, smart cards in general have co-processors. Symmetric ones for DES and AES family of algorithms and asymmetric ones for RSA and elliptic curves.
I don't know what you consider a sane amount of time, but generating signatures is never a problem (well below one second), while generating a 4096 bit RSA key pair on the card may last minutes.
The typical bottleneck is the I/O interface, heavily depending on the card and the reader at hand (among others by the external clock). This is the reason, why nobody will sent a document of megabytes to a card, just to get the hash computed, but will hash externally. The small random numbers to be hashed within cryptographic protocols are of course no problem. Cards are getting faster on the I/O side too, but the proven approach will remain with us for some time.
Unfortunately I don't know which smart card has that specific chip inside, but nowadays smart cards are really powerful. They not only has the ability to generate random numbers and hash values but also they can do some cryptography functions and signature generation and verification such as RSA, 3DES, AES and so on.
Fortunately you can see a list of supported algorithms for a big list of smart cards here.
I have to build an One Time Pad system and for that, I have to build my own TRNG. I want to know how to make record atmospheric noise and use that to generate random numbers. I've tried so far to record a .wav file and read it in Java, but the values don't seem very...random. Any suggestions? I know about Random.org, but I can't really use their generators, I have to build my own, so what I want is some insight into how the folks at Random.org have built their numbers generator, with atmospheric noise as a source of 'randomness'.
Non Real-time solution
What you can do is record the audio surrounding the room before in and save a temporary WAV file. If you know how the WAV file works which is based on the RIFF specification. Then strip the WAV header which is 44 bytes in length. Then read the audio bytes and do the proper conversions depending on whether you want to generate WORDS, DWORDS, or BYTES, it is up to you. Then you should have some random values to work with. Then use those random values accordingly.
Real-time solution
Since I do not know whether you want to program this in Java or some other language. In addition, I do not know the intended platform; so I cannot recommend you any realtime audio processing libraries.
For C# you can use NAudio and you can record the audio in realtime and recieve the audio bytes. Then you can convert the audio bytes into either a DWORD, QWORD, WORD, etc. You should be able to have some random values. Remember to stop recording and to release unmanaged resources when generating random numbers has ceased.
Good Resources On The WAV File Specification
Link to the specification (Easy to understand)
The answer is unknown and probably intentionally so. Although hard to be sure, the site seems to be a combination of charity and for-profit work. Each radio source only produces a few Kbps of random data. How he describes it in many links, I don't see evidence of a CSRNG. It doesn't matter. For OTP purposes, if it's not truly random, it's a glorified stream cipher. (I think that's what Bruce and others have always said.)
I find it hard to recall when a good CSRNG was broken. I'd recommend you use something like ISAAC or a properly implemented block/stream cipher. Perfect Paper Passwords does this. Use a Fortuna construction with the internals of Fortuna using the above ciphers/algorithms to produce the majority of the random data. The Fortuna system can regularly have data injected into it by a TRNG. The very best TRNG on a budget is random.org plus locally generated stuff. The best cheap, hardware solution is a VIA Artigo board with VIA Padlock (TRNG + acceleration for SHA-1, SHA256, AES, & RSA) for $300. They have libraries to help you use things, too. (There's even a pseudo-TRNG that uses processor timing under network load.)
Remember, the crypto is usually the strongest link in the chain. System security exists on many levels: processor, firmware, peripheral firmware (esp DMA), kernel mode code, OS, trusted middleware or OS functions, application. Security as a whole includes users, policy, physical security, EMSEC, etc. Anyone worrying way too much about RNG's is usually wasting effort. Just use an accepted solution or something I mentioned above. Then, focus on the rest. Especially, how people and systems interact. Configuration, patching, choice of OS, policies. Most problems happen there.
I recall an article on random.org that I can't seem to find now. I all remember is that they used the lsb of the noise they were measuring. The MSBs will certainly not be random. Then then generated a string of 1s and 0's based on the lsb. Don't do something silly like a simple binary conversion, that won't work. You maybe have to sample the noise in binary, to make the distribution of the lsb have a more uniform sampling.
The trick they used to ensure an even distribution was to not use this string of 1's and 0's as the random numbers. Instead they would parse the string, 2 bits at a time. Every time the bits matched (ie 00 or 11) they added a 1 to their random string. Every times the bits flipped (ie 01 or 10) they added a 0 to their random string.
If you make your own TRNG, make sure you verify it!
It is hardly possible to get real random numbers out of software. Even the static in your wav file is likely to be influenced by periodic EMI generated by your computer and is therefore not purely random.
Can you use special hardware or are you forced to stick to pure software? Why won't pseudo random numbers satisfy your needs? They will do fine on a relatively small number of random samples. Because you want to use the random numbers in an OTP, I guess you won't be using it in a big scale.
Can you provide a little more detail?
The atmospheric noise approach to generating random numbers is complex because the atmosphere is filled with non-random signals, all of which pollute the entropy you seek. There is an easier way.
Chances are good your CPU already contains a true random number generator, assuming you have an Intel Ivy Bridge-based Core/Xeon processor, which became available in April, 2012. (The new Haswell architecture also has this feature).
Intel's random generator exploits the random effects of thermal noise inside an unstable digital circuit. Thermal noise is just random atomic vibrations, which is pretty much the same underlying physical phenomenon that Random.org uses when it samples atmospheric noise. The sampled random bits go through a sophisticated conditioning and testing process to eliminate pollution from non-random signals. I highly recommend this excellent article on IEEE Spectrum which describes the process in detail.
Intel added a new x86 instruction called RDRAND that allows programs to directly retrieve these random numbers. Although Java does not yet support direct access to RDRAND, it's possible using JNI. This is the approach I took with the drnglib project. For example:
DigitalRandom random = new DigitalRandom();
System.out.println(random.nextInt());
The nextInt() method is implemented as a JNI native call that invokes RDRAND. The performance is pretty good considering the quality of randomness. Using eight threads, I've generated ~760 MB/sec of random data.
True random number generators (TRNGs) are usually from natural sources like seismic signals, non-stationary bio-signals, etc. The two issues faced by these generators are:
1) The data points are non-uniformly distributed
2) It takes very long time to generate large sequence of numbers (specially when the requirement is in millions).
However, the most important advantage on their part is their unpredictable nature. To overcome their issues and to retain its advantage, it is better to fuse the output of TRNG to seed a pseudo-random number generator. For this, you may try using the amplitude values of atmospheric noise at random time points and use it to seed a PRNG.
This will help you to get large numbers of uniformly distributed values. As the seed is unpredictable, the output of PRNG too becomes unpredictable.
What are the addresses of some websites that offers random numbers from physical sources? I'm looking both for free services and services that cost money.
I have been using http://www.random.org/, and i like it. Generates random numbers from atmospheric noise, and also is capable of generate:
coin flips
dice rolling
card shuffling
among others, take a look at it.
HotBits:
Genuine random numbers, generated by radioactive decay.
HotBits are generated by timing successive pairs of radioactive decays detected by a Geiger-Müller tube interfaced to a computer.
Once the random bytes are delivered to you, they are immediately discarded—the same data will never be sent to any other user and no records are kept of the data at this or any other site.
Secure Server HotBits Request
Sounds like the Quantum Random Bit Generator may be of use ? It relies on photonic emission in semiconductors and the detection thereof by photoelectric effect.
They supply command line and library/API access via various different platforms/frameworks.
www.Random.org
Apparently they use Atmospheric noise to generate they're numbers though I'm not sure if they've published their algorithms.
Many Linux systems have a /dev/random device built in. That provides random numbers from physical sources.
The random number generator gathers
environmental noise from device
drivers and other sources into an
entropy pool
See http://en.wikipedia.org/wiki/Urandom