I wanted to use the Mifare Desfire chip for product authentication purposes, where the chip would be embedded into products. As such, I am looking for a NFC solution that makes it virtually impossible(or as hard as possible) to clone the chip.
The current solution I had in mind using the Desfire was to use the supported symmetric authentication to have a memory-locked part of the chip where we would store the product information. Then we would create diversified keys, using a master key, UID of the chip, and some metadata and use that diversified key to conduct the symmetric authentication(more information on it can be found here.
Now, the problem lies in the fact that the symmetric authentication has to be done on an android app, meaning we would have to store the master key on the android app or send it over network to a potentially malicious version of the app. So I was wondering if anyone had a suggestion on how to protect the master key or an entirely different authentication solution to prevent chip cloning using the Mifare Desfire or other similar NFC chips.
