I'm wondering if NFC chips have some kind of unique identifier? I have Mifare Classic 1K and Mifare Ultralight C stickers that I want NFC phones to read using my android application, is there some common practice to protect the signal so someone can't just come in and scan the data using a generic app (NFC Reader), and write the data to another chip in order to fake my sticker signal. Or, is there a unique ID like how phone UUID works built in these chips?
3
votes
3 Answers
2
votes
I'm afraid with tags there is always the risk of evesdropping, man-in-the-middle or relay attacks. The best you could hope for would be encrypt the data using a pre-known secret on your device and the tag.
This still has the risk of the secret being found out and then copied.
NFC really isn't designed to be a highly secure platform.
For device to device you can implement protocols on TOP of the existing NFC stack (such as SSL) however this wouldn't work with pre-generated tags.
2
votes
Yes each chip has an unique identifier, however the comments from the other people here about lack of security are of concern as this is the currently (growing) preferred hardware platform of choice for financial transactions of the future.
Cloning is a greater challenge than just sucking the data off one chip and replicating it on another.
What specific usage did you envisage for your 'highly secure' Android application?
1
votes
You have MIFARE Ultralight C tags. These tags have functionality that allows one to protect access to data stored on the tag to be protected by 3DES-based authentication. That would prevent unauthorized read access.
In general, I would recommend against using the tag's unique ID as a security feature.
