Difference between revisions of "Secure iButton"
Jump to navigation
Jump to search
Line 13: | Line 13: | ||
==iButton investigation== | ==iButton investigation== | ||
− | The iButton used at RevSpace is the | + | The iButton used at RevSpace is the DS1961, with the following features: |
* 4 pages of 32-byte user data each | * 4 pages of 32-byte user data each | ||
− | * an 8-byte "secret" | + | * an 8-byte write-only "secret" |
* SHA-1 algorithm that can calculate a hash over a 32-byte user data page, the 8-byte secret, a 3-byte "challenge" and the unique iButton id. | * SHA-1 algorithm that can calculate a hash over a 32-byte user data page, the 8-byte secret, a 3-byte "challenge" and the unique iButton id. | ||
Basically authentication could work like this: | Basically authentication could work like this: | ||
+ | * (the secret key has been installed on the iButton previously) | ||
* user presents iButton to the reader | * user presents iButton to the reader | ||
* reader reads the unique iButton id | * reader reads the unique iButton id | ||
− | * ... | + | * reader generates a random number and uses this as the challenge to read a 32-byte user page |
+ | * iButton sends the user page, followed by the SHA-1 hash | ||
+ | * reader also calculates SHA-1 hash and compares it with the iButton hash | ||
+ | * if the hash matches, the user data can be considered as authentic and the reader can interpret the user data as a "deelnemer id" (or something) for example. | ||
+ | |||
+ | ===Bus pirate experimentation=== | ||
+ | Investigation of the DS1961-specific commands can be done with a Bus Pirate. | ||
+ | A bus pirate speaks the 1-wire protocol that any iButton-like device uses. | ||
+ | |||
+ | Examples of commands: | ||
+ | * Initialise the bus pirate | ||
+ | # (reset the bus pirate) | ||
+ | M (select mode) | ||
+ | 2 (1-wire mode) | ||
+ | W (enable power) | ||
+ | * | ||
+ | |||
+ | |||
==DS1961 library== | ==DS1961 library== | ||
Line 28: | Line 46: | ||
==Application== | ==Application== | ||
− | We could apply this to improve the security of RevSpace access. | + | We could apply this to improve the security of RevSpace access for example. |
+ | to be discussed. |
Revision as of 14:02, 29 December 2012
Project Secure iButton | |
---|---|
Status | Initializing |
Contact | User:Bertrik Sikken |
Last Update | 2012-12-29 |
This project is about investigating and using the secure features of the iButton that people currently use for physical access to RevSpace.
Planned project phases are:
- phase 1: investigate possbilities of the iButton and experiment with it
- phase 2: write software for the iButton functionality and package it into a library
- phase 3: apply knowledge and software for application within RevSpace
iButton investigation
The iButton used at RevSpace is the DS1961, with the following features:
- 4 pages of 32-byte user data each
- an 8-byte write-only "secret"
- SHA-1 algorithm that can calculate a hash over a 32-byte user data page, the 8-byte secret, a 3-byte "challenge" and the unique iButton id.
Basically authentication could work like this:
- (the secret key has been installed on the iButton previously)
- user presents iButton to the reader
- reader reads the unique iButton id
- reader generates a random number and uses this as the challenge to read a 32-byte user page
- iButton sends the user page, followed by the SHA-1 hash
- reader also calculates SHA-1 hash and compares it with the iButton hash
- if the hash matches, the user data can be considered as authentic and the reader can interpret the user data as a "deelnemer id" (or something) for example.
Bus pirate experimentation
Investigation of the DS1961-specific commands can be done with a Bus Pirate. A bus pirate speaks the 1-wire protocol that any iButton-like device uses.
Examples of commands:
- Initialise the bus pirate
# (reset the bus pirate) M (select mode) 2 (1-wire mode) W (enable power)
DS1961 library
This library provides an API for the DS1961 specific functions. It will be targeted at the Arduino microcontroller, to run on top of the existing 1-wire library.
Application
We could apply this to improve the security of RevSpace access for example. to be discussed.