Table of Contents
Advertisement
Quick Links
Introduction
This document shows how to run the "ST25DV-I2C Crypto Demo", using the ST25DV-I2C fast transfer mode (FTM) to establish
a secure transfer channel (STC) over NFC between an STM32 microcontroller and an Android™ smartphone or iPhone (7 and
up, with iOS13 or later version).
The ST25DV-I2C is a dynamic NFC Tag IC able to communicate with NFC readers and smartphones, and also with a
2
microcontroller through an I
This demonstration establishes an STC by using cryptography to perform a mutual authentication and to encrypt the
communications over NFC. This STC is used during the demonstration to securely:
•
Send and retrieve data
•
Set the device settings
•
Upload new firmware
Only the granted user / smartphone is able to communicate with the STM32 device to perform these operations.
The STC over NFC has applications in different sectors (such as industrial, home appliance and consumer) where the control of
a device is restricted to authorized users, and when the personal data must be protected.
The following packages are available on www.st.com:
•
STSW-ST25DV005 firmware
•
STSW-ST25003 Android™ application
•
STSW-ST25IOS003 iOS™ application
UM2684 - Rev 2 - November 2020
For further information contact your local STMicroelectronics sales office.
C interface. The FTM feature speeds up the communication between these two interfaces.
ST25DV-I2C cryptographic demonstration
UM2684
User manual
www.st.com
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for ST ST25DV-I2C
Summary of Contents for ST ST25DV-I2C
- Page 1 (STC) over NFC between an STM32 microcontroller and an Android™ smartphone or iPhone (7 and up, with iOS13 or later version). The ST25DV-I2C is a dynamic NFC Tag IC able to communicate with NFC readers and smartphones, and also with a microcontroller through an I C interface.
-
Page 2: General Information
Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. Purpose and scope The "ST25DV-I2C Crypto Demo" runs on the NUCLEO-L476RG board plus a X-NUCLEO-NFC04A1 shield, featuring a ST25DV-I2C tag connected to a STM32L476 device through the I C bus. -
Page 3: Acronyms
1.4.2 Android™ APK application installation The "ST25DV-I2C Crypto Demo" Android application is available at Google Play™ store. The STSW-ST25DV005 package contains two firmwares in the UserApp Binary directory (UserApp.sfb and UserApp_NewPicture.sfb) to use for the secure firmware upgrade demonstration. These files have to be downloaded on the Android™... -
Page 4: How To Set The "Authorized User
UM2684 Installation Figure 2. Blue icon view When user opens an enterprise application (OTA installed), user is identified by one 'Untrusted Enterprise Developer' notification. In such case, user needs the 'Trust Developer' certificate allowing application to be installed. This can be done by tracing the menu as follows: Settings→General→Device Management→Enterprise Apps→Trust Developer. -
Page 5: License Scheme
The Android™ and iOS™ application and the associated firmware are provided under the SLA0052 license agreement, available on www.st.com. The software components provided in this package come with different license schemes, as shown in Table Table 2. ST25DV-I2C cryptographic firmware - License scheme Component Copyright License Project application... -
Page 6: Security Processes
UM2684 Security processes Security processes This section describes the security processes used to perform a mutual authentication and to establish a secure transfer channel (SFC) where all the communications are encrypted. Public key exchange The public keys exchange is done in two steps: •... -
Page 7: Authentication Of The Smartphone
UM2684 Authentication of the smartphone To avoid this problem, a key is derived from the "Shared Secret" plus a random number (changing every time). The key obtained is called “AES Session key” and it is used to encrypt all the exchanges between the two devices. -
Page 8: Encrypted Data Transfer
UM2684 Encrypted data transfer Figure 5. Firmware authentication over NFC Decrypt Encrypt Smartphone Firmware This authentication protects from counterfeited products containing a valid "Public key" taken on a valid product. However it does not contain the "Secret Key" that is stored in the product and that is not readable. The counterfeited product is not able to compute the "Shared Secret"... -
Page 9: "St25Dv-I2C Crypto Demo" Application Screens
"ST25DV-I2C Crypto Demo" application screens "ST25DV-I2C Crypto Demo" application screens Home screen User manually launches the application “ST25DV-I2C-Crypto Demo” or simply taps the ST25DV-I2C NFC tag, Android™ automatically launches the “ST25DV-I2C-Crypto Demo” application. Figure 6. "ST25DV-I2C Crypto Demo" - Android™ home screen When the application starts, it initializes the Android™... -
Page 10: Figure 7. "St25Dv-I2C Crypto Demo" - Ios™ Home Screen
UM2684 Home screen Figure 7. "ST25DV-I2C Crypto Demo" - iOS™ home screen UM2684 - Rev 2 page 10/27... -
Page 11: St25Dv-I2C Crypto Demo" Application Main Screen
This section describes how the "ST25DV-I2C Crypto Demo" application works. 3.2.1 Secure transfer channel setup When tapping the ST25DV-I2C tag, the "ST25DV-I2C Crypto Demo" application automatically executes all the steps described from Section 2.1 Public key exchange Section 2.5 Authentication of the connected device setup a secure transfer channel. -
Page 12: Figure 9. "St25Dv-I2C-Crypto Demo" - Ios™ Secure Transfer Channel Setup
UM2684 "ST25DV-I2C Crypto Demo" application main screen Figure 9. "ST25DV-I2C-Crypto Demo" - iOS™ secure transfer channel setup UM2684 - Rev 2 page 12/27... -
Page 13: Step By Step Mode
NFC. The transfer occurs in the following steps: The smartphone writes an encrypted command to the ST25DV-I2C FTM buffer mailbox to request the reading of data. -
Page 14: Read And Decrypt Image" Button
ST25DV-I2C-DISCO. The transfer occurs by following steps: The smartphone writes an encrypted command to the ST25DV-I2C FTM mailbox buffer to request an image. The firmware reads the mailbox buffer and decrypts the command. The firmware encrypts the picture and writes all the chunks of the picture through I C to the ST25DV-I2C FTM mailbox buffer. -
Page 15: Figure 12. "St25Dv-I2C Crypto Demo" - Picture Transfer
UM2684 "ST25DV-I2C Crypto Demo" application main screen Figure 12. "ST25DV-I2C Crypto Demo" - picture transfer Note: A progress bar is displayed during the download. On the smartphone, two progress bars are visible, a blue one and a light blue one. -
Page 16: Encrypted Firmware Upgrade" Button
After selecting the file, the new firmware is uploaded, encrypted to the NUCLEO-L476RG board, by writing chunks to the ST25DV-I2C FTM buffer mailbox. The "ST25DV-I2C Crypto Demo" firmware checks the authenticity of the uploaded firmware chunks (thanks to the GMAC) and flashes them in the STM32L476RG static memory. -
Page 17: Figure 14. "St25Dv-I2C Crypto Demo" - Firmware Upgrade
UM2684 "ST25DV-I2C Crypto Demo" application main screen Figure 14. "ST25DV-I2C Crypto Demo" - firmware upgrade UM2684 - Rev 2 page 17/27... -
Page 18: Eavesdropper Screen
UM2684 "ST25DV-I2C Crypto Demo" application main screen 3.2.6 Eavesdropper screen This screen is used to show what someone sees when spying the NFC connection. It permits to see the encrypted data that are exchanged through NFC and what the firmware gets after decryption. -
Page 19: Keys Overview
Keys overview Keys overview Various cryptographic keys are used in the "ST25DV-I2C Crypto Demo". This screen helps the user to understand the role of each key. In the application, click on a key to get information about it. Figure 16. -
Page 20: Setting Screen
Number of Packets per Segment: The smartphone and the firmware are exchanging data through the ST25DV-I2C FTM mailbox (which contains up to 256 bytes). When sending data bigger that 256 bytes, the data is split in blocks of data fitting in the mailbox that are called “Packets”. A group of N packets is called “Segment”. -
Page 21: License Screen
License screen This screen shows the software license agreement that user accepts when using this program. It also indicates the version number of the program. Figure 18. "ST25DV-I2C-Crypto Demo" - license UM2684 - Rev 2 page 21/27... - Page 22 UM2684 Revision history Table 3. Document revision history Date Version Changes 07-May-2020 Initial release. Updated Section 1.4.1 NUCLEO-L476RG and X-NUCLEO-NFC04A1 setup 25-Nov-2020 Section 1.4.2 Android™ APK application installation UM2684 - Rev 2 page 22/27...
-
Page 23: Table Of Contents
"ST25DV-I2C Crypto Demo" application screens ........ - Page 24 UM2684 Contents Revision history ...............22 UM2684 - Rev 2 page 24/27...
- Page 25 ST25DV-I2C cryptographic firmware - License scheme ........
- Page 26 Figure 9. "ST25DV-I2C-Crypto Demo" - iOS™ secure transfer channel setup....... 12 Figure 10.
- Page 27 ST’s terms and conditions of sale in place at the time of order acknowledgement. Purchasers are solely responsible for the choice, selection, and use of ST products and ST assumes no liability for application assistance or the design of Purchasers’...
Need help?
Do you have a question about the ST25DV-I2C and is the answer not in the manual?
Questions and answers