Open Source Hardware

Tweet

Securing Blockchain Applications with Infineon

Get started with Infineon Blockchain Security 2Go cards

By Rafik Mitry, Mouser Electronics

Published May 1, 2020

Blockchain is a revolutionary technology that is starting to be implemented in many industrial applications from the financial and government sectors to automotive, energy, logistics, and healthcare. The blockchain network is a decentralized digital ledger system that manages a series of data blocks. Each of these blocks in the chain is cryptographically secured and connected to the previous one. For an attacker to alter one of the blocks, he would need to change the entire chain, which is extremely difficult because these data points are protected by a digital signature. Storing a digital signature on a computer or mobile phone is very risky as an attacker can identify it through a software attack. Therefore, credential information as a digital signature needs to be stored on a dedicated security controller, which can also protect the credential against a physical attack. Infineon offers a highly secured controller, which protects a user credential.

Here, we'll introduce you to blockchain technology and the definition of its important terminologies. Then, we will integrate Infineon Blockchain Security 2Go cards into a real-world application.

Project Materials and Resources

Access the project's BOM on Mouser's website for the required component:

726-BLOCKCHAINSTTKIT - Infineon Technologies Blockchain Security 2Go Starter Kit

Resources:

• Infineon Github repository
• Coinfinity Android smartphone app
• MetaMask, a browser-based crypto wallet

Project Technology Overview

For this project, we've used the following products and technologies, described in the following sections:

• Infineon Blockchain Security 2Go Starter Kit
• Blockchain
• Crypto payments

Infineon Blockchain Security 2Go Starter Kit

Infineon's Blockchain Security 2Go Starter kit includes five contactless (NFC capable) credit-card-sized ID-1 cards that support different kinds of Blockchain technologies (such as sending cryptocurrencies or integrating the cards in a smart contract for eVoting). The cards' sizes have a dimension of 85.60mm x 53.98mm based on ISO/IEC 7810 and have a contactless integrated circuit with a Class 1 communication antenna based on ISO/IEC 1443.

The Security 2Go Kit main features are:

• creation and storage of up to 255 private/public key pairs for blockchain applications,
• loading and storing a key that is provided by the user in an encrypted form,
• signature generation for signing blockchain transactions and
• User authentication with PIN.

Infineon offers an open-source software that will help you integrate the cards in a real-world blockchain system such as sending cryptocurrency or integrating the cards in a smart contract for eVoting. Here, we will show you how to get started with this kit and send cryptocurrency securely using the blockchain cards. Before we get started with the Blockchain NFC cards, let's go firstly through the basics of blockchain.

What is blockchain technology?

Blockchain is a ledger system, which writes information via peer-to-peer connections into a decentralized worldwide-distributed database. The entered information can be seen by other users, but cannot be changed by anyone. To simplify the blockchain explanation, Figure 1 illustrates the main components of a blockchain.

Figure 1: Blockchain components (Source: Garrick, H and Michel, R. (2017) Global Blockchain Benchmarking Study. Cambridge Centre for Alternative Finance, ‎Cambridge.)

The main components of a blockchain:

1. Cryptography: Cryptography is a method used to encrypt and decrypt information. This means that methods are used within cryptography to change the information in such a way that it can no longer be understood at first glance. Commonly used methods for cryptography are public-key cryptography, hashing, and Merkle trees.
   • Public key cryptography: Public-key cryptography (also called asymmetric cryptography) is a method that uses two keys: a public key and a private key. The public key allows anyone to encrypt data for the owner of the private key. The private key enables its owner to decrypt data encrypted with the public key, to generate digital signatures, or to authenticate himself. This can be illustrated in Figure 2. Let's say Bob wants to send a message to Alice; he encrypts it with Alice's public key so that Alice is the only one who can decrypt Bob's message using her own private key.
   
   
   

   Figure 2: Bob and Alice example of public-key cryptography (Source: https://en.wikipedia.org/wiki/Public-key_cryptography)

   • Hashing: Hash is a mathematical function that converts an input string of any length into an output of a fixed length. The hashed message cannot be decrypted, as this method is a one-way cryptographic function. A good example in the blockchain context is the Bitcoin Secure Hashing Algorithm 256 (SHA-256). This algorithm always gives an output of a fixed length of 256 bits length no matter how long the input is. This hash function is used to create a digital signature for each block.
   • Merkle tree: Merkle tree (also called Hash tree) is used to efficiently verify any kind of changes to a large body of data. One of the main functions is to ensure in peer-to-peer networks that data blocks received from other peers are undamaged and unchanged. Let's look at an example on the following figure:
   
   
   

   Figure 3: Merkle tree concept (Source: https://en.wikipedia.org/wiki/Merkle_tree)

   We have here four data blocks: L1, L2, L3, and L4. Each data block is hashed and is stored in a leaf node, resulting in Hash 0-0, 0-1, 1-0, and 1-1. Then hashed nodes are added in pairs to a parent node by hashing 0-0 and 0-1, resulting in Hash 0. The same applies to the other hashed pairs (1-0 & 1-1) of the tree, resulting in Hash1. Finally, the two hashes 0 and 1 are hashed again, resulting in the Top Hash (Merkle Root).

2. P2P network: Peer-to-Peer network (also known as P2P) are computer nodes that act as a client as well as a server in a network. Each computer acts as an individual peer and can store or share files within the network. In blockchain, P2P networks are used in cryptocurrency transactions. P2P networks allow cryptocurrencies to be transferred anywhere to the world without the need of a central authority.
3. Consensus mechanism: As already mentioned, blockchains are distributed decentralized systems and do not rely on a central authority to agree on the validity of a transaction. For that, the nodes in a blockchain need a mechanism that achieves the necessary agreement on a single data. The consensus mechanism is an algorithm that makes sure all computer nodes on the blockchain are synchronized with each other and guarantee an agreement is reached between all nodes.
4. Ledger: A ledger is a list that holds records of all transactions in a blockchain. When all nodes agree on the consensus rule on a transaction, it gets stored in the ledger. Once the data is stored to the ledger, it cannot be deleted or edited like within a normal database. Each participant in the blockchain holds a copy of the ledger, this makes tempering difficult.
5. Validity Rules: Common set of rules (such as what transactions are considered valid, how the ledger gets updated, etc.). These rules are set by the creators of the blockchain network and all participants in the network need to accept these rules for a transaction to proceed.

Integrating the Infineon Cards in Blockchain Applications

Before we get started with the Infineon Blockchain Starter Kit let's summarize everything using an example that explains how to integrate the Infineon cards in blockchains applications. I talked in the previous section about public and private keys (also known as digital signature), which are responsible to protect any transactions. For a transaction to be successfully processed securely, a digital signature needs to be created. The digital signature needs a secret private key that corresponds to the public key of an account. An attacker can create evidently valid transactions if the private key of a user gets known. Once a transaction occurs, it cannot be altered nor canceled. For this reason, keys need to be strongly protected in terms of security and this can be achieved with the Blockchain Security 2Go smart cards.

Figure 4: The Blockchain Security 2Go Starter Kit principle schematic (Source: Infineon Github repository)

In order to link the Blockchain Security 2Go smart cards to a blockchain, an interface device that is capable of handling communications with the blockchain is needed. Supported device:

• An NFC-enabled Android smartphone, or
• A host device (PC, Raspberry Pi) connected to contactless reader (via a PC/SC interface)

How does a transaction get signed by the Blockchain Smart cards?

In a blockchain system, transactions are used to send assets from one account to another much like sending cryptocurrency. The sender signs the transaction with his private key and other participants on the blockchain sign the same transaction with the public key of the sender to verify the transaction. This step is called authentication of the sender.

The interface device that communicates with the blockchain hashes the transaction before it gets signed. The hashed data is then calculated on the Blockchain 2Go card with the sender's private key. The Blockchain Security 2Go starter kit supports all hashes that lead to 32 bytes output data. Figure 5 illustrates this process.

Figure 5: Infineon's Blockchain Starter 2Go Kit Transaction Signing (Source: Infineon Github repository)

Now let's get started and set up the cards.

In this project, we will use the Blockchain Security 2Go card to sign a transaction of crypto payment. In the following, I will go through a demonstration example using the kit to send and receive Ethereum tokens (ETH), which is a cryptocurrency.

What's in the box?

• Five Blockchain Security 2Go cards
• Quick starter guide

Figure 6: What's included in the Blockchain Security 2Go starter kit. (Source: Mouser Electronics)

Sending Ether Tokens

In this project, we will use an Android smartphone to interface with the blockchain.

Coinfinity mobile app

1. For the first step, you'll need to download the example app that is provided by Coinfinity and is available on Google's PlayStore.
2. Open the Coinfinity mobile app and make sure you enabled the NFC in your mobile settings
3. Place one card on the back of your smartphone as the following image shows. You should see the Card Detected message as well as the card address. (see Figure 7)

Figure 7: Smartphone app with the NFC card placement (Source: Mouser Electronics)

4. As we're going to send test ether tokens, we need to switch the network to a test network. In the coinfintiy mobile app, click on the 3-Dots menu in the upper right corner and choose 'Switch network'. You'll be prompted with Switch to testnet message, finally click on 'YES'. (Figure 8)

Figure 8: Switching to a test network in the Coinfinity mobile app (Source: Mouser Electronics)

MetaMask: A crypto wallet & gateway to blockchain apps

The next step is topping up our Blockchain 2Go Card with some Ethers. To be able to do that we will need to get some Ethers. We can get some Ethers from a browser-based crypto wallet such as MetaMask.

1. Navigate to MetaMask and install it on your browser as an extension. (Supported browsers: Chrome, Firefox, and Brave)
2. After you install it, follow the steps on MetaMask for creating an account.
3. On MetaMask we will need to switch to the same test network as we did in the Coinfinity app. After you created your Account, you will be navigated to your account main page. Click on the drop-down menu Main Ethereum Network and choose Ropsten Test Network. (Figure 9) The Ropsten Test network is also known as Ethereum Testnet and is a testing network that runs the same protocol as the main Ethereum network.

Figure 9: Choosing the Ropsten Test Netowork on MetaMask (Source: Mouser Electronics)

5. The next step is to request Ethers from MetaMask's faucet. Navigate to MetaMask Ether Faucet.
   1. Click on request 1 ether from faucet
   2. Then, click on the transaction Address that has been generated.
      
      
      

      Figure 10: Requesting 1 ether from MetaMask faucet (Source: Mouser Electronics)

6. You will be navigated to the Transaction details. (Figure 11)
   1. If you check now your account balance in MetaMask, you should be able to see 1 ETH that has been deposited to your account.
   2. Now we can send some Ethers to our Blockchain Security 2Go card. Click on the MetaMask browser extension.
   3. Then, click Send
      
      
      

      Figure 11: Transaction details on MetaMask (Source: Mouser Electronics)

7. Sending ethers from MetaMask to the Blockchain Security 2Go card.
   1. 1. Choose the recipient. In our case, here is the card we scanned, when we installed the Coinfinity app (Card 1). You can add the recipient address manually or you scan the QR-code that is displayed on the Coinfinity app.
   2. Choose the amount you want to transfer.
   3. Select how fast you want the transaction to be processed. Then, click on Next.
   4. Check that all the information you entered is correct and confirm your transaction.
   5. It will take a couple of seconds until you can see that the transaction has been completed.
   
   
   

   Figure 12: Sending Ethers to the Blockchain Security 2Go card (Source: Mouser Electronics)

8. The last example I will show you, is sending Ethers from one Blockchain Security 2Go card to another. Go to the Coinfinity mobile app and scan the card, which you have topped up with Ether tokens. When you scan your card you should be able to see the balance on the card (marked red in Figure 13).
   1. Click on Send ETH.
   2. Click on the NFC icon.
   3. Scan the other card you want to transfer Ethers to.
   4. Enter the amount of Ethers you want to transfer.
   5. Re-tap the first card to sign the transaction and then it will send the Ethers from Card 1 to Card 2.

Figure 13: Sending Ethers from one Blockchain Security 2Go card to another (Source: Mouser Electronics)

Conclusion

This project showed you how easy it is to integrate Infineon's Blockchain Security 2Go Starter Kit to a blockchain system, i.e. sending cryptocurrencies. These cards add the security needed so that a transaction is processed securely through the blockchain network. Infineon offers the source code for the Android application, as well as Python Library in case you're using a PC/Raspberry Pi as a host device. This gives you the flexibility to easily adapt the Blockchain Security 2Go Starter Kit to your Blockchain application.

Rafik Mitry joined Mouser Electronics in 2019 after finishing his master's degree in Electrical Engineering at the Technical University of Munich where he also worked in research in the field of energy harvesting for three years. As a Technical Marketing Engineer at Mouser, Rafik creates unique technical content that reflects current and future technology trends in the electronics industry. Besides keeping up with the latest in technology trends, Rafik is an avid lover of aviation and tennis.