MIFARE

Dear Readers,

 

MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.

The brand includes proprietary solutions based on various levels of the ISO/IEC 14443 Type A 13.56 MHz contactless smart card standard. It uses AES and DES/Triple-DES encryption standards, as well as an older proprietary encryption algorithm, Crypto-1. According to NXP, 10 billion of their smart card chips and over 150 million reader modules have been sold.^[1]

The MIFARE trademark is owned by NXP Semiconductors, which was spun off from Philips Electronics in 2006.^{[citation needed]}

Variants[edit]

MIFARE products are embedded in contactless and contact smart cards, smart paper tickets, wearables and phones.^{[citation needed]}

The MIFARE brand name (derived from the term MIKRON FARE Collection and created by the company Mikron) covers four families of contactless cards:

MIFARE Classic

Employs a proprietary protocol compliant to parts 1–3 of ISO/IEC 14443 Type A, with an NXP proprietary security protocol for authentication and ciphering.^{[citation needed]}

Subtypes: MIFARE Classic EV1 (other subtypes are no longer in use).

MIFARE Plus

Drop-in replacement for MIFARE Classic with certified security level (AES-128 based) and is fully backward compatible with MIFARE Classic.^{[citation needed]}

Subtypes: MIFARE Plus S, MIFARE Plus X, MIFARE Plus SE and MIFARE Plus EV2.

MIFARE Ultralight

Low-cost ICs that are useful for high volume applications such as public transport, loyalty cards and event ticketing.

Subtypes: MIFARE Ultralight C, MIFARE Ultralight EV1, MIFARE Ultralight Nano and MIFARE Ultralight AES.

MIFARE DESFire

Contactless ICs that comply with parts 3 and 4 of ISO/IEC 14443-4 Type A with a mask-ROM operating system from NXP. The DES in the name refers to the use of a DES, two-key 3DES, three-key 3DES and AES encryption; while Fire is an acronym for Fast, innovative, reliable, and enhanced.

Subtypes: MIFARE DESFire EV1, MIFARE DESFire EV2, MIFARE DESFire EV3 and MIFARE DESFire Light.

There is also the MIFARE SAM AV2 contact smart card. This can be used to handle the encryption in communicating with the contactless cards. The SAM (Secure Access Module) provides the secure storage of cryptographic keys and cryptographic functions.

MIFARE Classic family[edit]

The MIFARE Classic IC is just a memory storage device, where the memory is divided into segments and blocks with simple security mechanisms for access control. They are ASIC-based and have limited computational power. Due to their reliability and low cost, those cards are widely used for electronic wallets, access control, corporate ID cards, transportation or stadium ticketing. It uses an NXP proprietary security protocol (Crypto-1) for authentication and ciphering.^{[citation needed]}

MIFARE Classic encryption has been compromised; see below for details.^{[citation needed]}

The MIFARE Classic with 1K memory offers 1,024 bytes of data storage, split into 16 sectors; each sector is protected by two different keys, called A and B. Each key can be programmed to allow operations such as reading, writing, increasing value blocks, etc. MIFARE Classic with 4K memory offers 4,096 bytes split into forty sectors, of which 32 are the same size as in the 1K with eight more that are quadruple size sectors. MIFARE Classic Mini offers 320 bytes split into five sectors. For each of these IC types, 16 bytes per sector are reserved for the keys and access conditions and can not normally be used for user data. Also, the very first 16 bytes contain the serial number of the card and certain other manufacturer data and are read-only. That brings the net storage capacity of these cards down to 752 bytes for MIFARE Classic with 1K memory, 3,440 bytes for MIFARE Classic with 4K memory, and 224 bytes for MIFARE Mini.^{[citation needed]}

Parts of this article (those related to smartphone types) need to be updated. Please help update this article to reflect recent events or newly available information. (December 2013)

The Samsung TecTile NFC tag stickers use MIFARE Classic chips. This means only devices with an NXP NFC controller chip can read or write these tags. At the moment BlackBerry phones, the Nokia Lumia 610 (August 2012^[2]), the Google Nexus 4, Google Nexus 7 LTE and Nexus 10 (October 2013^[3]) can’t read/write TecTile stickers.^{[citation needed]}

MIFARE Plus family[edit]

MIFARE Plus[edit]

MIFARE Plus is a replacement IC solution for the MIFARE Classic.

Key applications:

• Public transportation
• Access management; e.g., employee, school, or campus cards
• Electronic toll collection
• Car parking
• Loyalty programs

It is less flexible than a MIFARE DESFire EV1 contactless IC.

MIFARE Plus was publicly announced in March 2008 with first samples in Q1 2009.^[4]

MIFARE Plus, when used in older transportation systems that do not yet support AES on the reader side, still leaves an open door to attacks. Though it helps to mitigate threats from attacks that broke the Crypto-1 cipher through the weak random number generator, it does not help against brute force attacks and cryptoanalytic attacks.^[5]

During the transition period from MIFARE Classic to MIFARE Plus where only a few readers might support AES in the first place, it offers an optional AES authentication in Security Level 1 (which is in fact MIFARE Classic operation). This does not prevent the attacks mentioned above but enables a secure mutual authentication between the reader and the card to prove that the card belongs to the system and is not fake.

In its highest security level SL3, using 128-bit AES encryption, MIFARE Plus is secured from attacks.^{[citation needed]}

MIFARE Plus EV1[edit]

MIFARE Plus EV1 was announced in April 2016.^[6]

New features compared to MIFARE Plus X include:

Sector-wise security-level switching

The choice of crypto algorithm used in the authentication protocol can be set separately for each sector. This makes it possible to use the same card with both readers that can read MIFARE Classic products (with sectors protected by 48-bit CRYPTO1 keys, “Security Level 1”) and readers that can read MIFARE Plus products (with sectors protected by 128-bit AES keys, “Security Level 3”). This feature is intended to make it easier to gradually migrate existing MIFARE Classic product-based installations to MIFARE Plus, without having to replace all readers at the same time.

ISO 7816-4 wrapping

The card can now be accessed in either the protocol for MIFARE (which is not compliant with the ISO 7816-4 APDU format), or using a new protocol variant that runs on top of ISO 7816-4. This way the cards become compatible with NFC reader APIs that can only exchange messages in ISO 7816-4 APDU format, with a maximum transfer data buffer size of 256 bytes.

Proximity check

While the protocol for MIFARE Classic tolerated message delays of several seconds, and was therefore vulnerable to relay attacks, MIFARE Plus EV1 now implements a basic “ISO compliant” distance-bounding protocol. This puts tighter timing constraints on the permitted round-trip delay during authentication, to make it harder to forward messages to far-away cards or readers via computer networks.

Secure end-2-end channel

Permits AES-protected over-the-air updates even to Crypto1 application sectors (SL1SL3 mix mode).

Transaction MAC

The card can produce an additional message-authentication code over a transaction that can be verified by a remote clearing service, independent of the keys used by the local reader during the transaction.

MIFARE Plus EV2[edit]

The MIFARE Plus EV2 was introduced to the market on 23 June 2020.^[7] It comes with an enhanced read performance and transaction speed compared to MIFARE Plus EV1.^[8]

New features compared to MIFARE Plus EV1 include:

Transaction Timer

To help mitigate man-in-the-middle attacks, the Transaction Timer feature, which is also available on NXP’s MIFARE DESFire EV3 IC, makes it possible to set a maximum time per transaction, so it’s harder for an attacker to interfere with the transaction.

MIFARE Ultralight family[edit]

MIFARE Ultralight[edit]

The MIFARE Ultralight has only 512 bits of memory (i.e. 64 bytes), without cryptographic security. The memory is provided in 16 pages of 4 bytes. Cards based on these chips are so inexpensive that they are often used for disposable tickets for events such as the Football World Cup 2006. It provides only basic security features such as one-time-programmable (OTP) bits and a write-lock feature to prevent re-writing of memory pages but does not include cryptography as applied in other MIFARE product-based cards.

MIFARE Ultralight EV1[edit]

MIFARE Ultralight EV1^[9] introduced in November 2012 the next generation of paper ticketing smart card ICs for limited-use applications for ticketing schemes and additional security options. It comes with several enhancements above the original MIFARE Ultralight:

• 384 and 1024 bits user memory product variants
• OTP, lock bits, configurable counters for improved security
• Three independent 24-bit one-way counters to stop reloading
• Protected data access through 32-bit password
• NXP Semiconductors originality signature function, this is an integrated originality checker and is effective cloning protection that helps to prevent counterfeit of tickets. However, this protection is applicable only to “mass penetration of non NXP originated chips and does not prevent hardware copy or emulation of a single existing valid chip”^[10]

Applications:

• Limited-use tickets in public transport
• Event ticketing (stadiums, exhibitions, leisure parks)
• Loyalty

MIFARE Ultralight C[edit]

Introduced at the Cartes industry trade show in 2008, the MIFARE Ultralight C IC is part of NXP’s low-cost MIFARE product offering (disposable ticket). With Triple DES, MIFARE Ultralight C uses a widely adopted standard, enabling easy integration in existing infrastructures. The integrated Triple DES authentication provides an effective countermeasure against cloning.^{[citation needed]}

Key applications for MIFARE Ultralight C are public transportation, event ticketing, loyalty and NFC Forum tag type 2.

MIFARE Ultralight AES[edit]

It was introduced in 2022.

MIFARE DESFire family[edit]

MIFARE DESFire[edit]

The MIFARE DESFire (MF3ICD40) was introduced in 2002 and is based on a core similar to SmartMX, with more hardware and software security features than MIFARE Classic. It comes pre-programmed with the general-purpose MIFARE DESFire operating system which offers a simple directory structure and files. They are sold in four variants: One with Triple-DES only and 4 kiB of storage, and three with AES (2, 4, or 8 kiB; see MIFARE DESFire EV1). The AES variants have additional security features; e.g., CMAC. MIFARE DESFire uses a protocol compliant with ISO/IEC 14443-4.^[11] The contactless IC is based on an 8051 processor with 3DES/AES cryptographic accelerator, making very fast transactions possible.

The maximal read/write distance between card and reader is 10 centimetres (3.9 in), but the actual distance depends on the field power generated by the reader and its antenna size.

In 2010, NXP announced the discontinuation of the MIFARE DESFire (MF3ICD40) after it had introduced its successor MIFARE DESFire EV1 (MF3ICD41) in late 2008. In October 2011 researchers of Ruhr University Bochum^[12] announced that they had broken the security of MIFARE DESFire (MF3ICD40), which was acknowledged by NXP^[13] (see MIFARE DESFire security).

MIFARE DESFire EV1[edit]

First evolution of MIFARE DESFire contactless IC, broadly backwards compatible. Available with 2 kiB, 4 kiB, and 8 kiB non-volatile memory. Other features include:^[14]

• Support for random ID.
• Support for 128-bit AES
• Hardware and operating system are Common Criteria certified at level EAL 4+

MIFARE DESFire EV1 was publicly announced in November 2006.^{[citation needed]}

Key applications:

• Advanced public transportation
• Access management
• Loyalty
• Micropayment

MIFARE DESFire EV2[edit]

The second evolution of the MIFARE DESFire contactless IC family, broadly backwards compatible.^[15] New features include:

• MIsmartApp enabling to offer or sell memory space for additional applications of 3rd parties without the need to share secret keys
• Transaction MAC to authenticate transactions by 3rd parties
• Virtual Card Architecture for privacy protection
• Proximity check against relay attacks

MIFARE DESFire EV2 was publicly announced in March 2016 at the IT-TRANS event in Karlsruhe, Germany

MIFARE DESFire EV3[edit]

The latest evolution of the MIFARE DESFire contactless IC family, broadly backward compatible. New features include:

• ISO/IEC 14443 A 1–4 and ISO/IEC 7816-4 compliant
• Common Criteria EAL5+ certified for IC hardware and software
• NFC Forum Tag Type 4 compliant
• SUN message authentication for advanced data protection within standard NDEF read operation
• Choice of open DES/2K3DES/3K3DES/AES crypto algorithms
• Flexible file structure hosts as many applications as the memory size supports
• Proof of transaction with card generated MAC
• Transaction Timer mitigates risk of man-in-the-middle attacks

MIFARE DESFire EV3 was publicly announced on 2 June 2020.^[16]

MIFARE SAM AV2[edit]

MIFARE SAMs are not contactless smart cards. They are secure access modules designed to provide the secure storage of cryptographic keys and cryptographic functions for terminals to access the MIFARE products securely and to enable secure communication between terminals and host (backend). MIFARE SAMs are available from NXP in the contact-only module (PCM 1.1) as defined in ISO/IEC 7816-2 and the HVQFN32 format.^{[citation needed]}

Integrating a MIFARE SAM AV2 in a contactless smart card reader enables a design that integrates high-end cryptography features and the support of cryptographic authentication and data encryption/decryption.^{[citation needed]} Like any SAM, it offers functionality to store keys securely and perform authentication and encryption of data between the contactless card and the SAM and the SAM towards the backend. Next to a classical SAM architecture, the MIFARE SAM AV2 supports the X-mode which allows a fast and convenient contactless terminal development by connecting the SAM to the microcontroller and reader IC simultaneously.^{[citation needed]}

MIFARE SAM AV2 offers AV1 mode and AV2 mode where in comparison to the SAM AV1 the AV2 version includes public key infrastructure (PKI), hash functions like SHA-1, SHA-224, and SHA-256. It supports MIFARE Plus and secure host communication. Both modes provide the same communication interfaces, cryptographic algorithms (Triple-DES 112-bit and 168-bit key, MIFARE products using Crypto1, AES-128 and AES-192, RSA with up to 2048-bit keys), and X-mode functionalities.^{[citation needed]} The MIFARE SAM AV3 is the third generation of NXP’s Secure Access Module, and it supports MIFARE ICs as well as NXP’s UCODE DNA, ICODE DNA and NTAG DNA ICs.^[17]

MIFARE 2GO[edit]

A cloud-based platform that digitizes MIFARE product-based smart cards and makes them available on NFC-enabled smartphones and wearables. With this, new Smart City use cases such as mobile transit ticketing, mobile access and mobile micropayments are being enabled.^[18]