# Security Model TAGBASE is designed from the ground up with a zero-trust mindset. It assumes all links, devices, and clients may be compromised — and anchors security to the only element that can't be faked: the physical tag’s cryptographic chip. *** ### Core Principles * **Hardware-based security**: Built on NTAG 424 DNA, a secure NFC chip from NXP with AES-128 encryption. * **Delta-based verification**: A two-step process ensures that validation is not just based on the tag content, but on a session-specific change between two interactions. * **No shared secrets in clients**: All sensitive logic is handled server-side — clients are treated as untrusted. * **Stateless server design**: Reduces attack surface and makes the system resilient to request flooding and token replay. * **Time-bound session linking**: Prevents link harvesting, sharing, and replay attacks. *** ### Verification Logic Each verification flow consists of two taps: 1. **First Tap**: * Generates a signed CMAC-secured URL. * Initiates a short-lived session with metadata: tag UID, counter value, timestamp. 2. **Second Tap**: * Must occur within a short time window. * Backend compares second request’s tag state (counter, UID) with first. * If delta is valid → the tag is authenticated. * If delta is invalid → the tag or interaction is flagged as suspicious. *** ### Tag-Level Security | Feature | Description | | ------------------- | ------------------------------------------------------------------- | | **UID Locking** | Each chip has a unique, immutable identifier. | | **CMAC Generation** | Server validates the tag-generated cryptographic MAC using AES-128. | | **Read Counter** | Increments with each tap — used in delta comparison. | | **URL Obfuscation** | Signed parameters are encoded — raw URLs are meaningless if copied. | *** ### Attack Vectors & Mitigations | Threat | Mitigation | | ----------------------- | --------------------------------------------------------------------- | | **Cloned Tag** | Cannot replicate the secure chip’s CMAC logic or counter state. | | **Link Replay** | Links expire and require valid delta transitions. | | **Reverse Engineering** | Core cryptographic logic runs only on the secure tag and the backend. | *** ### Optional Enhancements * **Geo + device fingerprinting** (optional): flag unexpected tap locations or device patterns. * **Blockchain immutability**: for products requiring proof of ownership. * **Audit trail**: detailed per-tag verification logs for forensics or compliance. *** ### Summary TAGBASE security is rooted in the physical world — not in obscurity or client-side logic. By requiring a real chip with secure hardware to complete the validation, and combining this with cryptographically signed, time-bound interactions, TAGBASE delivers an **unclonable, app-free product verification** system. *** Next: Environment & Requirements --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tagbase.io/general/security-model.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.