Difference between revisions of "Secure iButton"

From RevSpace
Jump to navigation Jump to search
m
m
Line 4: Line 4:
 
   |Contact=User:Bertrik Sikken
 
   |Contact=User:Bertrik Sikken
 
}}
 
}}
 +
 +
[https://revspace.nl/mediawiki/index.php?title=SecureIButton&action=purge purge cache]
  
 
{{#ask:[[Category:Smoel]]
 
{{#ask:[[Category:Smoel]]
Line 15: Line 17:
 
|link=all
 
|link=all
 
|order=ASC,ASC
 
|order=ASC,ASC
|sort=Smoel Name, Smoel Nick
+
|sort=Smoel Name,Smoel Nick
 
|offset=0
 
|offset=0
 
}}
 
}}
  
[https://revspace.nl/mediawiki/index.php?title=SecureIButton&action=purge purge cache]
+
{{#ask:[[Category:Project]]
 +
|?Project Name
 +
|?Project Status
 +
|?Project Contact
 +
|format=broadtable
 +
|limit=60
 +
|headers=show
 +
|link=all
 +
|order=ASC,ASC
 +
|sort=Project Status,Project Name
 +
|offset=0
 +
}}
  
 
This project is about investigating and using the secure features of the iButton that people currently use for physical access to RevSpace.
 
This project is about investigating and using the secure features of the iButton that people currently use for physical access to RevSpace.

Revision as of 23:26, 9 January 2013

Project Secure iButton
Status In progress
Contact User:Bertrik Sikken
Last Update 2013-01-09

purge cache


 Project NameProject StatusProject Contact
35c3bus35C3BusAbandonedBas
Afkortzaag TrolleyAfkortzaag TrolleyAbandonedCrashjuh
BakfietsBakfietsAbandonedHammercat
Blahaj counterBlahaj counterAbandonedNoor
BBQ DakDak voor de BBQ spaceAbandonedCfw
DeCRASHDeCRASHAbandonedCrashjuh
EpsonHX20Epson HX20AbandonedBas
FrontDoorDisplayFrontDoorDisplayAbandonedBertrik Sikken
HabAlertAppHAB alert appAbandonedBertrik Sikken
HackVerbatimPowerBayHacking the Verbatim PowerBay NasAbandonedFooBar
ISSOISSOAbandonedBertrik Sikken
Bas
IbmPosDisplayIbmPosDisplayAbandonedBertrik Sikken
Ik leg een tientje inIk leg een tientje inAbandonedBas
ImprovedLaosLaserImproved LaosLAserAbandonedFooBar
KinderSupriseChallengeKinderSupriseChallengeAbandonedCrashjuh
Jelly
Bas
KlokkieKlokkieAbandonedPwuts
Knopje 2Knopje 2AbandonedBas
Lasercutter2Lasercutter2AbandonedMux
RevSpace AppRevSpace App
MacOS in Qemu-KVM
Completed
Abandoned
Peetz0r
Noise cancelling megaphoneNoise Cancelling MegaphoneAbandonedWalter
Noodlamp 2.0Noodlamp 2.0AbandonedPwuts
NorfolkNorfolkAbandonedQguv
Pico TrackersPico TrackersAbandonedBertrik Sikken
RadarOnAStickRadarOnAStickAbandonedBertrik Sikken
Projects/RevDomeRevDomeAbandonedWalter
LatheRevLatheAbandonedPwuts
RevSmokerRevSmokerAbandonedGori
RevQuestRevspace Oculus QuestAbandonedBas
RevspaceMugRevspaceMugAbandonedBas
SEM oudSEMAbandonedPeterC
Shiz
Peterbjornx
Space-tvSpace-tvAbandonedDave o
SparkShack 2SparkShackAbandonedMorphje
Gori
Juerd
Bas
SparkshackAlertSparkshackAlertAbandonedBas
SpiekerFoonSpiekerFoonAbandonedPwuts
ThuisreceptenThuisreceptenAbandonedF0x
Bas
TranspotterTranspotterAbandonedBas
UMDUMDAbandonedEightdot
Bas
Useless MachineUseless MachineAbandonedCostyn van Dongen
WatermeterWatermeterAbandonedBas
WifiLampWifiLampAbandonedBertrik Sikken
ZwartZwartAbandonedBoekenwuurm
Bas
RevUAVrevUAVAbandonedMarcel
!revbank!revbankCompletedJuerd
35C3 Tickets35C3 TicketsCompletedFooBar
36C3 Streams36C3 Streams kijkenCompletedBas
36C3 Tickets36C3 TicketsCompletedBestuur
4G IoT4G IoTCompletedJuerd
A4PaperDispenserA4PaperDispenserCompletedBertrik Sikken
Bas
ACS Current probeACS730 Hall-Effect Current ProbeCompletedKartoffel
AnalogecamsAnaloge CamsCompletedPeetz0r
Bas
Another JBCAnother JBCCompletedBas
Arcade repair courseArcade console repair classesCompletedMahjongg
Assembling RhoCoCoAssembling a RhoCoCo home computerCompletedMahjongg
AugurkenAugurkenCompleted
BuildStatusTrafficLightBuildStatusTrafficLightCompletedBertrik Sikken
Buiding up and testing the ZX81+38 revision 1,9Building up the ZX81+38CompletedMahjongg
CCCamp19ticketsCCCamp19 TicketsCompletedFooBar
Bas
CJMCU-811CJMCU-811CompletedBertrik Sikken
CL260CL 260 3D PrinterCompletedBas
CO2MeterHackingCO2MeterHackingCompletedBertrik Sikken
... further results

This project is about investigating and using the secure features of the iButton that people currently use for physical access to RevSpace.

Planned project phases are:

  • phase 1: investigate possbilities of the iButton and experiment with it
  • phase 2: write software for the iButton functionality and package it into a library
  • phase 3: apply knowledge and software for application within RevSpace

iButton investigation

The iButton used at RevSpace is the DS1961, with the following features:

  • 4 pages of 32-byte user data each
  • an 8-byte write-only "secret"
  • SHA-1 algorithm that can calculate a hash over a 32-byte user data page, the 8-byte secret, a 3-byte "challenge" and the unique iButton id.

Basically authentication could work like this:

  • (the secret key has been installed on the iButton previously)
  • user presents iButton to the reader
  • reader reads the unique iButton id
  • reader generates a random number and uses this as the challenge to read a 32-byte user page
  • iButton sends the user page, followed by the SHA-1 hash
  • reader also calculates SHA-1 hash and compares it with the iButton hash
  • if the hash matches, the user data can be considered as authentic and the reader can interpret the user data as a "deelnemer id" (or something) for example.

Bus pirate experimentation

Investigation of the DS1961-specific commands can be done with a Bus Pirate. A bus pirate speaks the 1-wire protocol that any iButton-like device uses.

Examples of bus pirate commands to communicate with the DS1961:

  • Initialise the bus pirate
  # (reset the bus pirate)
  M (select mode)
  2 (1-wire mode)
  W (enable power)
  • Reset the iButton and get iButton unique id
  (240)
  • Write scratchpad (command 0x0F) at address 0,0 with data 1 2 3 4 5 6 7 8
  0x0f 0 0 1 2 3 4 5 6 7 8 r:2
  • Read scratchpad (command 0xAA)
  0xaa r:3 r:8 r:2
  • Read auth page (command 0xA5), which is the secure read command
  0xa5 0 0 r:32 r r:2 &:1500 r:20 r:2

Example response:

1-WIRE>0xa5 0 0 r:32 r r:2 &:1500 r:20 r:2
WRITE: 0xA5
WRITE: 0x00
WRITE: 0x00
READ 0x20 BYTES:
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
READ: 0xFF
READ 0x02 BYTES:
0x6D 0x0D
DELAY 0xDCuS
READ 0x14 BYTES:
0x45 0x31 0x40 0x42 0xAE 0xD3 0x4B 0xC5 0x18 0xCC 0x10 0x43 0x27 0x56 0x33 0xD0 0xEB 0x47 0xA7 0x81
READ 0x02 BYTES:
0xAA 0x6D

DS1961 library

This library provides an API for the DS1961 specific functions. It will be targeted at the Arduino microcontroller, to run on top of the existing 1-wire library.

Application

We could apply this to improve the security of RevSpace access for example. to be discussed.

Stuff to be considered for access control:

  • an extra initialisation step to install the secret before use is needed
  • how can we handle the transition of the current iButton system to a more secure system?
  • how advanced do we make the authentication scheme / how is key management handled?
    • Simplest: one secret for all revspace iButtons. Disadvantage: cracking one iButton means that *all* revspace iButtons are cracked.
    • More advanced: different secret for each revspace iButton (e.g. calculated from a master secret and the iButton serial number)
    • More advanced: master secret is re-newed every X time, so we have multiple versions of the master secret (e.g. renewed each year)

External Links

Maxim iButton 1-wire public domain kit