Hi, im am not very familiar with rfid chips.
Is there a way to secure your data on your rfid chip with some kind of password?
What kind of chip is recommended for storing Data?
For the older LF tags (125kHz) there's not a lot of options for password protecting the tag. For the HF tags (13.56MHz) most if not all support some form of password protection.
As an example, the NExT from Dangerous Things contains one of the more simple HF chips (NTAG 216). It ships configured with a password to protect the configuration bytes in the memory, so poorly written apps or user error won't accidentally brick your implant. If you want to protect your tag from other malicious actors who know the DT password, you could change it to a custom one.
The default password settings do not protect the user area of the memory, so you can read and write with impunity. If you want you can expand the password protection for writing to the tag to include the user memory. I do not think the simpler chips like the NTAG 216 support password protection against "reading" the data on the chip. To store secret information you might want a more advanced chip like the DESFire series (xDF2). They require a bit of research and labor to get up and running for the more advanced stuff though.
thanks for the reply,
but why is a password secured micro chip (protection for reading and writing) such an "uncommon" thing?
I mean, password protecting PC´s, usb sticks, external hard drives,.... is a normal thing to do, so why isnt this technique applied to the tags just as standard?
The more basic NFC tags like the NTAG 216 are targeted at advertising, so they want a frictionless user experience where anyone can read the tag. They're never planning to keep secret information. The earlier MIFARE Classic chips had a form of password protection and encryption called "crypto1", but it was cracked and now it can't be relied upon.
For security focused chips like the DESFire chips which are used for access control and in some cases intra-company transactions, there is password protection built in. Each function of the chip is contained within an applet which requires the user to authenticate before reading or interacting with the data. There's also secure element chips like the NTAG DNA which store symmetric keys and can handle challenge response authentication. Then there's even more advanced chips like the Apex which can handle asymmetric key authentication.
It's all about what chip you select for your use case. That's why you see so many RFID implantees with multiple chips.
Comments
of course very small amounts of data
For the older LF tags (125kHz) there's not a lot of options for password protecting the tag. For the HF tags (13.56MHz) most if not all support some form of password protection.
As an example, the NExT from Dangerous Things contains one of the more simple HF chips (NTAG 216). It ships configured with a password to protect the configuration bytes in the memory, so poorly written apps or user error won't accidentally brick your implant. If you want to protect your tag from other malicious actors who know the DT password, you could change it to a custom one.
The default password settings do not protect the user area of the memory, so you can read and write with impunity. If you want you can expand the password protection for writing to the tag to include the user memory. I do not think the simpler chips like the NTAG 216 support password protection against "reading" the data on the chip. To store secret information you might want a more advanced chip like the DESFire series (xDF2). They require a bit of research and labor to get up and running for the more advanced stuff though.
thanks for the reply,
but why is a password secured micro chip (protection for reading and writing) such an "uncommon" thing?
I mean, password protecting PC´s, usb sticks, external hard drives,.... is a normal thing to do, so why isnt this technique applied to the tags just as standard?
For security focused chips like the DESFire chips which are used for access control and in some cases intra-company transactions, there is password protection built in. Each function of the chip is contained within an applet which requires the user to authenticate before reading or interacting with the data. There's also secure element chips like the NTAG DNA which store symmetric keys and can handle challenge response authentication. Then there's even more advanced chips like the Apex which can handle asymmetric key authentication.
It's all about what chip you select for your use case. That's why you see so many RFID implantees with multiple chips.