Arduino & PN532 Login Tool w/ 128-bit AES Encryption

So… I finally got around to creating an NFC based login system for my home and office PCs. I shared a short video (below) on Facebook and had some requests for the code. I’ve had a chance to tidy it up, although it still needs work, i.e. full documentation and a guide, but for anyone interested I’ve published it online.

For those with security concerns, my initial approach uses one script to generate a 128-bit AES cipher using a secret key based on the implant’s UID. This is then encoded using Base64, with the resulting string stored in the second script. It’s the second script which is flashed to the Arduino. Once presented with a tag, the Arduino decodes the string and attempts to decrypt it using the secret key generated upon reading the UID. If this is the same UID used to encrypt, the correct password is passed by the Arduino, acting as a HID, to the PC. Otherwise the password will be garbage and not authenticate.

I’m not a cyber security expert by any means (in fact this is my first attempt at anything like this), so if this doesn’t sound like a reasonable approach, I’m open to constructive criticism! Probably overkill as I have my own office in work, which I always lock when I’m out, but it was an opportunity to learn nonetheless.

I’ve published this on Github (link below), so feel free to use and modify my code. I’ll attempt to answer any questions about the setup, and if anyone has any suggestions, feel free to share them. Although I can’t guarantee I have the skills (or time) to implement them, someone else might!

PS. This is my first Github repo, so please excuse any glaring mistakes or oversights. I’ll flesh out the documentation when I have a bit more free time.

5 Likes

Thanks for sharing!

1 Like