Everything about Mifare totally explained
MIFARE is the
NXP Semiconductors-owned trademark (a spin-off company formed out of
Philips Semiconductors) of the reputedly most widely installed
contactless smartcard, or
proximity card, technology in the world with 500 million smart card chips and 5 million reader modules sold. The patented technology is owned by NXP Semiconductors, with its Headquarters in Eindhoven, the Netherlands and main business sites in Nijmegen, the Netherlands and Hamburg, Germany.
The MIFARE proprietary technology is based upon the
ISO 14443 (RFID) Type A 13.56
MHz contactless smart card standard.
The technology is embodied in both cards and readers (also referred to as a Proximity Coupling Device).
The MIFARE name covers 4 really different kind of
contactless cards :
- MIFARE Standard (or Classic) cards employ a proprietary high-level protocol instead of ISO 14443-4, with an NXP proprietary security protocol for authentication and ciphering.
- MIFARE UltraLight cards employ the same protocol as MIFARE Classic, but without the security part and slightly different commands
- MIFARE DESfire cards are fact smartcards that comply to ISO 14443-4 (T=CL) with a mask-ROM operating system from NXP.
- MIFARE ProX, and SmartMX, are NXP Semiconductors brand names for smartcards that comply to ISO 14443-4 (T=CL).
MIFARE Standard
The MIFARE Classic and MIFARE UltraLight cards are fundamentally just memory storage devices, where the memory is divided into segments and blocks with simple security mechanisms for
access control. They are
ASIC based and have limited computational power. Thanks to their reliability and low cost, those cards are widely used for electronic wallet, access control, corporate ID cards, transportation or stadium ticketing.
The MIFARE Standard 1k offers about 768 bytes of data storage, split into 16
sectors; each sector is protected by two different keys, called A and B. They can be programmed for operations like reading, writing, increasing value blocks, etc.). MIFARE Standard 4k offers 3 kB split into 40 sectors of which 32 are same size as in the 1K with 8 more that are double size sectors. MIFARE Standard mini offers 320bytes split into 5 sectors.
The simplicity of the basic cards means that they're inexpensive, which is largely the reason for their success in large-scale deployments, such as
Oyster card.
The MIFARE UltraLight has only 512 bits of memory (for example 64 bytes), without security. This card is so inexpensive it's often used for disposable tickets such as the Soccer World Cup 2006.
The MIFARE Classic encryption can be broken in about 12 seconds on a laptop, so it isn't recommended for new designs.
===MIFARE T=CL cards===
MIFARE ProX and SmartMX are
microprocessor based cards. The hardware does nothing on its own, it has to be programmed with dedicated software - an operating system. Most of the time, the
microprocessor is coupled to a co-processor dedicated to fast cryptographic computations (for example,
Triple DES,
AES,
RSA, etc.). These cards are capable of executing complex operations that are as secure and fast as operations on contact based cards. The SmartMX is, in fact, also available as a contact based card, or with multiple interfaces, and offers a high degree of flexibility. These cards are capable of supporting a range of both proprietary and open operating systems, including the
Java CardTM operating system (JCOP).
Depending on the installed software, the card can be used for almost any kind of application. This kind of card is mostly used where a high level of security is required (for example, secure travel documents, electronic passports, payment cards, etc.), and is certified by independent parties such as
Common Criteria. The hardware of the SmartMX is Common Criteria certified at EAL5+ by the
Bundesamt für Sicherheit in der Informationstechnik, BSI, which means that it's highly resistant to tampering such as, for instance,
reverse engineering attacks, fault/glitch attacks, or
power analysis attacks. Each operating system on top of the hardware requires its own certification in order for the entire product to be certified.
MIFARE DESFire
The MIFARE DESFire is another
NXP microprocessor platform with more hardware security features than the standard MIFARE Standard chips. It is sold already programmed with a general purpose software (the DESFire operating system) that offers more or less the same functions as MIFARE Standard (4kB data storage split into 16 areas) but with higher flexibility, stronger triple-DES security, and faster, standards compliant
T=CL communication.
The typical read/write distance between card and reader is 10 cm (4 inches), but actual distance depends on the field power generated by the reader and its antenna size.
MIFARE DESFire8
Despite the name, this isn't just an 8kB variant of the DESFire card. Other features include
Support for random UID
Support for the AES128 cipher
Common Criteria certified at level EAL 4+
DESfire8 has been publicly announced in November 2006.
MIFARE Plus
MIFARE Plus is a drop-in replacement card for MIFARE Classic to allow for easy upgrade of existing infrastructures to higher levels of open-standard security. Other features include
Support for random UID (7 bytes)
Support for the AES128 cipher
Common Criteria certified at level EAL 4+
It differs from DESfire8 in not being as flexible as the latter.
MIFARE Plus has been publicly announced in March 2008 ((External Link
)) with availability of first samples in Q4 2008.
History
1994 — MIFARE Standard 1k contactless technology introduced.
1996 — First transport scheme in Seoul using MIFARE Standard 1k.
1997 — MIFARE PRO with Triple DES coprocessor introduced.
1999 — MIFARE PROX with PKI coprocessor introduced.
2001 — MIFARE UltraLight introduced.
2002 — MIFARE DESFire introduced, microprocessor based product.
2004 — MIFARE DESFire SAM introduced, secure infrastructure counterpart of MIFARE DESFire.
2006 — MIFARE DESFire8 is announced as the first product to support AES128
2008 — MIFARE Plus is announced as a drop-in replacement for MIFARE Classic based on AES128
Mifare was developed by Mikron; the name stands for MIkron FARE-collection System. It was acquired by Philips in 1998. Mikron licensed the Mifare technology to Atmel in the US, Philips in the Netherlands, and Siemens in Germany.
After the Philips acquisition, Hitachi contracted Mifare license with Philips which was introduced for the development of the contactless smartcard solution for NTT IC telephone card which started in 1999 and finished in 2006.
In the NTT contactless IC telephone card project, 3 parties joined. They are Tokin-Tamura-Siemens, Hitachi-(Philips-contract for technical support), Denso-(Motorola-only production). NTT asked for 2 versions of chip, for example wired-logic chip (like Mifare classic) with small memory and big memory capacitance. Hitachi developed only big memory version and cut part of the memory to fit for the small memory version. Siemens developed only wired-logic chip based on their Mifare technology with some modification. Motorola tried to develop Mifare-like chip for wired-logic version but finally gave up. The project expected 1 million cards per month for start, but fell to 0.1 million per month just before they gave up the project.
Security
A presentation by Henryk Plötz and Karsten Nohl at the Chaos Communication Congress in December 2007 described a partial reverse-engineering of the algorithm used in the Mifare Classic chip, and potentially revealed some insecurities in the Mifare Classic security model, with a full paper detailing the cipher used and its weaknesses being promised during 2008. Abstract and slides here, video here. See also the external links, below. Cards other than Mifare Classic are not affected.
In March 2008 the Digital Security research group of the Radboud University Nijmegen made public that it was able to clone and manipulate the contents of a Mifare Classic card.
Description and video of the attack here. In response it was stated by the Dutch Minister of Home Affairs and Kingdom Relations that that'll investigate whether the introduction of the Dutch Rijkspas can be brought forward from Q4 of 2008. link (Dutch).
Considerations for System Integration
The security of, for example, public transport systems against fraud relies on many components, of which the MIFARE card is just one. Typically, to minimize costs, system integrators will chose a relatively cheap card such as MIFARE Standard and concentrate the security efforts in the back office. Additional encryption on the card, transaction counters, and other methods known in cryptography are then required to make cloned cards useless, or at least to enable the back office to detect fraud should a card be compromised, and put it on a blacklist. Systems that work with online readers only (for example, readers with a permanent link to the back office) are easier to protect than systems that have offline readers as well, for which real-time checks are not possible and blacklists can't be updated as frequently.
Further Information
Get more info on 'Mifare'.
|
External Link Exchanges
Do you know how hard it is to get a link from a large encyclopaedia? Well we're different and will prove it. To get a link from us just add the following HTML to your site on a relevant page:
<a href="http://mifare.totallyexplained.com">MIFARE Totally Explained</a>
Then simply click through this link from your web page. Our crawlers will verify your link, extract the title of your web page and instantly add a link back to it. If you like you can remove the words Totally Explained and embed the link in article text.
As long as your link remains in place, we'll keep our link to you right here. Please play fair - our crawlers are watching. Your site must be closely related to this one's topic. Any kind of spamming, dubious practises or removing the link will result in your link from us being dropped and, potentially, your whole site being banned. |
