NHS3100 chip security

Sarajia · ‎03-25-2021

I use NHS3100 in my product. I want to protect the code in the chip. So I want to know the way about the chip security that the code in the flash can't be read from the chip.

Could you give me the document about this? Thank you very much.

driesmoors · ‎03-30-2021

Hello Sara,

As stated, the chip does not have any anti-tampering features or crypto on board. It is possible to implement functional security, but it is not possible to hide the Flash or ARM EEPROM contents from needle probing.

What you can do is to ensure each IC has its own secret, based on the chip's unique ID and an external master key generated by a server based hardware security module . When the same secret is used twice, you know that IC has been cloned.

If this is not sufficient, perhaps a multi-component solution is in order. There are other NXP ICs that are hardened and can perform part of your required functionality in a secure way.

Kind regards,
Dries.

View solution in original post

fangfang · ‎03-28-2021

Hello,

for protecting the tag you can use the PWD register and auth, register in the auth register you need to put the first page that will require authentication and then then set the password in the PWD register, I do not find something specific for this but maybe the user manual can give some idea. other idea that might work is that on the reader side use a secure element so you encrypt and MAC the information and store it in the NHS then you wont have to process anything on the NHS MCU also it is not good to do crypto on software is very recommended to do it on a hardware that is certified for that purpose and by MACing the information you ensure nobody has touched it by calculating the mac on the information and comparing it with the stored one.
as you know NHS does not support crypto or any other than a 32 bit password
maybe something that might be helpful is to use the Mifare Ultralight documentation since it is pretty similar to the NFC interface of the NHS.

Hope it help you. Have a nice day.

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-----------------------------------------------------------------------------

Sarajia · ‎03-29-2021

Dear Fangfang, Thanks for your reply. I still have some doubts on this. We just want to protect our code avoiding copy by others when MP. like some MCU by burnning fuse. If NHS has this function, would you mind giving some recommandation on this issue? Thanks. BR

driesmoors · ‎03-30-2021

Hello Sara,

As stated, the chip does not have any anti-tampering features or crypto on board. It is possible to implement functional security, but it is not possible to hide the Flash or ARM EEPROM contents from needle probing.

What you can do is to ensure each IC has its own secret, based on the chip's unique ID and an external master key generated by a server based hardware security module . When the same secret is used twice, you know that IC has been cloned.

If this is not sufficient, perhaps a multi-component solution is in order. There are other NXP ICs that are hardened and can perform part of your required functionality in a secure way.

Kind regards,
Dries.