After doing some research on the smart lock market I can confirm it looks really pity.
It’s great that you are trying to fix that, looks like it’s the first attempt
I know we are still figuring out hardware part there but don’t wanna miss firmware discussion, so will publish my advice now.
The main problem of all these NFC locks is that they are completely insecure. They use UID comparison to grant access, so imagine giving someone a vCard via your hand and letting these strangers go into your home the same time.
There are some locks that use encrypted Mifare sectors but this is also hackable.
I think the only secure way for now is to use DESfire EV2 with its internal encryption. I know that many of us have xNT or NExT already implanted and that xDF2 is kinda expensive, but UID authentication could still be allowed to configure. The main point is to add encrypted xDF2 support.
While I see your point about the lack of security of simply looking at the UID, that would imply a specific attack against you as an individual. The attacker would need knowledge that you use an RFID lock and where the RFID chip is located. Most people’s locks are simply to avoid being the low hanging fruit. Keys are terrible because if they’re visible in pictures on social media or elsewhere someone could 3D print a duplicate. However, no one cares because typically their stuff and/or secrets aren’t that valuable so criminals will walk around looking for an unlocked door before they’ll try to defeat a lock on a particular house. My assumption is that if anyone wanted into my house specifically, they would throw a brick through my sliding glass door before they would attempt to clone my unsecured RFID chip.
I don’t mean to sound harsh and I have no problem with xDF2 support assuming that is practical. But if we’re talking security, we should consider our threat model. Otherwise it’s easy to get into the mentality of this xkcd:
This is a typical response I get to my security questions about implants “How do they know you have an implant?”. This approach is called security through obscurity which is usually not good. I’m gonna tell all my blog subscribers (6.4k) that I have implant in my hand which can open a door, and I will describe all technologies used in detail proudly since I’m a tech blogger.
Since it’s just a firmware problem, it should be easy to implement both authentication ways to make both of us happy. Actually, since it is an open source project, I could make a pull request by myself…
The problem with using a DESFire chip, and all security, is that the user will have to understand more about it to do the setup. Also, once the encrypted key is loaded on to a sector of the chip it will remain static for most users. Some enterprising hacker could still sniff your xDF2 by brushing up against you with a reader and acquire the encrypted data. They might be able to trick the reader into handing over the encryption algorithm and decrypt the key. Or they could just smash the door.
It’s possible (and knowing Amal, likely) that the lock could handle a cryptographic key exchange with the VivoKey platform. That would provide ease of use AND true security, because fresh keys would be generated every instance.
Not the only way… but it is correct the xDF2 (or flexDF / flexDF2) are capable of encrypted challenges that are actually secure.
Actually this is not accurate… the DESFire EV1 and EV2 chips are capable of setting up a DF key exchange to establish a secure channel to communicate with the reader, then a symmetric key authentication is performed to unlock one or more AIDs on the DESFire chip. This process could not be sniffed or spoofed. It’s why DESFire EVx based keyfobs and cards cannot be cloned.
While true, regardless of the fact I say exactly this to people who are concerned about chip security within the “personal scope”, it has always bothered me that there were no actual secure options available. It is high time that a secure option be made available to both home and enterprise users.
Well time to come right out and say it… that is the plan… at least for VivoKey. There are many moving parts here but ultimately I think in the end we will have the “community” version which will leverage some pretty awesome options… and a “VivoKey version” which will have additional management options through the VivoKey platform. That connection with the VivoKey platform will require some hardware and firmware options to secure that connection, so those elements cannot be open source - hence a split between the community version and the VivoKey version. I can tell you that the community version can definitely leverage a secure option, particularly with the DESFire EVx chips… the issue however (as noted above) will be the management aspect. For us, we plan to put secure management into the VivoKey app itself, however the community edition would need some plan and mobile app developers for this… or maybe there could be some smart way of provisioning and new file (application in DF parlance) on new DF chips with factory keys via the lock itself… anyway… we can build that bridge when we get to that chasm. I know that’s now how you say that cliche, but it makes way more sense to me said that way
In all honesty, the more I think about it, it might be possible to make the same exact PCB for both versions and just use a different firmware for the VivoKey version. Some of the more advanced ideas we had to secure the lock for VivoKey crypto functions on the lock side should easily be able to be leveraged by the “community” edition as well… so it probably won’t be all that different in the end.
The idea we’re still playing with at the moment is to use a SIM card on the lock side to secure keys and perform crypto functions for the lock side - something the SIM is made to do - rather than load up general purpose microprocs with this task. It may or may not be a good idea… we don’t know yet… but I think it’s a very interesting approach.
Anyway… we have a ways to go before we get to that point… right now I’m still waiting for the motor guys and the light pipe guys on Alibaba to even respond to my sample request… not a good sign in either case. I’m also talking to another larger company right now about pitching in somehow to help further the door lock project. My thought is that they may be able to help pitch in when it comes time to pay for tooling etc… but who knows. I’m having a call with them in December to discuss it. One big advantage they bring is that they have a quality management guy permanently stationed in in Shenzhen who may be able to assist with factory selection and quality control if / when things move to production… so, fingers crossed
I can always redesign for any flat faced light pipe if needed and change the motor to a more common one if needed, I’d prefer to use the current one but if it comes to it or you think best I’ll change it.
Actually could you just produce a basic render of the face with a hole for this light pipe? I will use that to attach to my message to show them we are designing around their product.
Great idea and practical, also, and I know not great from a security point of view ( The whole point of a LOCK ) but a transparent face would be awesome to see the inner workings.
Or replaceable/ chooseable translucent caps to complement door colours. whoah… getting carried away now.
I thought of this but this part will be outside and probably in some installations, be in direct sunlight. Most translucent materials don’t hold up well to UV exposure, and they are more expensive than classic abs or pvc.
If it’s translucent or transparent to visible light it will be completely penetrable by infrared light. The interior will get hot in direct sunlight. Might be fine in temperate regions, but in the desert you’re going to have problems with the electronics.
Actually the major source of heat from sunlight on Earth’s surface comes from the absorption of UV light, converting it to heat and IR emissions. The atmosphere will absorb most of the native IR coming from the sun, heating the air… but UV and visible light penetrates down to the surface. This is why UV tint protection on car windows drastically reduces heat build-up inside the car. Still… pretty sure the same logical outcome will apply… UV light will go right through that material and drastically heat the internals, especially since the ferrite material used to keep the metal plate from messing with the antenna performance will be a very dark grey, absorbing UV and visible light, converting it all to heat.
Because of this, the plastic itself will probably be white, with a paint job of some kind on the outside if we want other colors.
“How do they know you have an implant?”. This approach is called security through obscurity which is usually not good. I’m gonna tell all my blog subscribers (6.4k) that I have implant in my hand which can open a door, and I will describe all technologies used in detail proudly since I’m a tech blogger.
