In many applications, it is desirable to protect NFC tags from unauthorized writing, and occasionally from unauthorized reading as well. For instance, if one was using NFC tags to provide a convenient way for customers to learn more about a product, it would be very bad if the tags were overwritten to instead send customers to a phishing site. Therefore, all of the common tag technologies have some sort of anti-tampering provisions. If you have not read the Tag 101, it is advisable to do so as this white paper will references concepts introduced there.
The simplest and most common type of anti-tampering is locking – even the cheapest Type 1 and Type 2 tags have some sort of provision for locking their memory. Locking is implemented using one or more special sections of one-time programmable (OTP) lock bits. One-time programmable memory is so named because once an OTP bit is set to a ‘1’ that bit is now permanently programmed and is impossible to change back to a zero. Each lock bit corresponds to a sector of the tag’s memory and, if the lock bit is set to ‘1’, the tag will refuse to allow writes to that sector. For lower memory tags such as the MIFARE Ultralight, the sector size is quite small (4 bytes for a standard Ultralight) giving good granularity for locking; however, higher capacity tags such as the NTAG 216 tend to sacrifice lock bit granularity in favour of more user memory by using a sector size of up to 64 bytes.
Locking is great for the common use case of writing a piece of content onto a tag permanently, but what if you want to permanently allow sections of the tags memory to be writeable? It is for this purpose that many tags also include blocking bits. These bits are also one-time programmable, but instead of locking sections of user memory from further writes, they block write access to certain lock bits, freezing the locking configuration of those bits. In the interest of saving memory, tags have very few block bits and thus each bit blocks the lock bits for a large portion of the tag’s memory. In practise, the poor granularity provided by block bits is usually not a significant problem as you generally want to block the whole tag’s memory or none of it.
Password protection is a relatively new option for tamper protection in NFC tags. Available in the quite common NXP NTAG21X series, password protection provides the ability to configure tags to require a password for writing or for writing and/or reading. Unlike locking, password protection allows authorized users to still update the tag’s contents without allowing anybody with an NFC writer device to write to it. The security provided by this mechanism is relatively basic using only a 32-bit password. In order to enhance security, the tag can be configured to block any further authentication attempts if an incorrect password is provided too many times; however, the password is transmitted in plain text during an authentication attempt, which means an determined attacker could discover the password by listening in on tag communication. Therefore, this feature is generally not suitable for use in high security applications and is best used for cases where you wish to prevent tampering while still being able to update tag information, but are not concerned about someone launching a sophisticated attack on the security of your tags.
Mutual Authentication And Access Control
With the exception of the MIFARE Ultralight C, authentication capability is only found on advanced tags such as the MIFARE DESFire and FeliCa. Using random number generators and cryptographic algorithms, these tags can establish that the NFC reader knows a shared secret key while the reader simultaneously establishes that the tag knows the same key without transmitting the key itself, preventing an attacker from discovering the key via eavesdropping. After authentication, the tags then allow the reader to perform operations that are restricted from unauthenticated users according to the tag’s access control policy. For the Ultralight C, this policy is similar to the NTAG password protection feature in that it only is capable of being configured to make certain pages of memory require authentication for writing or for both reading and writing. The more advanced tags have highly configurable access control schemes with much more granular options as well as multiple configurable “user accounts” each capable of having unique keys and permissions. As a result of their extensive security capabilities, these advanced tags are relatively expensive, but they are the go-to choice for high-security applications that cannot tolerate any tampering.