MIFARE is the NXP Semiconductors -owned trademark of a series of integrate tour ( IC ) chips used in contactless smart cards and proximity cards. The trade name identify covers proprietorship solutions based upon diverse levels of the ISO/IEC 14443 Type A 13.56 MHz contactless smart circuit board standard. It uses AES and DES/Triple-DES encoding standards, angstrom well as an older proprietary encoding algorithm, Crypto-1. According to NXP, 10 billion of their smart calling card chips and over 150 million lector modules have been sold. [ 1 ] MIFARE is owned by NXP Semiconductors, which was spun off from Philips Electronics in 2006 .
Variants [edit ]
MIFARE products are embedded in contactless and contact chic cards, smart newspaper tickets, wearables and phones.
Reading: MIFARE – Wikipedia
The MIFARE stigmatize identify ( derived from the term MIKRON FARE Collection and created by the company Mikron ) covers four families of contactless cards :
- MIFARE Classic
- Employs a proprietary protocol compliant to parts 1–3 of ISO/IEC 14443 Type A, with an NXP proprietary security protocol for authentication and ciphering. Subtype: MIFARE Classic EV1 (other subtypes are no longer in use).
- MIFARE Plus
- Drop-in replacement for MIFARE Classic with certified security level (AES-128 based) and is fully backward compatible with MIFARE Classic. Subtypes MIFARE Plus S, MIFARE Plus X and MIFARE Plus SE.
- MIFARE Ultralight
- Low-cost ICs that are useful for high volume applications such as public transport, loyalty cards and event ticketing. Subtypes: MIFARE Ultralight C, MIFARE Ultralight EV1 and MIFARE Ultralight Nano.
- MIFARE DESFire
- Contactless ICs that comply with parts 3 and 4 of ISO/IEC 14443-4 Type A with a mask-ROM operating system from NXP. The DES in the name refers to the use of a DES, two-key 3DES, three-key 3DES and AES encryption; while Fire is an acronym for Fast, innovative, reliable, and enhanced. Subtypes: MIFARE DESFire EV1, MIFARE DESFire EV2, MIFARE DESFire EV3.
There is besides the MIFARE SAM AV2 contact bright card. This can be used to handle the encoding in communicating with the contactless cards. The SAM ( Secure Access Module ) provides the dependable repositing of cryptanalytic keys and cryptanalytic functions .
MIFARE Classic family [edit ]
The MIFARE Classic IC is good a memory storage device, where the memory is divided into segments and blocks with childlike security system mechanism for entree control. They are ASIC -based and have limited computational world power. Due to their dependability and low monetary value, those cards are widely used for electronic wallets, access operate, corporate ID cards, transportation or stadium ticket. The MIFARE Classic with 1K memory offers 1,024 bytes of data repositing, split into 16 sectors ; each sector is protected by two different keys, called A and B. Each key can be programmed to allow operations such as reading, writing, increasing value blocks, etc. MIFARE Classic with 4K memory offers 4,096 bytes split into forty sectors, of which 32 are the like size as in the 1K with eight more that are quartet size sectors. MIFARE Classic Mini offers 320 bytes split into five sectors. For each of these IC types, 16 bytes per sector are reserved for the keys and access conditions and can not normally be used for exploiter data. besides, the very first 16 bytes contain the serial phone number of the card and sealed early manufacturer data and are read-only. That brings the net storage capacity of these cards down to 752 bytes for MIFARE Classic with 1K memory, 3,440 bytes for MIFARE Classic with 4K memory, and 224 bytes for MIFARE Mini. It uses an NXP proprietorship security system protocol ( Crypto-1 ) for authentication and calculate .
The Samsung TecTile NFC tag stickers use MIFARE Classic chips. This means merely devices with an NXP NFC restrainer nick can read or write these tags. At the consequence BlackBerry phones, the Nokia Lumia 610 ( August 2012 [ 2 ] ), the Google Nexus 4, Google Nexus 7 LTE and Nexus 10 ( October 2013 [ 3 ] ) ca n’t read/write TecTile stickers. MIFARE Classic encoding has been compromised ; see below for details .
MIFARE Plus family [edit ]
MIFARE Plus is a replacement IC solution for the MIFARE Classic. winder applications :
- Public transportation
- Access management; e.g., employee, school, or campus cards
- Electronic toll collection
- Car parking
- Loyalty programs
It is less compromising than a MIFARE DESFire EV1 contactless IC. MIFARE Plus was publicly announced in March 2008 with first samples in Q1 2009. [ 4 ] MIFARE Plus, when used in older transportation systems that do not even support AES on the reader side, silent leaves an open door to attacks. Though it helps to mitigate threats from attacks that broke the Crypto-1 cipher through the weak random total generator, it does not help against beast force attacks and cryptoanalytic attacks. [ 5 ] During the transition period from MIFARE Classic to MIFARE Plus where only a few readers might support AES in the first gear position, it offers an optional AES authentication in Security Level 1 ( which is in fact MIFARE Classic process ). This does not prevent the attacks mentioned above but enables a secure reciprocal authentication between the lector and the card to prove that the circuit board belongs to the system and is not imposter. In its highest security level SL3, using 128-bit AES encoding, MIFARE Plus is secured from attacks. [ citation needed ]
MIFARE Plus EV1 [edit ]
MIFARE Plus EV1 was announced in April 2016. [ 6 ] New features compared to MIFARE Plus X include :
- Sector-wise security-level switching
- The choice of crypto algorithm used in the authentication protocol can be set separately for each sector. This makes it possible to use the same card with both readers that can read MIFARE Classic products (with sectors protected by 48-bit CRYPTO1 keys, “Security Level 1”) and readers that can read MIFARE Plus products (with sectors protected by 128-bit AES keys, “Security Level 3”). This feature is intended to make it easier to gradually migrate existing MIFARE Classic product-based installations to MIFARE Plus, without having to replace all readers at the same time.
- ISO 7816-4 wrapping
- The card can now be accessed in either the protocol for MIFARE (which is not compliant with the ISO 7816-4 APDU format), or using a new protocol variant that runs on top of ISO 7816-4. This way the cards become compatible with NFC reader APIs that can only exchange messages in ISO 7816-4 APDU format, with a maximum transfer data buffer size of 256 bytes.
- Proximity check
- While the protocol for MIFARE Classic tolerated message delays of several seconds, and was therefore vulnerable to relay attacks, MIFARE Plus EV1 now implements a basic “ISO compliant” distance-bounding protocol. This puts tighter timing constraints on the permitted round-trip delay during authentication, to make it harder to forward messages to far-away cards or readers via computer networks.
- Secure end-2-end channel
- Permits AES-protected over-the-air updates even to Crypto1 application sectors (SL1SL3 mix mode).
- Transaction MAC
- The card can produce an additional message-authentication code over a transaction that can be verified by a remote clearing service, independent of the keys used by the local reader during the transaction.
MIFARE Plus EV2 [edit ]
The MIFARE Plus EV2 was introduced to the commercialize on 23 June 2020. [ 7 ] It comes with an enhanced read operation and transaction rush compared to MIFARE Plus EV1. [ 8 ] New features compared to MIFARE Plus EV1 include :
- Transaction Timer
- To help mitigate man-in-the-middle attacks, the Transaction Timer feature, which is also available on NXP’s MIFARE DESFire EV3 IC, makes it possible to set a maximum time per transaction, so it’s harder for an attacker to interfere with the transaction.
MIFARE Ultralight family [edit ]
The MIFARE Ultralight has only 512 bits of memory ( i.e. 64 bytes ), without cryptanalytic security. The memory is provided in 16 pages of 4 bytes. Cards based on these chips are so cheap that they are often used for disposable tickets for events such as the Football World Cup 2006. It provides merely basic security features such as one-time-programmable ( OTP ) bits and a write-lock feature to prevent re-writing of memory pages but does not include cryptanalysis as applied in other MIFARE product-based cards .
MIFARE Ultralight EV1 [edit ]
MIFARE Ultralight EV1 [ 9 ] introduced in November 2012 the next generation of newspaper ticketing fresh card ICs for limited-use applications for ticketing schemes and extra security options. It comes with several enhancements above the original MIFARE Ultralight :
- 384 and 1024 bits user memory product variants
- OTP, lock bits, configurable counters for improved security
- Three independent 24-bit one-way counters to stop reloading
- Protected data access through 32-bit password
- NXP Semiconductors originality signature function, this is an integrated originality checker and is effective cloning protection that helps to prevent counterfeit of tickets. However, this protection is applicable only to “mass penetration of non NXP originated chips and does not prevent hardware copy or emulation of a single existing valid chip”
- Limited-use tickets in public transport
- Event ticketing (stadiums, exhibitions, leisure parks)
MIFARE Ultralight C [edit ]
Introduced at the Cartes industry barter show in 2008, the MIFARE Ultralight C IC is separate of NXP ‘s low-cost MIFARE product offer ( disposable ticket ). With Triple DES, MIFARE Ultralight C uses a widely adopted standard, enabling easy integration in existing infrastructures. The incorporate Triple DES authentication provides an effective countermeasure against cloning. [ citation needed ] Key applications for MIFARE Ultralight C are public transportation, event ticket, loyalty and NFC Forum tag type 2 .
MIFARE DESFire kin [edit ]
The MIFARE DESFire ( MF3ICD40 ) was introduced in 2002 and is based on a core exchangeable to SmartMX, with more hardware and software security features than MIFARE Classic. It comes pre-programmed with the general-purpose MIFARE DESFire operating system which offers a simple directory social organization and files. They are sold in four variants : One with Triple-DES only and 4 kilobyte of storehouse, and three with AES ( 2, 4, or 8 kilobyte ; see MIFARE DESFire EV1 ). The AES variants have extra security features ; e.g., CMAC. MIFARE DESFire uses a protocol compliant with ISO/IEC 14443-4. [ 11 ] The contactless IC is based on an 8051 processor with 3DES/AES cryptanalytic accelerator, making very fast transactions possible. The maximal read/write distance between card and proofreader is 10 centimetres ( 3.9 in ), but the actual distance depends on the discipline power generated by the reader and its antenna size. In 2010, NXP announced the discontinuance of the MIFARE DESFire ( MF3ICD40 ) after it had introduced its successor MIFARE DESFire EV1 ( MF3ICD41 ) in late 2008. In October 2011 researchers of Ruhr University Bochum [ 12 ] announced that they had broken the security of MIFARE DESFire ( MF3ICD40 ), which was acknowledged by NXP [ 13 ] ( see MIFARE DESFire attacks ) .
MIFARE DESFire EV1 [edit ]
First development of MIFARE DESFire contactless IC, broadly backwards compatible. available with 2 kiB, 4 kilobyte, and 8 kilobyte non-volatile memory. early features include : [ 14 ]
- Support for random ID.
- Support for 128-bit AES
- Hardware and operating system are Common Criteria certified at level EAL 4+
MIFARE DESFire EV1 was publicly announced in November 2006. [ citation needed ] key applications :
- Advanced public transportation
- Access management
MIFARE DESFire EV2
The second development of the MIFARE DESFire contactless IC family, broadly backwards compatible. [ 15 ] New features include :
- MIsmartApp enabling to offer or sell memory space for additional applications of 3rd parties without the need to share secret keys
- Transaction MAC to authenticate transactions by 3rd parties
- Virtual Card Architecture for privacy protection
- Proximity check against relay attacks
MIFARE DESFire EV2 was publicly announced in March 2016 at the IT-TRANS event in Karlsruhe, Germany
MIFARE DESFire EV3 [edit ]
The latest development of the MIFARE DESFire contactless IC family, broadly backward compatible. New features include :
- ISO/IEC 14443 A 1–4 and ISO/IEC 7816-4 compliant
- Common Criteria EAL5+ certified for IC hardware and software
- NFC Forum Tag Type 4 compliant
- SUN message authentication for advanced data protection within standard NDEF read operation
- Choice of open DES/2K3DES/3K3DES/AES crypto algorithms
- Flexible file structure hosts as many applications as the memory size supports
- Proof of transaction with card generated MAC
- Transaction Timer mitigates risk of man-in-the-middle attacks
MIFARE DESFire EV3 was publicly announced on 2 June 2020. [ 16 ]
MIFARE SAM AV2 [edit ]
MIFARE SAMs are not contactless smart cards. They are guarantee access modules designed to provide the secure repositing of cryptanalytic keys and cryptanalytic functions for terminals to access the MIFARE products securely and to enable secure communication between terminals and server ( backend ). MIFARE SAMs are available from NXP in the contact-only module ( PCM 1.1 ) as defined in ISO/IEC 7816 -2 and the HVQFN32 format. [ citation needed ] Integrating a MIFARE SAM AV2 in a contactless bright batting order reader enables a design that integrates high-end cryptography features and the support of cryptanalytic authentication and data encryption/decryption. [ citation needed ] Like any SAM, it offers functionality to store keys securely and perform authentication and encoding of data between the contactless batting order and the SAM and the SAM towards the backend. following to a classical music SAM architecture, the MIFARE SAM AV2 supports the X-mode which allows a fast and commodious contactless terminal development by connecting the SAM to the microcontroller and reviewer IC simultaneously. [ citation needed ] MIFARE SAM AV2 offers AV1 modality and AV2 mode where in comparison to the SAM AV1 the AV2 version includes public key infrastructure ( PKI ), hashish functions like SHA-1, SHA-224, and SHA-256. It supports MIFARE Plus and secure host communication. Both modes provide the same communication interfaces, cryptanalytic algorithm ( Triple-DES 112-bit and 168-bit key, MIFARE products using Crypto1, AES-128 and AES-192, RSA with improving to 2048-bit keys ), and X-mode functionalities. [ citation needed ] The MIFARE SAM AV3 is the third coevals of NXP ’ randomness Secure Access Module, and it supports MIFARE ICs a well as NXP ’ s UCODE DNA, ICODE DNA and NTAG DNA ICs. [ 17 ]
MIFARE 2GO [edit ]
A cloud-based platform that digitizes MIFARE product-based smart cards and makes them available on NFC-enabled smartphones and wearables. With this, new Smart City habit cases such as mobile transit ticket, mobile access and mobile micropayments are being enabled. [ 18 ]
Applications [edit ]
MIFARE products can be used in different applications : [ 19 ]
- Automated fare collection system
- Identification cards
- Access management
- Campus cards
- Loyalty cards (reward points)
- Tourist cards
- Micropayment (mobile wallet, contactless payment, cashless payment)
- Road tolling
- Transport ticketing
- Event ticketing
- Mobile ticketing
- Citizen card
- Membership cards
- Library cards
- Fuel cards
- Hotel key cards
- NFC Tag (NFC apps, MIFARE4Mobile)
- Taxi cards
- Smart meter
- Museum access cards
- Product authentication
- Production control
- Health cards
- Ferry Cards
- Car rentals
- Fleet management
- Amusement parks
- Bike rentals
- Blood donor cards
- Information services
- Interactive exhibits
- Interactive lotteries
- Password storage
- Smart advertising
- Social welfare
- Waste management
once most access systems used MIFARE Classic, but today these systems have switched to MIFARE DESFire because this product has more security than MIFARE Classic .
byte layout [edit ]
Byte-level layout of MiFare cards .
history [edit ]
- 1994 – MIFARE Classic IC with 1K user memory introduced.
- 1996 – First transport scheme in Seoul using MIFARE Classic with 1K memory.
- 1997 – MIFARE PRO with Triple DES coprocessor introduced.
- 1999 – MIFARE PROX with PKI coprocessor introduced.
- 2001 – MIFARE Ultralight introduced.
- 2002 – MIFARE DESFire introduced, microprocessor based product.
- 2004 – MIFARE SAM introduced, secure infrastructure counterpart of MIFARE DESFire.
- 2006 – MIFARE DESFire EV1 is announced as the first product to support 128-bit AES.
- 2008 – MIFARE4Mobile industry Group is created, consisting of leading players in the Near Field Communication (NFC) ecosystem.
- 2008 – MIFARE Plus is announced as a drop-in replacement for MIFARE Classic based on 128-bit AES.
- 2008 – MIFARE Ultralight C is introduced as a smart paper ticketing IC featuring Triple DES Authentication.
- 2010 – MIFARE SAM AV2 is introduced as secure key storage for readers AES, Triple DES, PKI Authentication.
- 2012 – MIFARE Ultralight EV1 introduced, backward compatible to MIFARE Ultralight but with extra security.
- 2014 – MIFARE SDK was introduced, allowing developers to create and develop their own NFC Android applications.
- 2014 – NXP Smart MX2 the world’s first secure smart card platform supporting MIFARE Plus and MIFARE DESFire EV1 with EAL 50 was released.
- 2015 – MIFARE Plus SE, the entry-level version of NXP’s proven and reliable MIFARE Plus product family, was introduced.
- 2016 – MIFARE Plus EV1 was introduced, the proven mainstream smart card product compatible with MIFARE Classic in its backward compatible security level.
- 2016 – MIFARE DESFire EV2 is announced with improved performance, security, privacy and multi-application support.
- 2016 – MIFARE SDK is rebranded to TapLinx, with additional supported products.
- 2018 – MIFARE 2GO cloud service was introduced, allows to manage MIFARE DESFire and MIFARE Plus (in SL3) product-based credentials onto NFC-enabled mobile and wearable devices.
- 2020 – MIFARE DESFire EV3 is announced
- 2020 – MIFARE Plus EV2 was introduced, adding SL3 to support MIFARE 2GO, EAL5+ certification & Transaction Timer to help mitigate man-in-the-middle attacks.
The MIFARE product portfolio was originally developed by Mikron in Gratkorn, Austria. Mikron was acquired by Philips in 1995. [ 20 ] Mikron sourced silicon from Atmel in the US, Philips in the Netherlands, and Siemens in Germany. [ citation needed ] Infineon Technologies ( then Siemens ) licensed MIFARE Classic from Mikron in 1994 [ 21 ] and developed both stand alone and desegregate designs with MIFARE product functions. Infineon presently produces respective derivatives based on MIFARE Classic including 1K memory ( SLE66R35 ) and diverse microcontrollers ( 8 bite ( SLE66 series ), 16 bit ( SLE7x series ), and 32 morsel ( SLE97 series ) with MIFARE implementations, including devices for manipulation in USIM with Near Field Communication. [ 22 ] Motorola tried to develop MIFARE product-like chips for the wired-logic version but finally gave up. The project expected one million cards per calendar month for starting signal, but that fell to 100,000 per month barely before they gave up the plan. [ 23 ] In 1998 Philips licensed MIFARE Classic to Hitachi [ 24 ] Hitachi licensed MIFARE products for the development of the contactless fresh card solution for NTT ‘s IC telephone card which started in 1999 and finished in 2006. [ citation needed ] In the NTT contactless IC telephone poster project, three parties joined : Tokin-Tamura-Siemens, Hitachi ( Philips-contract for technical foul documentation ), and Denso ( Motorola-only production ). [ citation needed ] NTT asked for two versions of bit, i.e. wired-logic chip ( like MIFARE Classic ) with minor memory and big memory capacity. Hitachi developed merely adult memory version and cut function of the memory to fit for the small memory interpretation. The batch with Hitachi was upgraded in 2008 by NXP ( by then no longer part of Philips ) to include MIFARE Plus and MIFARE DESFire to the renamed semiconductor division of Hitachi Renesas Technology. [ 25 ] In 2010 NXP licensed MIFARE products to Gemalto. In 2011 NXP licensed Oberthur to use MIFARE products on SIM cards. In 2012 NXP signed an agreement with Giesecke & Devrient to integrate MIFARE product-based applications on their secure SIM products. These licensees are developing Near Field Communication products [ 26 ] [ 27 ]
security [edit ]
MIFARE Classic [edit ]
The encoding used by the MIFARE Classic IC uses a 48-bit samara. [ 28 ] A presentation by Henryk Plötz and Karsten Nohl [ 29 ] at the Chaos Communication Congress in December 2007 described a overtone reverse-engineering of the algorithm used in the MIFARE Classic chip. Abstract and slides [ 30 ] are available on-line. A newspaper that describes the process of overrule engineering this chip was published at the August 2008 USENIX security conference. [ 31 ] In March 2008 the Digital Security [ 32 ] research group of the Radboud University Nijmegen made public that they performed a complete reverse-engineering and were able to clone and manipulate the contents of an OV-Chipkaart which is using MIFARE Classic chip. [ 33 ] For demonstration they used the Proxmark3 device, a 125 kilohertz / 13.56 MHz research instrument. [ 34 ] The schematics and software are released under the free GNU General Public License by Jonathan Westhues in 2007. They demonstrate it is even potential to perform card-only attacks using equitable an ordinary stock-commercial NFC reader in combination with the libnfc library. The Radboud University published four scientific papers concerning the security of the MIFARE Classic :
- A Practical Attack on the MIFARE Classic
- Dismantling MIFARE Classic
- Wirelessly Pickpocketing a MIFARE Classic Card
- Ciphertext-only Cryptanalysis on Hardened MIFARE Classic Cards
In response to these attacks, the dutch Minister of the Interior and Kingdom Relations stated that they would investigate whether the initiation of the Dutch Rijkspas could be brought fore from Q4 of 2008. [ 39 ] NXP tried to stop the issue of the irregular article by requesting a preliminary injunction. however, the injunction was denied, with the motor hotel noting that, “ It should be considered that the issue of scientific studies carries a set of weight in a democratic club, as does inform company about good issues in the chip because it allows for extenuate of the risks. ” [ 40 ] [ 41 ] Both mugwump research results are confirmed by the manufacturer NXP. [ 42 ] These attacks on the cards did n’t stop the far insertion of the circuit board as the only accept wag for all Dutch public transport the OV-chipkaart continued as nothing happened [ 43 ] but in October 2011 the company TLS, responsible for the OV-Chipkaart announced that the new adaptation of the calling card will be better protected against imposter. [ 44 ] The MIFARE Classic encoding Crypto-1 can be broken in about 200 seconds on a laptop from 2008, [ 45 ] if approx. 50 bits of known ( or chosen ) keystream are available. This attack reveals the key from sniff transactions under certain ( common ) circumstances and/or allows an attacker to learn the samara by challenging the lector device. The attack proposed in [ 46 ] recovers the secret key in about 40 ms on a laptop. This attack requires good one ( partial ) authentication try with a legitimate reviewer. additionally, there are a number of attacks that work immediately on a menu and without the help of a valid reader device. [ 47 ] These attacks have been acknowledged by NXP. [ 48 ] In April 2009 newly and better card-only attack on MIFARE Classic has been found. It was first announced at the hindquarters session of Eurocrypt 2009. [ 49 ] This attack was presented at SECRYPT 2009. [ 50 ] The broad description of this latest and fastest fire to date can besides be found in the IACR preprint archive. [ 51 ] The new fire improves by a factor of more than 10 all former card-only attacks on MIFARE Classic, has clamant hunt time, and does not require a costly precomputation. The newly attack allows recovering the secret identify of any sector of the MIFARE Classic card via radio interaction, within about 300 queries to the poster. It can then be combined with the nest authentication fire in the Nijmegen Oakland newspaper to recover subsequent keys about immediately. Both attacks combined and with the properly hardware equipment such as Proxmark3, one should be able to clone any MIFARE Classic card in 10 seconds or less. This is much faster than previously thought. In an try to counter these card-only attacks, new “ hardened ” cards have been released in and around 2011, such as the MIFARE Classic EV1. [ 52 ] These variants are unsusceptible for all card-only attacks publicly known until then, while remaining backward compatible with the original MIFARE Classic. In 2015, a fresh card-only approach was discovered that is besides able to recover the secret key from such enured variants. [ 53 ] Since the discovery of this attack, NXP is officially recommending to migrate from MIFARE Classic product-based systems to higher security products. [ 54 ]
MIFARE DESFire [edit ]
In November 2010, security researchers from the Ruhr University released a newspaper detailing a side-channel attack against MIFARE product-based cards. [ 55 ] The composition demonstrated that MIFARE DESFire product-based cards could be easily emulated at a cost of approximately $ 25 in “ off the shelf ” hardware. The authors asserted that this side-channel attack allowed cards to be cloned in approximately 100 ms. furthermore, the wallpaper ‘s authors included hardware schematics for their original cloning device, and have since made equate software, firmware and improved hardware schematics publicly available on GitHub. [ 56 ] In October 2011 David Oswald and Christof Paar of Ruhr-University in Bochum, Germany, detailed how they were able to conduct a successful “ side-channel ” attack against the circuit board using equipment that can be built for about $ 3,000. Called “ Breaking MIFARE DESFire MF3ICD40 : office Analysis and Templates in the real World ”, [ 57 ] they stated that system integrators should be mindful of the new security risks that arise from the confront attacks and can nobelium longer trust on the mathematical security of the exploited 3DES code. Hence, to avoid, e.g. handling or cloning of bright cards used in payment or access dominance solutions, proper actions have to be taken : on the one hand, multi-level countermeasures in the back end permit to minimize the terror evening if the underlying RFID platform is insecure, ” In a argument [ 58 ] NXP said that the assail would be unmanageable to replicate and that they had already planned to discontinue the product at the end of 2011. NXP besides stated “ besides, the impact of a successful attack depends on the end-to-end arrangement security design of each person infrastructure and whether diversified keys – recommended by NXP – are being used. If this is the case, a stolen or lost tease can be disabled just by the operator detecting the fraud and blacklisting the card, however, this operation assumes that the operator has those mechanisms implemented. This will make it evening harder to replicate the attack with a commercial determination. ”
MIFARE Ultralight [edit ]
In September 2012 a security system consultancy Intrepidus [ 59 ] demonstrated at the EU SecWest consequence in Amsterdam, [ 60 ] that MIFARE Ultralight product-based fare cards in the New Jersey and San Francisco passage systems can be manipulated using an Android application, enabling travelers to reset their poster balance and travel for exempt in a talk entitled “ NFC For Free Rides and Rooms ( on your earphone ) ”. [ 61 ] Although not a direct attack on the chip but preferably the recharge of an unprotected register on the device, it allows hackers to replace measure and show that the wag is valid for habit. This can be overcome by having a copy of the record on-line so that values can be analysed and suspect cards hot-listed. NXP has responded by pointing out that they had introduced the MIFARE Ultralight C in 2008 with 3DES security and in November 2012 introduced the MIFARE Ultralight EV1 [ 62 ] with three decrease only counters to foil such reloading attacks .
Considerations for systems integration [edit ]
For systems based on contactless smartcards ( e.g. populace exile ), security against fraud relies on many components, of which the batting order is barely one. typically, to minimize costs, systems integrators will choose a relatively cheap circuit board such as a MIFARE Classic and concentrate security system efforts in the back function. Additional encoding on the wag, transaction counters, and other methods known in cryptography are then employed to make clone cards useless, or at least to enable the rear function to detect a deceitful card, and put it on a blacklist. Systems that shape with on-line readers only ( i.e., readers with a permanent liaison to the back office ) are easier to protect than systems that have offline readers as well, for which real-time checks are not possible and blacklists can not be updated as frequently.
Read more: Dual_EC_DRBG – Wikipedia
authentication [edit ]
Another aspect of fraud prevention and compatibility guarantee is to obtain certificate called to live in 1998 ensuring the compatibility of respective certified MIFARE product-based cards with multiple readers. With this authentication, the main stress was placed on the contactless communication of the radio interface, deoxyadenosine monophosphate well as to ensure proper execution of all the commands of MIFARE product-based cards. The documentation process was developed and carried out by the austrian testing ground called Arsenal Research. nowadays, independent test houses such as Arsenal Testhouse, UL and LSI-TEC, perform the authentication tests and provide the certifiable products in an on-line database. [ 63 ]
Places that use MIFARE products [edit ]
department of transportation [edit ]
application references [edit ]
|Application||Application category||Project||NXP partner||Locality||Product used||Usecase|
|Automatic fare collection||Smart mobility||Moscow Metro||Smart Technologies Group||Moscow||MIFARE Ultralight||Contactless smartcards for payment in the AFC System of the Moscow Metro|
|Automatic fare collection||Smart mobility||Touch n go||Kuala Lumpur||Malaysian toll expressway and highway operators payment system|
|Campus card||Multiapplication including access||Ege Üniversitesi||İzmir||MIFARE Classic||Controlled-access campus entrance by these cards|
|Parking||Smart mobility||NOL||RTA||Dubai||MIFARE DESFire EV1||Multiapplication card inter alia used for parking|
|Parking||Smart mobility||Pay on Foot system||Skidata||Ireland||Used for cashless vending applications for parking|
|Mobile ticketing||Access||MIFARE4Mobile||Gemalto, Giesecke & Devrient, Oberthur Technologies, STMicroelectronics||MIFARE on SmartMX||Access to buildings through smartphone|
|Tourist card||Smart mobility||Mobilis Card||Agencia Valenciana de Mobilidad (aVM)||Valencia||MIFARE on SmartMX||Tourist card, bike rental, electric car rental, transport ticketing, taxi card, access management and payment function|
|Tourist card||Smart mobility||Oyster Card||London||MIFARE Classic 1K||Used for public transport|
|Fuel card||Smart mobility||Shell||Plastkart||Turkey||MIFARE Classic 1K||Loyalty programs at petrol stations|
|Fuel card||Smart mobility||Petrol Ofisi||Plastkart||Turkey||MIFARE Classic 1K||Loyalty programs at petrol stations|
|Taxi card||Smart mobility||Touch Travel Card||Dialog Axiata, Silverleap Technology||Sri Lanka||MIFARE DESFire EV1||Payment solution in taxis|
|Taxi card||Smart mobility||NOL||RTA||Dubai||Muliapplication card also used for taxi payment|
|Ferry card||Smart mobility||Opal card||Sydney||MIFARE DESFire EV1||Card for transport and ferry services|
|Car sharing||Smart mobility||Car2Go||Daimler||MIFARE DESFire EV1||Used for car sharing|
|Bike rental||Smart mobility||OV-fiets||Netherlands||Bike rental smartcard|
|Bike rental||Smart mobility||Callock||Bike rental|
|Corporate access||Access||Nestlé||KABA||MIFARE DESFire EV1||Access Security Solution|
|Bike rental||Smart mobility||Callock||Bike rental|
|Home access||Access||AirKey||EVVA||MIFARE on SmartMX||Mobile access|
|Home access||Access||Immobilienfirma Top-Invest sárl||Salto||Luxemburg||MIFARE DESFire EV1||Smart lock for home access|
|Hotel access||Access||Marriott Hotel Card||KABA||Hotel access card|
|Campus card||Access||Campus Card University of Cambridge||Salto||Cambridge, UK||MIFARE DESFire EV1||Multiapplication campus card|
|Campus Card||Access||Campus Card University of Oxford||Oxford, UK||MIFARE DESFire EV2 8K||Multiapplication campus card|
|Event ticketing||Access||FC Köln||Payment Solutions||Köln, Germany||MIFARE DESFire EV1||Event ticketing application for soccer games|
|Event ticketing||Access||Ticket FIFA 2014||Brazil||Event ticketing for soccer WM|
|Citizen card||Access||National Entitlement Card (NEC)||Scotland, UK||MIFARE on SmartMX||30 different services (identity, transport, financial and health-related services…)|
|Library card||Access||Berlin Dietrich-Bonhoeffer library||Bibliotheca||Berlin, Germany||MIFARE DESFire EV1||Library ID|
|Library card||Access||City Library Reutlingen||Germany||MIFARE DESFire EV1||Cashless payment for library fees|
|Amusement park||Access||Transdev Studio||Bank Mega||Makassar||MIFARE DESFire EV1||Access, loyalty & micropayments|
|Museum card||Access||Müze Kart||Mapikart, Türsab||Istanbul, Turkey||MIFARE Classic 1K||Access to museum|
|Membership card||Loyalty||Manchester City Football Club – Stadium Membership Card||Gemalto||Manchester||Access, loyalty, membership, payment function|
|Loyalty card||Loyalty||Rabbit Card – Carrot Rewards||Bangkok, Thailand||MIFARE DESFire EV1||Used for transport, shops, restaurants, identification, access control, security and Carrot Reward|
|Loyalty card||Loyalty||Trans Studio Amusement Park||Bank Mega||Indonesia||MIFARE DESFire EV1||Trans Studio Amusement Park|
|NFC tags||NFC||NFC tag||SMARTRAC||NFC enabled smartphones|
|Health card||Identification||European health insurance card||Europe||JCOP||Health and identification card|
|Health card||Identification||Sesam-Vitale card||France||MIFARE on SmartMX||Health and identification card|
|Digital signature||Identification||Vingcard||Assa Abloy||Digital signature used for access|
|Micropayment||Micropayment||Yeldi||Identiv||India||MIFARE DESFire EV1||Cashless payments via mobile phones|
|Multiapplication card||Multiapplication||Touch travel card||Dialog Axiata, Silverleap Technology||Sri Lanka||MIFARE DESFire EV1 ; MIFARE SAM AV2||Transport, micropayments, payment for shops or taxis, NFC mobile ticketing|
|Multiapplication card||Multiapplication||Passolig (TFF)||E-Kart, E-Kent, Aktifbank||Turkey||JCOP; MIFARE DESFire EV1||Stadium access – ticketing, micropayments, payments, transport|
|Smart paper ticket||Moscow Metropolitan Card||Smart Technologies Group||Moscow, Russia||MIFARE Ultralight||Used for electronic smart paper ticketing in public transport|
|Banking||Banking||Touch Travel Card||Dialog Axiata, Silverleap Technology||Sri Lanka||MIFARE DESFire EV1||Payment solution|
|Automatic fare collection||Smart mobility||Минсктранс||Minsk, Belarus||MIFARE DESFire EV1||Contactless smartcards for payment in the city public transport Minsktrans|