NFID

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

NFID (Non-Fungible Identity) protocol is based on smart contract like Ethereum. Not clear why that helps.

Perhaps this is deliberately confused with RFID.

Context

Support

Mechanisms

    • RFID (Radio Frequency Identification)** and **NFC (Near-Field Communication)** are closely related technologies, but they serve different purposes:
  1. RFID**:
  - **Definition**: RFID is the process by which items are uniquely identified using radio waves.
  - **Components**: An RFID system typically consists of a **tag**, a **reader**, and an **antenna**.
  - **Tag Types**:
    - **Active RFID Tags**: These tags have their own power source, allowing them to broadcast signals up to **100 meters** away.
    - **Passive RFID Tags**: These tags do not have their own power source; they are powered by the electromagnetic energy transmitted from the RFID reader. Their read range is typically from near contact up to **25 meters**.
  - **Frequency Ranges**:
    - **Low Frequency (LF)**: 125 - 134 kHz
    - **High Frequency (HF)**: 13.56 MHz (NFC operates at this frequency)
    - **Ultra High Frequency (UHF)**: 856 MHz to 960 MHz
  - **Use Cases**: RFID is used for tracking and identifying items in various industries.

2. **NFC**:

  - **Definition**: NFC is a specialized subset within the family of RFID technology.
  - **Frequency**: NFC operates at the same frequency as HF RFID (13.56 MHz).
  - **Unique Feature**: An NFC device can be both an **NFC reader** and an **NFC tag**, allowing peer-to-peer communication.
  - **Applications**:
    - **Secure Data Exchange**: NFC is designed for secure data exchange between devices (e.g., smartphones).
    - **Proximity Cards**: NFC standards are based on RFID standards outlined in ISO/IEC 14443 and FeliCa.
  - **Range**: NFC devices must be in close proximity (usually no more than a few centimeters) for communication.

In summary, **RFID** is the broader technology for item identification using radio waves, while **NFC** is a specific subset of RFID that focuses on secure communication and peer-to-peer interactions between devices like smartphones¹².

Source: Conversation with Bing, 3/24/2024

(1) RFID versus NFC: What's the difference between NFC and RFID?. https://www.atlasrfidstore.com/rfid-insider/rfid-vs-nfc/.
(2) RFID vs. NFC: The differences you should know about. https://www.informsinc.com/rfid-vs-nfc/.
(3) RFID vs. IoT: What are the differences? | TechTarget. https://www.techtarget.com/searcherp/tip/RFID-vs-IoT-What-are-the-differences.

Problems

from Toni Pati on Linked in:

Ars Technica: Hackers can unlock over 3 million hotel doors in seconds, by exploiting weaknesses in both Dormakaba's encryption and the underlying RFID system.[1]

When thousands of security researchers descend on Las Vegas every August for what's come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it's a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city's elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room

By exploiting weaknesses in both Dormakaba's encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock's data, and the second opens it.

The technique to hack Dormakaba's locks that Wouters and Carroll's research group discovered involves two distinct kinds of vulnerabilities: One that allows them to write to its keycards, and one that allows them to know what data to write to the cards to successfully trick a Saflok lock into opening. When they analyzed Saflok keycards, they saw that they use the MIFARE Classic RFID system, which has been known for more than a decade to have vulnerabilities that allow hackers to write to keycards, though the brute-force process can take as long as 20 seconds. They then cracked a part of Dormakaba's own encryption system, its so-called key derivation function, which allowed them to write to its cards far faster. With either of those tricks, the researchers could then copy a Saflok keycard at will, but still not generate one for a different room.

The researchers' more crucial step required them to obtain one of the lock programming devices that Dormakaba distributes to hotels, as well as a copy of its front desk software for managing keycards. By reverse-engineering that software, they were able to understand all the data stored on the cards, pulling out a hotel property code as well as a code for each individual room, then create their own values and encrypt them just as Dormakaba's system would, allowing them to spoof a working master-key that opens any room on the property. “You can make a card that really looks as if it was created by the software from Dormakaba, essentially,” says Wouters.

References

  1. Andy Greenberg, Hackers can unlock over 3 million hotel doors in seconds 2024-03-22 https://arstechnica.com/security/2024/03/hackers-can-unlock-over-3-million-hotel-doors-in-seconds/