Pages

Wednesday, December 21, 2011

NFC authentication to Windows XP

1. pGina
- pGina is an open source authentication system, that can be used as a replacement for existing GINA in Windows
- it's architecture is based on plugins
- already supported types of user authentication: RSA SecureID, Kerberos, LDAP, PAM, SSH, and others..
- dummy skeleton plugin can be extended/modified to support authentication with nfc touchatag mifare tags (or any other suported by libnfc)


2. Libnfc
- libnfc (from version 1.5.1)  has a demo reader/writer for Mifare Ultralight cards.  This can be modified and used as an external program, launched by the plugin dll to perform nfc tag reading. Based on the ID read (or maybe other info) authentication can be performed.


3. Steps to use/enhance/customize the plugin
- study dummyPlugin
- useful resources on pGina mailing lists
- the binary for Mifare Ultralight tags reader can be modified and then integrated and built with libnfc cmake system. 
- another reader can be used (also from nfc library), for example one for the well-known  Mifare classic tag.
(!!! Security broken, but this is another story: 
http://en.wikipedia.org/wiki/MIFARE#Security_of_MIFARE_Classic
MFCUK: MiFare Classic Universal toolKit, 
crapto1: attacks against crypto1 proprietary cipher and
MFOC:  Mifare Classic Offline Cracker)


Resources:

  • A platform independent Near Field Communication library: libnfc
  • Open source replacement for authentication in MS Windows: pGina
  • Cheap NFC reader + demo cards (MIFARE Ultralight tags) : Touchatag
  • PoC plugin for pGina 1.x (Windows XP) to suport login with nfc tag: code.