Table of Contents
Advertisement
Quick Links
Introduction
This user manual shows how to run the "ST25DV-I2C Crypto Demo", using the ST25DV-I2C fast transfer mode (FTM) to
establish a secure transfer channel (STC) over NFC between an STM32 microcontroller and an Android™ smartphone.
The ST25DV-I2C is a dynamic NFC tag IC able to communicate with NFC readers and smartphones, and also with a
microcontroller through an I2C interface. The FTM feature allows to speed up the communication between these two interfaces.
This demonstration establishes an STC by using cryptography to perform a mutual authentication, and to encrypt the
communications over NFC. This STC is used during the demonstration to securely:
•
Send and retrieve data
•
Set the device settings
•
Upload new firmware
Only the granted user / smartphone is able to communicate with the STM32 device to perform these operations.
The STC over NFC has applications in different sectors (such as industrial, home appliance and consumer) where the control of
a device is restricted to authorized users, and when the personal data must be protected.
The following packages are available on
•
STSW-ST25DV003 firmware
•
STSW-ST25003 Android™ application
UM2575 - Rev 1 - May 2019
For further information contact your local STMicroelectronics sales office.
www.st.com
for this demonstration:
ST25DV-I2C crypto demonstration
UM2575
User manual
www.st.com
Advertisement
Table of Contents
Related Manuals for ST ST25DV-I2C
Summary of Contents for ST ST25DV-I2C
- Page 1 (STC) over NFC between an STM32 microcontroller and an Android™ smartphone. The ST25DV-I2C is a dynamic NFC tag IC able to communicate with NFC readers and smartphones, and also with a microcontroller through an I2C interface. The FTM feature allows to speed up the communication between these two interfaces.
-
Page 2: General Information
Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. Purpose and scope The "ST25DV-I2C Crypto Demo" runs on the ST25DV-I2C-DISCO kit, featuring a ST25DV-I2C tag connected to a STM32L476 device through the I2C bus. The ST25DV-I2C-DISCO kit represents an IOT sensor device, which is controlled by an Android™... -
Page 3: Acronyms
An Android smartphone with at least the version 6.0 (Android Marshmallow) Installation This demonstration requires to download the firmware (STSW-ST25DV003 on www.st.com) for the ST25DV-I2C- DISCO board and the Android executable (APK, STSW-ST25003 on www.st.com) to use on the Android phone. 1.4.1 ST25DV-I2C-DISCO kit setup The "ST25DV-I2C Crypto Demo"... -
Page 4: How To Set The "Authorized User
"Public key") and only accepts the forecoming connections with same smartphone credentials. Note: As these data are saved in the flash memory of the STM32, the ST25DV-I2C-DISCO firmware restore them after a reset. Once an "Authorized User" is set, the login (the name of the smartphone) is displayed, and the “key exchange”... -
Page 5: Disclaimer
Disclaimer Figure 4. ST25DV-I2C-DISCO screen - denied access It is possible to set a new "Authorized User" by pushing the user button (blue) of the ST25DV-I2C-DISCO motherboard (any previously stored "Authorized User" is erased by the firmware). Disclaimer The Android application and the associated firmware are provided under the SLA0052 license agreement, available on www.st.com... -
Page 6: Security Processes
The ST25DV-I2C-DISCO board sends its ECC "Public key". If the ST25DV-I2C-DISCO kit has never been used before, it saves the "Login" and the "Public key" in static memory and consider this user to be the administrator "Authorized User" of the product. It means that the ST25DV-I2C-DISCO kit only accepts requests from this smartphone user. -
Page 7: Authentication Of The Android Phone
DISCO during the keys exchange phase when the product has been used for the very first time. The ST25DV- I2C-DISCO board has saved this "Login name" and the corresponding "Public key" in its static memory. The ST25DV-I2C-DISCO sends a challenge to the Android phone to check if it really knows the "Private key" corresponding to this "Public key": The ST25DV-I2C-DISCO generates a random number, encrypts it with the AES session key and sends it to the Android phone. -
Page 8: Encrypted Data Transfer
UM2575 Encrypted data transfer The ST25DV-I2C-DISCO decrypts it and sends a SHA256 hash to prove that the decryption is correct. Figure 7. ST25DV-I2C-DISCO authentication over NFC Decrypt Encrypt Android phone ST25DV-I2C-DISCO This authentication protects from counterfeited products: a counterfeited product can contain a valid "Public key"... -
Page 9: Android And St25Dv-I2C-Disco Screens
Android and ST25DV-I2C-DISCO screens Android and ST25DV-I2C-DISCO screens Home screen Manually launch the application “ST25DV-I2C-Crypto Demo” or simply tap the ST25DV-I2C NFC tag, Android automatically launches the “ST25DV-I2C-Crypto Demo” application, if it is installed. Figure 8. "ST25DV-I2C Crypto Demo" - home screen When the application starts, it initializes the Android KeyStore and some cryptography elements. -
Page 10: St25Dv-I2C Crypto Demo" Application Screen
Figure 9. "ST25DV-I2C-Crypto Demo" - secure transfer channel setup On the ST25DV-I2C-DISCO board, similar information is displayed to show what is the current security status, and which user is logged. Figure 10. ST25DV-I2C-DISCO screen when no user has been registered... -
Page 11: Step By Step Mode
Once the STC is ready, click on “read and decrypt data” button to download some data from the ST25DV-I2C- DISCO. This data (an array of points) is generated by the firmware running on the ST25DV-I2C-DISCO board (it is not a real measurement) and is stored in the STM32L476 memory. This demonstration emulates the behaviour of a sensor regularly recording, for instance, the temperature and transferring this data to a smartphone through NFC. -
Page 12: Read And Decrypt Image" Button
The same graph is displayed on the ST25DV-I2C-DISCO board. Note: The shape of the curve can be changed, simply by touching the plot on the ST25DV-I2C-DISCO screen. The user then restarts the transfer to receive the new set of points. -
Page 13: Figure 14. "St25Dv-I2C Crypto Demo" - Picture Transfer
UM2575 "ST25DV-I2C Crypto Demo" application screen Figure 14. "ST25DV-I2C Crypto Demo" - picture transfer Note: A progress bar is displayed during the download. On the Android phone, two progress bars are visible, a blue one and a light blue one. -
Page 14: Encrypted Firmware Upgrade" Button
Section 1.4.2 Android APK installation. After selecting the file, the new firmware is uploaded, encrypted to the ST25DV-I2C-DISCO board, by writing chunks to the ST25DV-I2C FTM buffer mailbox. The ST25DV-I2C-DISCO firmware checks the authenticity of the firmware chunks (thanks to the GMAC) and flashes them in the STM32L476 static memory. -
Page 15: Eavesdropper Screen
Eavesdropper screen This screen has been added to show what someone sees when spying the NFC connection. It allows to see the encrypted data that are exchanged through NFC and what the ST25DV-I2C-DISCO gets after decryption. Figure 17. "ST25DV-I2C Crypto Demo" - eavesdropper The message sent is displayed as well on the screen of the ST25DV-I2C-DISCO board. -
Page 16: Keys Overview
Keys overview Various cryptographic keys are used in the "ST25DV-I2C Crypto Demo". This screen has been added to help the user to understand the role of each of them. In the Android applications, click on a key to get information about it. -
Page 17: Setting Screen
"ST25DV-I2C-Crypto Demo" - settings Role of each setting field: • Login: When setting up a connection with a ST25DV-I2C-DISCO board, the Android model name is used as "Login". This "Login" can be changed here. Note: A hacker may want to change the login name to usurp the identity of the authorized user. It is impossible because the ST25DV-I2C-DISCO board saves the "Login"... -
Page 18: License Screen
UM2575 License screen • Use Addressed NFC command: Communication between the Android phone and the ST25DV-I2C-DISCO board is done through NFC Type 5. Two modes are available for NFC Type5 commands: – Addressed – Non-addressed When using addressed commands, the NFC Tag UID (on 8 bytes) is included in the command. This is safer because only the targeted tag processes the command but the communication is slower due to those extra bytes to send for every packet exchanged. -
Page 19: Revision History
UM2575 Revision history Table 2. Document revision history Date Version Changes 28-May-2019 Initial release. UM2575 - Rev 1 page 19/23... -
Page 20: Table Of Contents
"ST25DV-I2C Crypto Demo" application screen ........ - Page 21 UM2575 List of tables List of tables Table 1. Acronyms ............... . . 3 Table 2.
- Page 22 "ST25DV-I2C-DISCO Crypto Demo" - displayed message screen ....... . 15...
- Page 23 ST’s terms and conditions of sale in place at the time of order acknowledgement. Purchasers are solely responsible for the choice, selection, and use of ST products and ST assumes no liability for application assistance or the design of Purchasers’...
Need help?
Do you have a question about the ST25DV-I2C and is the answer not in the manual?
Questions and answers