Difference between revisions of "Secure iButton"

From RevSpace
Jump to: navigation, search
Line 13: Line 13:
  
 
==iButton investigation==
 
==iButton investigation==
The iButton used at RevSpace is the !DS1961, with the following features
+
The iButton used at RevSpace is the DS1961, with the following features:
 
* 4 pages of 32-byte user data each
 
* 4 pages of 32-byte user data each
* an 8-byte "secret"
+
* an 8-byte write-only "secret"
 
* SHA-1 algorithm that can calculate a hash over a 32-byte user data page, the 8-byte secret, a 3-byte "challenge" and the unique iButton id.
 
* SHA-1 algorithm that can calculate a hash over a 32-byte user data page, the 8-byte secret, a 3-byte "challenge" and the unique iButton id.
  
 
Basically authentication could work like this:
 
Basically authentication could work like this:
 +
* (the secret key has been installed on the iButton previously)
 
* user presents iButton to the reader
 
* user presents iButton to the reader
 
* reader reads the unique iButton id
 
* reader reads the unique iButton id
* ...
+
* reader generates a random number and uses this as the challenge to read a 32-byte user page
 +
* iButton sends the user page, followed by the SHA-1 hash
 +
* reader also calculates SHA-1 hash and compares it with the iButton hash
 +
* if the hash matches, the user data can be considered as authentic and the reader can interpret the user data as a "deelnemer id" (or something) for example.
 +
 
 +
===Bus pirate experimentation===
 +
Investigation of the DS1961-specific commands can be done with a Bus Pirate.
 +
A bus pirate speaks the 1-wire protocol that any iButton-like device uses.
 +
 
 +
Examples of commands:
 +
* Initialise the bus pirate
 +
  # (reset the bus pirate)
 +
  M (select mode)
 +
  2 (1-wire mode)
 +
  W (enable power)
 +
*
 +
 
 +
 
  
 
==DS1961 library==
 
==DS1961 library==
Line 28: Line 46:
  
 
==Application==
 
==Application==
We could apply this to improve the security of RevSpace access.
+
We could apply this to improve the security of RevSpace access for example.
 +
to be discussed.

Revision as of 14:02, 29 December 2012

Project Secure iButton
Status Initializing
Contact User:Bertrik Sikken
Last Update 2012-12-29

This project is about investigating and using the secure features of the iButton that people currently use for physical access to RevSpace.

Planned project phases are:

  • phase 1: investigate possbilities of the iButton and experiment with it
  • phase 2: write software for the iButton functionality and package it into a library
  • phase 3: apply knowledge and software for application within RevSpace

iButton investigation

The iButton used at RevSpace is the DS1961, with the following features:

  • 4 pages of 32-byte user data each
  • an 8-byte write-only "secret"
  • SHA-1 algorithm that can calculate a hash over a 32-byte user data page, the 8-byte secret, a 3-byte "challenge" and the unique iButton id.

Basically authentication could work like this:

  • (the secret key has been installed on the iButton previously)
  • user presents iButton to the reader
  • reader reads the unique iButton id
  • reader generates a random number and uses this as the challenge to read a 32-byte user page
  • iButton sends the user page, followed by the SHA-1 hash
  • reader also calculates SHA-1 hash and compares it with the iButton hash
  • if the hash matches, the user data can be considered as authentic and the reader can interpret the user data as a "deelnemer id" (or something) for example.

Bus pirate experimentation

Investigation of the DS1961-specific commands can be done with a Bus Pirate. A bus pirate speaks the 1-wire protocol that any iButton-like device uses.

Examples of commands:

  • Initialise the bus pirate
  # (reset the bus pirate)
  M (select mode)
  2 (1-wire mode)
  W (enable power)


DS1961 library

This library provides an API for the DS1961 specific functions. It will be targeted at the Arduino microcontroller, to run on top of the existing 1-wire library.

Application

We could apply this to improve the security of RevSpace access for example. to be discussed.