Tag Archives: nfc

Hackaday Interview with Amal Graafstra, Creator of xNT Implant Chip

via Hack a Day» hardware

Near Field Communication (NFC) enabled devices are starting to appear in our everyday lives. Shown in the picture above is the xNT (fundraiser warning), a 2mm x 12mm fully NFC Type 2 compliant 13.56MHz RFID tag encased in a cylindrical Schott 8625 bioglass ampule. It was created by [Amal Graafstra], who therefore aims to produce the world’s first NFC compliant RFID implant. The chip used is the NTAG203, which is (for the sake of simplicity) a 144bytes EEPROM with different protection features.

We can only start thinking of the different possibilities this chip will create in the near future, but also wonder which precedent this may set for future NFC enabled humans. Embedded after the break is the presentation video of xNT but also an interview I conducted with [Amal Graafstra], who has already been living for 8 years with RFID tags in each hand.

[Mathieu] First, we’d like to wish you all the best for your campaign, and it seems you’re already on the right path as you’ve just gotten $2k5 of your $8k goal on your first day.

[Amal] Thanks! We’re quite open about most of our R&D projects, and I know several people have been waiting for the xNT. They certainly came through at launch time. The tough part now will be to gather the remaining necessary backers, many of whom may be new to the entire concept of an implant.

[Mathieu] As mentioned in your video, you’ve been living with NFC chips in your left hand for 8 years now. Is it something you often ‘show’ to people, and what are their reactions?

[Amal] The chips I implanted back in 2005 are RFID technologies, but they are not NFC compliant, meaning they do not conform to NFC Forum standards. The xNT is the first NFC compliant implant available, which is why we’re so excited to see the campaign succeed! To answer your question though, most people don’t even know I have any RFID implants, and I don’t bother showing them off anymore. Most people find out when I use them to get into my home, or to access my datacenter or unlock my car. If they are paying attention, they will notice I don’t have anything in my hand and they will ask “hey, what just happened there” and I’ll show them and explain. When introduced to the concept in that way, seeing a useful application of it before contemplating the implant itself, most people are receptive and can see the usefulness. If I tell someone about it first, their reaction is usually a squeamish look on their face and sometimes a negative comment.

[Mathieu] Many of our geek friends at Hackaday are very interested by this technology, but are afraid to put it under their skin. What in your opinion could make them take this step?

[Amal] Back in 2005 I had several doctors as clients, and I consulted with both a cosmetic surgeon and my family general practice doctor about the device and the location I wanted to implant it. Both agreed it was a very safe place to install one of these devices, and both performed the procedure for me without hesitation. Since getting my implants, I’ve worked with hundreds of people also interested in getting an implant. I started Dangerous Things in order to control the materials processes involved to ensure the tags we sell are made with biocompatible glass and internal resins, and all components are bio-safe. Of all the people I’ve helped or sold implants to, I’ve never heard of any tags that have been implanted in the correct location (webbing of the hand) and in the proper orientation (parallel with the metacarpal) ever breaking or causing a problem. I’ve worked with doctors and body piercers to place these tags under the skin, and we’re building a partner network of professional body piercers to increase access to a clean studio environment and professional installation services. We offer procedure guides and phone consultations for piercing professionals who are installing for a Dangerous Things customer. Additionally, the implants are MRI safe, so getting one will not exclude you from medical imaging procedures.

[Mathieu] In your experience, are technical people less reluctant to try this chip than non-informed persons?

[Amal] Most of the time, people without a technical background will have misconceptions about the technology which lead them to believe that it is capable of doing something that it can’t. The most common misconception is that it can be tracked in real time by a 3rd party, like a GPS enabled device might be. Another common reason non-technical people are reluctant to entertain the idea of an implant is the lack of cheap, simple commercial products that work with the implant. When I got my first EM4102 based 125khz implant, the NFC standard was not published and there were no devices. This lack of standards meant you’d have to buy an expensive commercial access control system or you’d have to build solutions yourself. I ended up building my own solutions, as did many other hacker/hobbyists. The good news is, with NFC standards growing in popularity, commercial devices and systems based on NFC are now becoming available and a non-technical person can easily begin to integrate NFC into their daily lives without needing to solder it together themselves.

[Mathieu] The chip that you offer to put under the skin can be reprogrammed at will but has a unique 7 byte serial number, which may arise privacy concerns. What will you do with this information? Can we trust you? Do you think you’re setting a precedent in the history of NFC enabled humans?

[Amal] The 7 byte UID programmed into each NTAG203 chip could be a privacy concern if people used their tags with systems that are outside of their control. For example, if a person enrolled their implant with an access control system at their work or school, then every time they entered the premises by using their implant, that access even would be logged. But, the reality is, this is always the case when you use an access card, so there really is no difference having that access card under your skin instead of in your pocket.

The real question being asked about privacy revolves around consent – can someone read it, from a distance, without your consent. While it is technically possible someone could build a large, high powered antenna loop to pick up tags from a distance of a few feet, it’s not practical and not at all likely. Magnetically coupled data transmissions from passive tags don’t work like typical electric field radio emissions, and it becomes very difficult to generate a stable magnetic field that is large enough to envelope tags at a distance while maintaining the integrity and sensitivity required to communicate with those tags. Furthermore, the context in which you use your tag matters. If someone were to set up a large antenna loop somewhere and skim tag IDs of people walking by, in order to do anything with that information they would have to figure out who you were, how you used that tag ID, and plan an attack on you specifically. Unless a person were to use their implant to gain access to a bank vault or another target that an attacker would want to get into, it’s just not very likely. On the other hand, attackers who set up skim points to pull credit card data from RF enabled cards don’t need to know anything about their victims in order to go use that skimmed data to make purchases. Context matters.

[Mathieu] Did you try different antennas to see how far you could read the chip from?

[Amal] I’ve tried various antenna configurations with my 125KHz tag because low frequency works better than 13.56MHz high frequency tags when implanted into the body. The best range I could get using a high powered antenna loop coil that was 2 feet (~60cm) in diameter was about 1 foot (30cm). Typical read range of a 2mm x 12mm 125KHz tag using conventional readers is between 1mm and 2cm, depending on the reader and antenna configuration.

[Mathieu] In your opinion, can this chip be used to implement simple authentication on everyday devices?

[Amal] The xNT is well suited for simple authentication systems. The user memory space can also be used for NFC by storing an NDEF record, the latter portion of the user memory could also be used to store rotating one-time keys to help secure custom security systems. In a typical skim attack, an attacker that is able to read a tag’s UID bits and memory contents without consent would be able to emulate that UID and memory contents to the target reader device. In this scenario, the attacker gains entry and the victim has no idea anything is wrong. The attacker could come and go as they pleased without detection. By using a rotating key, each time the potential victim uses their tag the reader updates the key. This means two things; 1) the attacker has a very limited amount of time to utilize their attack. If the user were to return and use their tag before the attacker had time to execute an attack, the attack would fail. 2) the victim of a successful attack would not be allowed access due to a bad key on the tag. This would alert both the victim and the system administrator to a potential attack situation, which could bring up surveillance video of the current attempt and the last system access made by the attacker. Detecting an attack after it has happened is just as important as preventing one. Of course, there is no such thing as absolute security, and there are attacks which could be executed against a rotating key system, but again context is what matters. Typical users are going to be using the xNT for residential home access type projects, and I think if someone wants into your home that badly, they are much more likely to break a window or use some other, more conventional method.


Filed under: Crowd Funding, hardware, Interviews, wearable hacks

Guest blog #2: Near field communication by Donatien Garnier

via Raspberry Pi

Arthur C. Clarke said that, “Any sufficiently advanced technology is indistinguishable from magic.” As a child of the late 20th century I have experienced all manner of technowonders, from the Apollo 11 moon landing to motion-activated air fresheners that look like rocks. But brandishing your smartphones at each other to exchange data is, let’s face it, complete and utter witchcraftery.

Donatien Garnier of Cambridge startup AppNearMe describes how near field communication (NFC) can be used to talk to the Raspberry Pi.

Configuring devices with no physical user interface

Many projects have been using Raspberry Pi for embedded applications because it gives you a complete GNU/Linux platform with a great deal of input/output busses at a very competitive cost.

These RaPi-based projects are usually using some kind of connectivity (Ethernet, Wi-Fi, Bluetooth or even Zigbee or 6LowPan) and some of them are battery powered.

Here a Raspberry Pi was used to upload photos from a camera through Wi-Fi, here to power an WiFi-connected internet radio. On elinux.org’s RaspberryPi projects wiki page, you can find a couple other cool projects involving Bluetooth or Zigbee connectivity.

In all these projects most of the devices sit happily doing their job quietly however the connectivity parameters have to be configured at some point: SSID and passphrase for WiFi, pairing info for Bluetooth, security key for Zigbee, etc.

This leaves you with a few options to allow the user to configure these parameters. First one is to embed a touchscreen or a screen plus keypad on your setup. However your overall cost would increase a lot and this would make your device quite bigger. Plus remember how frustrating it is to input text on a tiny keypad?

You can plug your Raspberry Pi into a computer screen and keyboard and input the parameters using the command line, but this is both time consuming and requires that you actually have this kind of equipment around. If your device is in a closed case this means that you would have to expose at least the HDMI output and one USB plug, which can be problematic especially if your case needs to be hermetic.

You can also let the user write the parameters on a file on the SD Card, but sometimes you just don’t want him to be able to access the whole file system, it is still time consuming and having to remove and insert back the SD card can lead to involuntary damage on the hardware.

Near Field Communication (NFC) at the rescue

Another solution is to somehow shift these constraints to another device. This is one of the situation where NFC can help. NFC is a very short range radio technology that allows touch-based interactions (to get an idea have a look at what Google is doing with Android Beam). We (a recently Cambridge-established startup called AppNearMe) developed a solution that allows you to touch your RaspberryPi with your Android phone to get the device’s configuration interface. You can configure every parameter using your phone’s large touchscreen and touch the Pi back to set the configuration.

For instance here is a demo of WiFi configuration:

WiFi configuration

List of WiFi networks transmitted by the Raspberry Pi to the phone

List of WiFi networks transmitted by the Raspberry Pi to the phone

For now you can see that the hardware is a bit messy but we are working on a more integrated solution!

The hardware we used for the demo: RaspberryPi with WiFi dongle, mbed LCP11U24, Adafruit NFC board

The hardware we used for the demo: RaspberryPi with WiFi dongle, mbed LCP11U24, Adafruit NFC board

From a developer’s point of view we have a Python API (on the Pi side – will be released soon) and an HTML5/Javascript framework for developing the interface (no Android programming skills required – more info here).

Beyond connectivity

Of course connection parameters are not the only things that you might need to configure: units, time zones, location based on the phone’s GPS, calibration data for sensors or even user accounts for cloud-connected devices. You can also transmit authentication keys to unlock features.

Does it inspire you with new project ideas? We’d love to know, so feel free to drop us a comment!