Mifare
MIFARE from NXP Semiconductors is the world's most widely used [source is missing] contactless chip card technology . According to the manufacturer, more than 10 billion cards and 150 million card readers have been sold to date. It corresponds to the ISO standards ISO 7816 and ISO 14443A .
technology
The MIFARE transponder works at a distance of up to 10 cm and uses a frequency of 13.561 MHz .
A MIFARE product-based card works without a battery and is supplied with energy by the oscillating magnetic field of the base station (read / write device). A wire coil integrated in the transponder absorbs the required energy as it passes through the magnetic field . For communication, the transponder modulates or demodulates the excitation field of the base station (read / write device).
The memory of the MIFARE Classic product-based card is divided into several sectors, each of which is independently protected from unauthorized reading or writing. The sectors in turn are divided into several blocks of 16 bytes each. The last block in each sector is called the Sector Trailer and contains two keys (authorization levels) and the associated access rights ( Access Conditions ) for the sector concerned. This mechanism allows several different applications to be operated with one MIFARE transponder ("multi-application").
| Card type | Sectors | Blocks per sector | User data bytes |
|---|---|---|---|
| MIFARE Classic 1K | 16 | 4th |
768 bytes 720 bytes (sector 0 = MAD 1 ) |
| MIFARE Classic 4K | 32 + 8 |
4 (Sector 0–31) 16 (Sector 32–39) |
3456 bytes 3360 bytes (sectors 0 + 16 = MAD 1 ) |
1 Mifare application directory
history
MIFARE products were developed in the 1990s by the Mikron Society for Integrated Microelectronics in Gratkorn . Mikron GmbH was taken over by Philips Semiconductors in 1995 and is now part of NXP. MIFARE is an acronym and stands for Mikron Fare Collection System (Mikron Fahrgeld-System), as the technology was originally used for contactless ticket purchase in local public transport. The MIFARE product family has significantly shaped the market for contactless chip cards without their own power supply.
application areas
MIFARE products are u. a. used in the following areas of application:
- Identification cards (passports, health cards, ...)
- Access control systems and time recording systems (These systems used to often use MIFARE Classic, but are now mostly converted to MIFARE DESFire EV1 due to increased security)
- Automated Fare Collection
- Micropayment
- Student IDs (identification, access control, copiers, machines, micro payment, transport, ...)
- Customer or bonus cards
- Proof of driver qualifications and documentation of training courses
- Tourist cards
- Toll systems
- Event ticketing (stadiums, trade fairs, amusement parks)
- Citizen Cards
- Membership cards
- Parking cards
- Mobile ticketing
- Library cards
- Fuel cards
- Hotel cards
- Taxi cards
- Product authentication
- Car rental ( car sharing )
- Bike rental
- Smart metering
Encryption system
The encryption of the often used MIFARE Classic Chip is based on a proprietary stream cipher called Crypto-1. Researchers at the Chaos Computer Club and the University of Virginia were able to reconstruct this algorithm through reverse engineering .
As it became known on April 13, 2008, a group of researchers analyzed the algorithm and found a systematic error that makes the encryption practically useless. The researchers concluded that the security of the algorithm was “close to zero”.
At the Chaos Communication Congress a simple possibility was shown how the encryption can be cracked by a simple inversion with a mathematics program.
Protection options
For some time now there have been ways to protect MIFARE transponders in a wide variety of designs against unauthorized access:
- shielding sleeves into which the transponder is inserted
- Stickers for cards and covers that use field absorption to prevent communication
Certification
The background to the certification, which was launched in 1998, was to guarantee the compatibility of several certified cards with several reading devices, as problems with different contactless cards and reading devices have increased to date. During this certification, the main focus was on the contactless communication of the air interface as well as on the correct execution of all commands of the cards and readers. The certification was developed and carried out by the Austrian test laboratory Arsenal Research.
Today, independent test laboratories, including Arsenal Testhouse, LSI-TEC and UL, carry out the certifications and make the certified products available in an online database.
Successor products and variants
In addition to the original MIFARE product-based card, which is called "MIFARE Classic" according to today's NXP terminology, there are now a large number of further developments that work with current cryptographic algorithms ( 3DES , AES ). The original sector-based access system was also expanded to include the introduction of a multi-application system on MIFARE DESFire product-based cards. The following variants are available today:
- MIFARE Classic 1K / 4K
- Original MIFARE transponders. Has a proprietary high-level protocol based on the ISO / IEC-14443-3 standard.
- MIFARE Ultralight
- Low-cost variant for single tickets, similar to MIFARE Classic, but without cryptography. Complies with the Type 2 tag specification for NFC tags.
- MIFARE Ultralight C
- Low-cost variant for single tickets, similar to MIFARE Classic, but with the 3DES algorithm. Complies with the Type 2 tag specification for NFC tags.
- MIFARE Plus S
- Migration product to bring installations of MIFARE Classic to a higher security level. Can be used as MIFARE Classic during the migration phase and offers AES-128-based authentication and signing of the transmitted data after the so-called Security Level Switch .
- MIFARE Plus X
- Same functionality as MIFARE Plus S, but with the additional option of encrypting data transmission using AES-128. Supports a so-called proximity check to avoid so-called relay station attacks . Both MIFARE Plus product variants are certified according to Common Criteria EAL 4+ .
- MIFARE Plus SE
- The MIFARE Plus SE is an entry-level product that is being traded as a replacement for the MIFARE Classic with 1K memory, but it is more secure thanks to the support of AES.
- MIFARE Plus EV2
- The MIFARE Plus EV2 has a security level concept that enables older infrastructures to be upgraded to provide more security. Supports functions such as Transaction MAC, Transaction Timer, SL1SL3Mix Mode and is backwards compatible with MIFARE Classic EV1 and MIFARE Plus products. Better read range and transaction speed compared to the previous product. Certified according to Common Criteria EAL 5+.
- MIFARE DESFire
- Microcontroller based, 3DES
- MIFARE DESFire EV1
- Microcontroller based, 3DES, AES-128. Card memory can be freely personalized using applications and files (types: record, counter, binary, with or without transaction backup). The MIFARE DESFire EV1 is certified according to Common Criteria EAL 4+ .
- MIFARE DESFire EV2
- Same functionality as DESFire EV1, but requires a lower magnetic field strength, supports larger buffers during transmission and offers additional functions such as delegated application management, proximity check, rolling key sets, transaction MAC, support for virtual card architecture. The MIFARE DESFire EV2 is certified according to Common Criteria EAL 5+ .
- MIFARE DESFire EV3
- Compared to the MIFARE DESFire EV2, the MIFARE DESFire EV2 has a larger reading range and higher transaction speed. It offers additional functions such as SUN (Secure Unique NFC Message) and a transaction timer. The MIFARE DESFire EV3 is certified according to Common Criteria EAL 5+.
- MIFARE 2GO
- Cloud-based platform that digitizes the architecture of physical MIFARE product-based cards. This enables smart city applications such as mobile ticketing, mobile access to buildings and mobile payments (e.g. in the cafeteria) with the help of NFC-enabled mobile phones or portable devices.
credentials
| application | Application category | Project | NXP partner | place | Product used | use |
|---|---|---|---|---|---|---|
| Toll card | Smart Mobility | Touch'n Go | Smart Technologies Group | Moscow, Russia | MIFARE Ultralight | Contactless smart cards for payment functions in the AFC system of the Moscow subway |
| Automatic Fare Collection | Smart Mobility | Touch'n Go | Kuala Lumpur | Malaysian toll system for highways | ||
| Parking card | Smart Mobility | NOL | RTA | Dubai | MIFARE DESFire EV1 | Multi-application card also used for parking management |
| Parking card | Smart Mobility | Pay on Foot system | Skidata | Ireland | Used for cashless payments at parking machines | |
| Mobile ticketing | Smart Mobility | SmartRider | Perth, Australia | MIFARE Classic 1k | Payment card for public transport in Perth | |
| Mobile ticketing | access | MIFARE4Mobile | Gemalto , Giesecke & Devrient , Oberthur Technologies, STMicroelectronics | MIFARE SmartMX | Access to buildings via smartphone | |
| Tourist card | Smart Mobility | Mobilis Card | Agencia Valenciana de Mobilidad (aVM) | Valencia | MIFARE SmartMX | Tourist card, bike rental, car sharing, transport, taxi card, access control |
| Local public transport | Smart Mobility | Oyster card | London, UK | MIFARE Classic 1k | Used in public transport | |
| Local public transport | Smart Mobility | Polygo Card | Stuttgart, Germany | MIFARE DESFire EV1 | Use in public transport | |
| Fuel card | Smart Mobility | Shell | Plastic card | Turkey | MIFARE Classic 1k | Loyalty card programs at petrol stations |
| Fuel card | Smart Mobility | Petrol Ofisi | Plastic card | Turkey | MIFARE Classic 1k | Loyalty card programs at petrol stations |
| Taxi card | Smart Mobility | Touch Travel Card | Sri Lanka | MIFARE DESFire EV1 | Payment card for taxis | |
| Taxi card | Smart Mobility | NOL | RTA | Dubai | Multi-application card for taxis, among other things | |
| Ferry ticket | Smart Mobility | Opal card | Sydney, Australia | MIFARE DESFire EV1 | Map for transportation and ferry services | |
| Car sharing | Smart Mobility | Car2go | Daimler | MIFARE DESFire EV1 | Smartcard for car sharing | |
| Car sharing | Smart Mobility | MOVE ABOUT | MOVE ABOUT (Germany) GmbH | Germany | MIFARE DESFire EV1 | Driving license seal for car sharing |
| Bike rental | Smart Mobility | OV-fiets | Netherlands | Bike rental smartcard | ||
| Bike rental | Smart Mobility | Callock | Bike rental | |||
| Corporate access | access | Nestlé | KABA | MIFARE DESFire EV1 | Access and security solution | |
| Home Access | access | AirKey | EVVA | MIFARE SmartMX | The cell phone becomes the key | |
| Home and office access | access | wirelessKey | SOREX | Austria, Germany, Switzerland | MIFARE Classic 1k | Access with Bluetooth smartphone and Mifare card |
| Home Access | access | Real estate company Top-Invest sárl | Somersault | Luxembourg | MIFARE DESFire EV1 | Locks for private households |
| Hotel access | access | Marriott hotel card | KABA | Hotel access card | ||
| Student ID | access | University of Cambridge student ID | Somersault | Cambridge, UK | MIFARE DESFire EV1 | Multiplications student card |
| Student ID | access | University of Oxford student ID card | Oxford, UK | MIFARE DESFire EV1 4k | Multiplications student card | |
| Event ticketing | access | FC Cologne | Payment Solutions | Cologne, Germany | MIFARE DESFire EV1 | Event ticketing for soccer games |
| Event ticketing | access | Ticket FIFA 2014 | Brazil | Event ticketing for the soccer World Cup | ||
| Citizen Card | access | National Entitlement Card (NEC) | Scotland, UK | MIFARE SmartMX | 30 different services (identity, transport, financial and health-related services, ...) | |
| library card | access | Berlin Dietrich Bonhoeffer Library | Bibliotheca | Berlin, Germany | MIFARE DESFire EV1 | ID |
| library card | access | Reutlingen City Library | Germany | MIFARE DESFire EV1 | Cashless payment of library costs | |
| amusement park | access | Transdev Studio | Bank mega | Macassar | MIFARE DESFire EV1 | Access, loyalty & micropayment |
| Museum Card | access | Müze Kart | Mapikart, Türsab | Istanbul, Turkey | MIFARE Classic 1k | Ticket for entry to a museum |
| Ticketing | access | Season ticket RSV Lahn-Dill | YouCard Kartensysteme GmbH | Wetzlar, Germany | MIFARE Ultralight | Entrance ticket to stadium |
| Membership card | Loyalty | Manchester City Football Club - Stadium Membership Card | Gemalto | Manchester | Access, loyalty, membership, payment function | |
| Customer card | Loyalty | Rabbit Card - Carrot Rewards | Bangkok, Thailand | MIFARE DESFire EV1 | Used for transportation, shops, restaurants, identification, access control, security and carrot rewards | |
| Customer card | Loyalty | Trans Studio amusement park | Bank mega | Indonesia | MIFARE DESFire EV1 | Trans Studio amusement park |
| Health Card | Identification | European Health Insurance Card | Europe | JCOP | Health and Identification Card | |
| Health card | ID | Sesame Vitale card | France | MIFARE SmartMX | Health card that can also be used to identify a person | |
| Digital signature | ID | Vingcard | Assa Abloy | Digital signature for access systems | ||
| Micropayment | Micropayment | Yeldi | India | MIFARE DESFire EV1 | Cashless payment via mobile phone | |
| Multi applications | Multi applications | Touch Travel Card | Sri Lanka | MIFARE DESFire EV1; MIFARE SAM AV2 | Transport, micropayment, payment function for shops and taxis, NFC ticketing via mobile phone | |
| Multi applications | Multi applications | Passolig (TFF) | E-Kart, E-Kent, Aktifbank | Turkey | JCOP; MIFARE DESFire EV1 | Stage access ticketing, micropayment, payment function, transport |
| Smart paper ticket | Moscow Metropolitan Card | Smart Technologies Group | Moscow, Russia | MIFARE Ultralight | Smart paper ticketing in public transport | |
| Bank card | Bank card | Touch Travel Card | Sri Lanka | MIFARE DESFire EV1 | Payment function | |
| fxCard | Access, identification | Proof of driver qualifications | Worldwide | MIFARE Classic 1k | Proof of driver qualifications | |
| Locker systems | Multi-application | Cabinet locking systems | Gantner Electronic GmbH | Worldwide | Mifare Classic
Mifare DESFire EV1 / EV2 Mifare Ultralight SMART MX JCOP |
Cabinet locking systems in a wide variety of applications which can be used with RFID cards (each cabinet has its own RFID lock).
Free choice of lockers - typically in public facilities (swimming pools, fitness clubs, amusement parks, ...), personalized locker locking systems (permanently assigned lockers) or in logistics systems |
| Student ID | access | KIT student ID | Germany | MIFARE DESFire EV1
MIFARE DESFire EV2 |
Payment card for vending machines and cafeteria, lockers, door locking systems (including access to atomic protection areas, with additional access randomization for library access) |
See also
- Radio Frequency Identification ( RFID )
- Transponder
Individual evidence
- ^ Mifare - Little Security, Despite Obscurity, talk at the 24C3
- ↑ Encryption of a leading payment card system cracked, article in issue 08/2008 of the c't
- ↑ Heise: Is the MIFARE Classic RFID system over?
- ↑ Algebraic Attacks on the Crypto-1 Stream Cipher in MIFARE Classic and Oyster Cards (original report)
- ↑ Analyzing RFID Security, lecture at the 25C3
- ↑ MIFARE certificates online database
- ↑ NXP MIFARE Plus EV2 . NXP.
- ↑ NXP MIFARE DESFire EV3 . NXP.
- ↑ NXP MIFARE 2GO . NXP.
- ↑ SMART TECHNOLOGIES GROUP - Moscow Metro, AFC, contactless smart cards
- ↑ http://www.mifare.net/en/aboutmifare/news/multi-application-mobile-ticketing-based-mifare-technolo/
- ↑ Archived copy ( memento of the original from March 3, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ http://nxp-rfid.com/nxp-enables-mobile-ticketing-for-smart-mobile-devices/
- ↑ Archived copy ( memento of the original from September 23, 2015 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ http://www.smartek.ru/en/solutions/afcs/afcsprojets/mosmetroafcs.aspx
- ↑ https://www.shellsmart.com/smart/index.html?site=en-en
- ↑ http://www.positivecard.com.tr/
- ↑ http://www.orik.lk/news_and_press.php
- ↑ http://secureidnews.com/news-item/dubai-ask-renews-agreement-for-citys-multimodal-ticketing-system/
- ↑ http://www.smartek.ru/en/solutions/afcs/afcsprojets/mosmetroafcs.aspx
- ↑ http://www.nfc.cc/tag/car2go/
- ↑ http://www.move-about.de
- ↑ Archived copy ( Memento of the original from May 28, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Nestlé Completes Electronic Security Installation ( Memento of the original from March 4, 2016 in the Internet Archive ) Info: The archive link was automatically inserted and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ http://www.evva.at/airkey
- ↑ Archived copy ( Memento of the original from February 17, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ http://saltosystems.de/index.php?option=com_content&task=view&id=365
- ↑ http://www.rfidjournal.com/articles/view?10036/2
- ↑ Archived copy ( memento of the original from September 1, 2013 in the Internet Archive ) Info: The archive link was inserted automatically and not yet checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Archived copy ( Memento of the original from May 28, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ http://www.rfidsolutionsonline.com/doc/1-fc-kln-implements-philips-chip-technology-f-0001
- ↑ http://www.siemens.com/innovation/apps/pof_microsite/_pof-spring-2014/_html_en/sports-facilities.html
- ↑ http://www.mifare.net/en/aboutmifare/news/new-smart-card-solution-scotland/
- ↑ http://www.mifare.net/en/aboutmifare/news/berlins-libraries-implement-rfid-modernization/
- ↑ Archived copy ( Memento of the original from May 28, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ http://www.mifare.net/en/aboutmifare/news/nxp-and-bank-mega-enhance-customer-experience-with-multi-applica/
- ↑ Archived copy ( memento of the original dated February 21, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ https://www.youcard.de/ueber-youcard/youcard-case-studies/rsv-lahn-dill-dauerkarten-und-individuelle-besucherverwaltung/
- ↑ http://www.rfidjournal.com/articles/view?3985
- ↑ Archived copy ( memento of the original dated February 6, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. http://www.free-press-release.com/news-new-rabbit-card-brings-e-money-system-to-bangkok-1339744796.html
- ↑ http://www.nxp.com/news/press-releases/2011/12/nxp-and-bank-mega-enhance-customer-experience-with-multi-application-smart-card-solution-for-in -door-theme-parks.html
- ↑ http://www.mifare.net/files/7113/4978/9303/NXP_JCOP.pdf ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.
- ↑ Archived copy ( Memento of the original from May 27, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Archived copy ( Memento of the original from May 25, 2015 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ http://www.microwavejournal.com/articles/print/18429-yeldi-selects-identive-and-nxp-for-nfc-cashless-payment-solution-in-india
- ↑ http://www.orik.lk/news_and_press.php
- ↑ http://www.passolig.com.tr/
- ↑ http://www.nxp.com/news/press-releases/2009/01/moscow-metro-the-world-s-first-major-transport-system-to-operate-fully-contactless-with-nxp -s-mifare-technology.html
- ↑ http://www.mifare.net/index.php?cID=3180
Web links
- Official MIFARE website
- Official NXP website
- Official Infineon (IFX) website
- Weaknesses of the MIFARE Classic RFID system confirmed (Heise Security, March 19, 2008)
- Is the Mifare Classic RFID system over? (Heise News April 18, 2008)
- Algebraic Attacks on the Crypto-1 Stream Cipher in MIFARE Classic and Oyster Cards
- Chaosradio Express: The MIFARE Hack (An interview with Henryk Plötz from September 16, 2008)
- Henryk Plötz: MIFARE Classic - An analysis of the implementation (diploma thesis; PDF; 2.8 MB)
- Mifare Classic Offline Cracker