A New Keying System for RFID
Lock Based on SSL Dual Interface
NFC Chips and Android Mobiles
The 9th Annual IEEE Consumer Communications and Networking
Conference – Demos Publication Year: 2012
Pascal Urien
Telecom ParisTech
PPT:100%
Student:Chi-Wei Ghou
Advisor:Yih-Ran Sheu
SN:M9920214
Outline
ABSTRACT
 INTRODUCTION
 DEMONSTRATION PLATFORM
 USER SEXPERIENCE
 CONCLUSION

Abstract(1)

This demonstration shows a new concept for
securely downloading keys in RFID devices,
with an Android NFC enabled mobile.

Today most of electronic ticketing or physical
access control systems work with Mifare
components.
Abstract(2)

A dual interface RFID is compatible with this
deployed ecosystem but also includes trusted
computing facilities, and is compliant with the
ISO 14443 standard.

We use such a device, running a trusted
SSL/TLS stack, in order to perform HTTPS
operations supervised by an Android mobile
phone.
INTRODUCTION

Nerveless these zip cards are gradually replaced
by RFIDs, most of them are based on a radio
technology named NFC (Near Field
Communication).

A classical digital lock system comprises three
main elements : (1) electronics locks equipped
with RFID readers, (2) RFID key cards, and (3)
card encoders.
INTRODUCTION(2)

It includes NFC facilities and supports read and
write operations. The main idea of our new
keying system is to securely download key in an
RFID card from a dedicated server, via an
Android smartphone.
INTRODUCTION(3)

It works with a RFID chip manufactured by
NXP providing a dual interface i.e. It manages
HTTPS sessions thanks to the Android
communication resources, with a remote server
delivering the key value.

The main benefit of this innovative system is
that authorized users obtain keys opening locks,
at any time from everywhere…
figure 1:The demonstration platform
DEMONSTRATION PLATFORM

The demonstration is illustrated by figure 1. It
comprises four elements (A) the key server, (B)
the dual interface RFID, (C) the Android Key
Application, and (D) the RFID lock.
A. The Key Server

The Key Server belongs to an Information
System delivering keys to registered users,
identified by an ID.

In our context it is the subject of an X509
certificate associated to an RSA private key,
secretly stored in the Key Card. This later
manages mutually authenticated TLS sessions,
thanks to certificates and private keys.

It afterwards embeds the KeyValue in a data
container that comprises two parts :

(1) The Key Value (KV), which is encrypted
with the Key Card public key included in the
certificate
M= {KeyValue}KeyCard-PublicKey

(2) The signature field (S), which is computed
according to the PKCS#1 procedure and a
private key, whose public key is known and
trusted by the KeyCard
KC= Key Container = M || S
A hexadecimal ASCII dump of the container is
returned back to the KeyCard
B. The Dual Interface RFID

A dual interface RFID component is a secure
microcontroller, feed by an electromagnetic field
at the 13,56 Mhz frequency according to the
Lens law.

(I) It is a contactless smart card implementing
the ISO 14443 standard. A smartcard [7] is
tamper resistant device including a CPU, ROM,
RAM, E2PROM. Security is enforced by
multiple physical and logical countermeasures.

(II) It is also a MIFARE 1K RFID , which
includes a secure 1Kbits E2PROM. This
memory is organized in 16 sectors with 4 blocks
of 16 bytes each. Blocks are identified by an
index ranging from 0 to 63.
C. The Android Application

The Version 2.3 of the Android operating
system,released fall 2010, comprises APIs
performing I/O operations with NFC devices.
Thanks to a software mechanism called
INTENT, a dedicated application is started upon
detection of an RFID, remotely feed via
hardware facilities.
D. The RFID Lock

An electronic lock feeds a RFID, which in the
MIFARE case comprises a unique serial number,
the UID. It afterwards reads and checks a value
that may be protected/authenticated by different
methods.
III. USER’S EXPERIENCE

The user is equipped with an Android phone. It
receives an SMS indicating that a new key is
ready. He thereafter taps its KeyCard against the
phone, selects the right application and gets the
key that opens the electronic Mifare lock.
IV. CONCLUSION

This demonstration shows a new way to
securely distribute electronics key thanks to
Android phones, which is compatible with the
legacy infrastructure.