MIFARE

From Wikipedia, the free encyclopedia
Jump to: navigation, search

MIFARE is the NXP Semiconductors-owned trademark of a series of chips widely used in contactless smart cards and proximity cards. According to the producers, billions of smart card chips and many millions of reader modules have been sold.[1] The technology is owned by NXP Semiconductors (spin off from Philips Electronics in 2006) with headquarters in Eindhoven, Netherlands, and main business sites in Nijmegen, Netherlands, and Hamburg, Germany.

The MIFARE name covers proprietary technologies based upon various levels of the ISO/IEC 14443 Type A 13.56 MHz contactless smart card standard.

Variants[edit]

The technology is embodied in both cards and readers (also referred to as a Proximity Coupling Device which is suitable to use).

The MIFARE name (derived from the term MIkron FARE Collection System) covers seven different kinds of contactless cards:

MIFARE Classic 
employ a proprietary protocol compliant to parts (but not all) of ISO/IEC 14443-3 Type A, with an NXP proprietary security protocol for authentication and ciphering.
MIFARE Ultralight
low-cost ICs that employ a proprietary protocol compliant to ISO/IEC 14443-3 Type A.
MIFARE Ultralight C
the first low-cost ICs for limited-use applications that offer the benefits of an open Triple DES cryptography
MIFARE DESFire
are smart cards that comply to ISO/IEC 14443-4 Type A with a mask-ROM operating system from NXP.
MIFARE DESFire EV1
includes AES encryption.
MIFARE DESFire EV2
includes MIsmartApp, Transaction MAC, Unlimited Applications
MIFARE Plus
drop-in replacement for MIFARE Classic with certified security level (AES 128 based)
MIFARE SAM AV2
secure access module that provides the secure storage of cryptographic keys and cryptographic functions

MIFARE Classic[edit]

The MIFARE Classic card is fundamentally just a memory storage device, where the memory is divided into segments and blocks with simple security mechanisms for access control. They are ASIC-based and have limited computational power. Thanks to their reliability and low cost, those cards are widely used for electronic wallet, access control, corporate ID cards, transportation or stadium ticketing.

The MIFARE Classic 1K offers 1024 bytes of data storage, split into 16 sectors; each sector is protected by two different keys, called A and B. Each key can be programmed to allow operations such as reading, writing, increasing value blocks, etc. MIFARE Classic 4K offers 4096 bytes split into forty sectors, of which 32 are same size as in the 1K with eight more that are quadruple size sectors. MIFARE Classic mini offers 320 bytes split into five sectors. For each of these card types, 16 bytes per sector are reserved for the keys and access conditions and can not normally be used for user data. Also, the very first 16 bytes contain the serial number of the card and certain other manufacturer data and are read only. That brings the net storage capacity of these cards down to 752 bytes for MIFARE Classic 1k, 3440 bytes for MIFARE Classic 4k, and 224 bytes for Mini. It uses an NXP proprietary security protocol (Crypto-1) for authentication and ciphering.

The Samsung TecTile NFC tag stickers use MIFARE Classic chips. This means only devices with an NXP NFC controller chip can read or write these tags. At the moment BlackBerry phones, the Nokia Lumia 610 (August 2012[2]), the Google Nexus 4 and Nexus 10 (October 2013[3]) can't read/write TecTile stickers.

MIFARE Classic encryption has been compromised; see below for details.

MIFARE Ultralight and MIFARE Ultralight EV1[edit]

The MIFARE Ultralight has only 512 bits of memory (i.e. 64 bytes), without cryptographic security. The memory is provided in 16 pages of 4 bytes. Cards based on these chips are so inexpensive it is often used for disposable tickets for events such as the Football World Cup 2006. It provides only basic security features such as one-time-programmable (OTP) bits and a write-lock feature to prevent re-writing of memory pages but does not include cryptography as applied in other MIFARE based cards.

MIFARE Ultralight EV1[4] introduced in November 2012 the next generation of paper ticketing smart card IC for limited-use applications that offers solution developers and operators the maximum flexibility for their ticketing schemes and additional security options. It comes with several enhancements above the original MIFARE Ultralight

  • 384 and 1024 Bits user memory product variants
  • OTP, Lock Bits, configurable counters for improved security
  • Three independent 24-bit-one-way counters to stop reloading
  • Protected data access through 32-bit password
  • NXP Semiconductors originality signature function, this is an integrated originality checker and is an effective cloning protection that helps to prevent counterfeit of tickets.

Key applications:

  • Limited-use tickets in public transport
  • Event ticketing (stadiums, exhibitions, leisure parks)
  • Loyalty

MIFARE Ultralight C[edit]

Introduced at the Cartes industry trade show in 2008, MIFARE Ultralight C is part of NXP's low-cost MIFARE offering (disposable ticket). With Triple DES, MIFARE Ultralight C uses a widely adopted standard, enabling easy integration in existing infrastructures. The integrated Triple DES authentication provides an effective countermeasure against cloning.

Key features:

  • Fully compliant with ISO/IEC 14443 parts 1-3, Type A (including anti-collision)
  • 1536 bits (192 bytes) EEPROM memory
  • Protected data access via 3-pass Triple DES authentication
  • Memory structure as in MIFARE Ultralight (pages of 4 byte)
  • Backwards compatibility to MIFARE Ultralight due to compatible command set
  • 16 bit one-way counter
  • Unique 7 bytes serial number (UID)

Key applications for MIFARE Ultralight C are Public Transportation, Event Ticketing, Loyalty and NFC Forum Tag Type 2.

MIFARE DESFire[edit]

The MIFARE DESFire (MF3ICD40) was introduced in 2002 and is based on a core similar to SmartMX, with more hardware and software security features than MIFARE Classic. It comes pre-programmed with the general purpose MIFARE DESFire operating system which offers a simple directory structure and files. They are sold in four variants: one with Triple-DES only and 4 KB of storage, and three with AES (2, 4 or 8 KB; see MIFARE DESFire EV1). The AES variants have additional security features, e.g., CMAC. MIFARE DESFire uses a protocol compliant with ISO/IEC 14443-4.[5] The card is based on an 8051 processor with 3DES/AES crypto accelerator, making very fast transactions possible.

The maximal read/write distance between card and reader is 10 centimetres (3.9 in), but actual distance depends on the field power generated by the reader and its antenna size.

In 2010 NXP announced the discontinuation of the MIFARE DESFire (MF3ICD40) after it had introduced its successor MIFARE DESFire EV1 late 2008. In October 2011 researchers of Ruhr University Bochum[6] announced that they had broken the security of MIFARE DESFire (MF3ICD40), which was acknowledged by NXP.,[7] see DESFire Attacks

MIFARE DESFire EV1[edit]

(previously called DESFire8)

New evolution of MIFARE DESFire card, broadly backwards compatible. Available with 2 KB, 4 KB and 8 KB NV-Memory. Other features include:

  • Support for random ID
  • Support for 128-bit AES
  • Hardware and Operating System is Common Criteria certified at level EAL 4+

MIFARE DESFire EV1 was publicly announced in November 2006.[citation needed]

Key applications:

  • Advanced public transportation
  • Access management

MIFARE DESFire EV2[edit]

New evolution of MIFARE DESFire card, broadly backwards compatible.[8] New features include:

  • MIsmartApp enabling to offer or sell memory space for additional applications of 3rd parties without the need to share secret keys
  • Transaction MAC to authenticate transactions by 3rd parties
  • Virtual Card Architecture for privacy protection
  • Proximity check against relay attacks

MIFARE DESFire EV2 was publicly announced in November 2013

MIFARE Plus[edit]

MIFARE Plus is a replacement card for the MIFARE Classic. It provides an easy upgrade of existing infrastructures toward high security. Data management is identical to the MIFARE Classic; however, the security management requires the modification of the installed reader base. Other features include:

  • 2 Kbytes or 4 Kbytes of memory
  • 7 or 4 bytes UID, with optional support for random UID
  • Support for 128-bit AES
  • Common Criteria certified at level EAL 4+
  • MIFARE Plus S for simple migration or MIFARE Plus X with many eXpert commands
  • Security upgrade with cards in the field.

Key applications:

  • Public Transportation
  • Access management, e.g. employee, school or campus cards
  • Electronic toll collection
  • Car parking
  • Loyalty programs

It is less flexible than MIFARE DESFire EV1.

MIFARE Plus was publicly announced in March 2008 with first samples in Q1 2009.[9]

MIFARE Plus, when used in older transportation systems that do not yet support AES on the reader side, still leaves an open door to attacks. Though it helps to mitigate threats from attacks that broke the Crypto-1 cipher through the weak random number generator, it does not help against brute force attacks and cryptoanalytic attacks.[10] During the transition period from MIFARE Classic to MIFARE Plus where only a few readers might support AES in the first place, it offers an optional AES authentication in Security Level 1 (which is in fact MIFARE Classic operation). This does not prevent the attacks mentioned above but enables a secure mutual authentication between the reader and the card to prove that the card belongs to the system and is not fake.

MIFARE SAM AV2[edit]

MIFARE SAMs are not contactless smartcards. They are Secure access modules designed to provide the secure storage of cryptographic keys and cryptographic functions for terminals to access the MIFARE products securely and to enable secure communication between terminals and host (backend). MIFARE SAMs are available from NXP in the contact-only module (PCM 1.1) as defined in ISO/IEC 7816-2 and the HVQFN32 format.[citation needed]

Key features:

  • Compatible with MIFARE portfolio solutions
  • Supports MIFARE, 3DES and AES cryptography
  • Key diversification
  • Secure download and storage of keys
  • 128 key entries
  • ISO/IEC 7816 baud rate up to 1.5 Mbit/s
  • X-mode functionality

Integrating a MIFARE SAM AV2 in a contactless smart card reader enables a design which integrates high-end cryptography features and the support of crypto authentication and data encryption/decryption.[citation needed] Like any SAM, it offers functionality to store keys securely, and perform authentication and encryption of data between the contactless card and the SAM and the SAM towards the backend. Next to a classical SAM architecture the MIFARE SAM AV2 supports the X-mode which allows a fast and convenient contactless terminal development by connecting the SAM to the microcontroller and reader IC simultaneously.[citation needed]

MIFARE SAM AV2 offers AV1 mode and AV2 mode where in comparison to the SAM AV1 the AV2 version includes Public Key Infrastructure (PKI), Hash functions like SHA-1, SHA-224, and SHA-256. It supports MIFARE Plus and a secure host communication. Both modes provide the same communication interfaces, cryptographic algorithms (Triple-DES 112-bit and 168-bit key, MIFARE Crypto1, AES-128 and AES-192, RSA with up to 2048-bit keys), and X-mode functionalities.[citation needed]

Applications[edit]

MIFARE products can be used in different applications:[11]

  • Automated fare collection system
  • ID Cards
  • Access Management (Corporate Access, Home Access, Hotel Access, Smart Lock, Logical Access, used for Identification or Section Control)
  • Campus cards (Identification, Access, Copy machines, Vending Machines, Micropayment at Cafeterias, Transportation...)
  • Loyalty cards (reward points)
  • Tourist cards
  • Micropayment(Mobile wallet, contactless payment, cashless payment)
  • Road tolling
  • Transport ticketing
  • Event ticketing
  • Mobile ticketing
  • Citizen card
  • Membership cards
  • Parking
  • Library cards
  • Fuel cards
  • Hotel key cards
  • NFC Tag(NFC apps, MIFARE4Mobile)
  • Taxi cards
  • Smart meter
  • Museum Access Cards
  • Product Authentication
  • Production control
  • Health cards
  • Ferry Cards
  • Car rentals
  • Fleet Management
  • Amusement parks
  • Bike rentals
  • Blood donor cards
  • Information services
  • Interactive exhibits
  • Interactive lotteries
  • Password storage
  • Smart advertising
  • Social welfare
  • Waste management

Former most access systems used MIFARE Classic but today these systems switch to MIFARE DESFire because this product has more security than MIFARE Classic.

History[edit]

  • 1994 — MIFARE Classic 1k contactless technology introduced.
  • 1996 — First transport scheme in Seoul using MIFARE Classic 1k.
  • 1997 — MIFARE PRO with Triple DES coprocessor introduced.
  • 1999 — MIFARE PROX with PKI coprocessor introduced.
  • 2001 — MIFARE UltraLight introduced.
  • 2002 — MIFARE DESFire introduced, microprocessor based product.
  • 2004 — MIFARE DESFire SAM introduced, secure infrastructure counterpart of MIFARE DESFire.
  • 2006 — MIFARE DESFire EV1 is announced as the first product to support 128-bit AES
  • 2008 — MIFARE Plus is announced as a drop-in replacement for MIFARE Classic based on 128-bit AES
  • 2008 — MIFARE Ultralight C is introduced as paperticket IC featuring Triple DES Authentication
  • 2010 — MIFARE SAM AV2 is introduced as secure key storage for readers AES, Triple DES, PKI Authentication
  • 2012 — MIFARE Ultralight EV1 introduced, backwards compatible to MIFARE Ultralight but with extra security.
  • 2013 — MIFARE DESFire EV2 is announced with improved performance, security&privacy and multi-application support

MIFARE was developed by Mikron; the name stands for MIkron FARE-collection System. It was acquired by Philips in 1998. Mikron sourced silicon from Atmel in the US, Philips in the Netherlands, and Siemens in Germany.[citation needed]

Infineon Technologies(then Siemens) licensed MIFARE from Mikron in 1994[12] and developed both stand alone and integrated designs with MIFARE compatible functions. Infineon currently produces various derivatives based on MIFARE technology including 1K memory (SLE66R35) and various microcontrollers (8 bit (SLE66 series), 16 bit (SLE7x series), and 32 bit (SLE97 series) with MIFARE emulations, including devices for use in USIM with Near Field Communication.[13]

Motorola tried to develop MIFARE-like chip for wired-logic version but finally gave up. The project expected one million cards per month for start, but that fell to 100,000 per month just before they gave up the project.[14]

In 1998 Philips licensed MIFARE to Hitachi[15] Hitachi licensed MIFARE for the development of the contactless smart card solution for NTT's IC telephone card which started in 1999 and finished in 2006.[citation needed] In the NTT contactless IC telephone card project, three parties joined: Tokin-Tamura-Siemens, Hitachi (Philips-contract for technical support), and Denso (Motorola-only production).[citation needed] NTT asked for two versions of chip, i.e. wired-logic chip (like MIFARE Classic) with small memory and big memory capacity. Hitachi developed only big memory version and cut part of the memory to fit for the small memory version.

The deal with Hitachi was upgraded in 2008 by NXP ( by then no longer part of Philips) to include MIFARE Plus and MIFARE DESFire to the renamed semiconductor division of Hitachi Renesas Technology.[16]

In 2010 NXP licensed MIFARE to Gemalto. In 2011 NXP licensed Oberthur to use MIFARE on SIM cards. These licensees are developing Near Field Communication products[17][18]

Security of MIFARE Classic, MIFARE DESFire and MIFARE Ultralight[edit]

The encryption used by the MIFARE Classic card uses a 48 bit key.[19]

A presentation by Henryk Plötz and Karsten Nohl[20] at the Chaos Communication Congress in December 2007 described a partial reverse-engineering of the algorithm used in the MIFARE Classic chip. Abstract and slides[21] are available online. A paper that describes the process of reverse engineering this chip was published at the August 2008 USENIX security conference.[22]

In March 2008 the Digital Security[23] research group of the Radboud University Nijmegen made public that they performed a complete reverse-engineering and were able to clone and manipulate the contents of an OV-Chipkaart which is a MIFARE Classic card.[24] For demonstration they used the Proxmark device, a 125 kHz / 13.56 MHz research instrument.[25] The schematics and software are released under the free GNU General Public License by Jonathan Westhues in 2007. They demonstrate it is even possible to perform card-only attacks using just an ordinary stock-commercial NFC reader in combination with the libnfc library.

The Radboud University published three scientific papers concerning the security of the MIFARE Classic:

In response to these attacks, the Dutch Minister of the Interior and Kingdom Relations stated that they would investigate whether the introduction of the Dutch Rijkspas could be brought forward from Q4 of 2008.[26]

NXP tried to stop the publication of the second article by requesting a preliminary injunction. However, the injunction was denied, with the court noting that, "It should be considered that the publication of scientific studies carries a lot of weight in a democratic society, as does informing society about serious issues in the chip, because it allows for mitigating of the risks."[27][28]

Both independent research results are confirmed by the manufacturer NXP.[29] These attacks on the cards didn't stop the further introduction of the card as the only accepted card for all Dutch public transport the OV-chipkaart continued as nothing happened[30] but in October 2011 the company TLS, responsible for the OV-Chipkaart announced that the new version of the card will be better protected against fraud.[31]

The MIFARE Classic encryption Crypto-1 can be broken in about 200 seconds on a laptop,[32] if approx. 50 bits of known (or chosen) key stream are available. This attack reveals the key from sniffed transactions under certain (common) circumstances and/or allows an attacker to learn the key by challenging the reader device.

The attack proposed in[33] recovers the secret key in about 40 ms on a laptop. This attack requires just one (partial) authentication attempt with a legitimate reader.

Additionally there are a number of attacks that work directly on a card and without the help of a valid reader device.[34] These attacks have been acknowledged by NXP.[35] In April 2009 new and better card-only attack on MIFARE Classic has been found. It was first announced at the Rump session of Eurocrypt 2009.[36] This attack was presented at SECRYPT 2009.[37] The full description of this latest and fastest attack to date can also be found in the IACR preprint archive.[38] The new attack improves by a factor of more than 10 all previous card-only attacks on MIFARE Classic, has instant running time, and it does not require a costly precomputation. The new attack allows to recover the secret key of any sector of MIFARE Classic card via wireless interaction, within about 300 queries to the card. It can then be combined with the nested authentication attack in the Nijmegen Oakland paper to recover subsequent keys almost instantly. Both attacks combined and with the right hardware equipment such as Proxmark3, one should be able to clone any MIFARE Classic card in not more than 10 seconds. This is much faster than previously thought.

DESFire Attacks

In October 2011 David Oswald and Christof Paar of Ruhr-University in Bochum, Germany, detailed how they were able to conduct a successful "side-channel" attack against the card using equipment that can built for nearly $3,000. called "Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World,"[39] They stated that System integrators should be aware of the new security risks that arise from the presented attacks and can no longer rely on the mathematical security of the used 3DES cipher. Hence, in order to avoid, e.g. manipulation or cloning of smartcards used in payment or access control solutions, proper actions have to be taken: on the one hand, multi-level countermeasures in the backend allow to minimize the threat even if the underlying RFID platform is insecure," In a statement[40] NXP said that the attack would be difficult to replicate and that they had already planned to discontinue the card at the end of 2011. NXP also stated "Also, the impact of a successful attack depends on the end-to-end system security design of each individual infrastructure and whether diversified keys – recommended by NXP – are being used. If this is the case, a stolen or lost card can be disabled simply by the operator detecting the fraud and blacklisting the card, however this operation assumes that the operator has those mechanisms implemented. This will make it even harder to replicate the attack with a commercial purpose,"

Ultralight Attack

In September 2012 a security consultancy Intrepidus[41] demonstrated at the EU SecWest event in Amsterdam,[42] that MIFARE Ultralight based fare cards in the New Jersey and San Francisco transit systems can be manipulated using an Android application, enabling travelers to reset their card balance and travel for free in a talk entitled "NFC For Free Rides and Rooms (on your phone)".[43] Although not a direct attack on the chip but rather the reloading of an unprotected register on the device, it allows hackers to replace value and show that the card is valid for use. This can be overcome by having a copy of the register online so that values can be analysed and suspect cards hotlisted. NXP have responded by pointing out that they had introduced the MIFARE Ultralight C in 2008 with 3DES protection and in November 2012 introduced the MIFARE Ultralight EV1[44] with three decrement only counters to foil such reloading attacks.

Considerations for systems integration[edit]

For systems based on contactless smartcards (e.g. public transportation), security against fraud relies on many components, of which the card is just one. Typically, to minimize costs, systems integrators will choose a relatively cheap card such as a MIFARE Classic and concentrate security efforts in the back office. Additional encryption on the card, transaction counters, and other methods known in cryptography are then employed to make cloned cards useless, or at least to enable the back office to detect a fraudulent card, and put it on a blacklist. Systems that work with online readers only (i.e., readers with a permanent link to the back office) are easier to protect than systems that have offline readers as well, for which real-time checks are not possible and blacklists cannot be updated as frequently.

See also[edit]

Places that use MIFARE technology[edit]

Transportation[edit]

Card name Locality Type Details
Compass Card Canada (Metro Vancouver) NXP's Mifare DESFire EV1[45] Used for public transit (TransLink). $6 refundable deposit.[46]
Efesur Argentina (Bariloche) MIFARE Ultralight Control de accesos orientado al turismo[47]
EYCON e-Bus Argentina (Bahía Blanca) MIFARE Classic 1K Planned to be used on buses and taxis.
SUBE card Argentina (Buenos Aires) MIFARE Classic 1K Metro, trains and buses[48]
Red Bus Argentina (Córdoba, Mendoza, Salta) MIFARE Classic 1K
Tarjeta Sin Contacto Argentina (Rosario) MIFARE DESFire EV1 SAM V2[49] Ente de la Movilidad de Rosario[50]
Adelaide Metro metroCard Australia (Adelaide) #MIFARE DESFire EV1 Adelaide Metro network (Bus, Train and Tram)[51]
TransLink Go card Australia (Brisbane) MIFARE Classic 1K
ACTION MyWay Australia (Canberra) MIFARE Classic 1K
Metro Green Card Australia (Hobart) MIFARE Classic 4K
SmartRider Australia (Perth) MIFARE Classic 1K
Myki Australia (Victoria) MIFARE DESFire
Baku metrocard Azerbaijan (Baku) MIFARE Classic 1K, MIFARE Plus S 1K[52]
tri Brazil (Porto Alegre)
RioCard Brazil (Rio de Janeiro)
Bilhete Único Brazil (São Paulo) MIFARE Classic 1K
Orovale Brazil (Teresopolis) Viação Dedo de Deus (buses)
ETS Blue Canada (Edmonton, Alberta)
OPUS card Canada (Montreal) Société de transport de Montréal
M-Card Canada (St. John's) MIFARE Classic 1K Used on the Metrobus Transit system.[53]
Presto Card Canada (Toronto, Ottawa and Hamilton, Ontario) MIFARE DESFire
Tarjeta Metroval[54] Chile (Valparaíso) MIFARE Classic 1k Valparaíso Metro uses a this card as unique payment method
Tarjeta Bip! Chile (Santiago de Chile) MIFARE Classic 1k and 4k (if bank bip or university bip are used) Metro de Santiago, Transantiago[55]
StrongLink China (Beijing)
Yikatong China (Beijing)
Yang Cheng Tong China (Guangzhou)
Cívica Colombia (Medellin)
BuTra Croatia (Osijek)
Rijeka City Card Croatia (Rijeka) MIFARE Classic 1K
In Karta Czech republic (nationwide) MIFARE DESFire, DESFire EV1 ,[56] new cards issued since 07/2012 are DESFire EV1, older ones are DESFire
opencard Czech republic (Prague) MIFARE DESFire EV1
Rejsekort Denmark MIFARE Classic 4K
Ühiskaart Estonia (Tallinn) MIFARE Classic Works also in Harju County.
Matkakortti Finland (Helsinki) MIFARE DESFire Can be used with all forms of public transport systems within Helsinki Metropolitan Area.[57]
Metromoney Georgia (Tbilisi) Used in municipal transport (metro, bus) and while traveling by Rike-Narikala ropeway.[58]
Indian Railways India MIFARE DESFire Indian railways (five major cities)
Cardz Me India (Karnataka) Issued to students in the Indian state of Karnataka by Cardz Middle East
Metro/Bus Card Iran (Tehran, Isfahan) MIFARE Classic 1K Used for public transport, Metro and Bus - (Tehran Metro)
SmartCard Ireland (Dublin) MIFARE Classic 1K Iarnród Éireann
Leap card Ireland (Dublin) Mifare DESFire EV1[59] replaces the individual Luas, Dart and Dublin Bus smartcards
Luas Smart-card Ireland (Dublin) Mifare Classic being replaced by the Leap card
Dublin Bus Smart-card Ireland (Dublin) Mifare Classic being replaced by the Leap card
DART Smart-card Ireland (Dublin) Mifare Classic being replaced by the Leap card
AltoAdige/Südtirol Pass Italy (Trentino-Alto Adige/Südtirol) MIFARE DESFire EV1 Southern Tirol network (Bus, Train and Cable-cars)[60]
Etalons Latvia MIFARE Ultralight
Touch 'n Go Malaysia
OV-chipkaart Netherlands MIFARE Classic 4K[61] Currently being introduced as a single payment system for public transportation in the Netherlands
AT Hop New Zealand (Auckland) MIFARE DESFire EV1 Introduced as the regional integrated ticketing card. The existing HOP card aka "Snapper/HOP" uses the JCOP standard and is due to be completely phased out by the end of 2013.
Kolumbuskort Norway (Rogaland) MIFARE DESFire EV1 Bus, Boat. http://www.kolumbus.no
Ruter reisekort Norway (Oslo and Akershus) MIFARE DESFire EV1 (MF3ICD41) Bus, boat, tram, subway and trains. Ruter and NSB
Białostocka Karta Miejska Poland (Białystok) MIFARE Classic 1K Used on buses
Warszawska Karta Miejska Poland (Warsaw) MIFARE Classic 1K Used on buses, trams, subway and railroad
eBilet Poland (Gdynia) MIFARE Classic 1K Used on trolleybuses and buses
RATB Activ Romania (Bucharest) MIFARE Classic 1K Used on all public surface transportation and also available for subway
Moscow Metro Russia (Moscow) MIFARE Ultralight Disposable ticket
EMcard Slovakia Used by almost every public transport system in Slovakia and some in Czech Republic. In most cases only referred to as BCK - Bezkontaktná cipová karta (contactless smart card)
Urbana Slovenia (Ljubljana) MIFARE DESFire EV1 Used by buses, parking spaces, libraries, museums, the Ljubljana Castle funicular, sports institutes and cultural events.[62]
Mybi, T-money, Upass South Korea
Consorcio de Transportes de Madrid Spain (Madrid) MIFARE DESFire EV1 MF3ICD41 Metro, trains and buses
Resekortet Sweden MIFARE Classic 1K[63]
Skånetrafiken JoJo Sweden MIFARE Classic 1K
Karlstadsbuss Sweden MIFARE Classic 4K Karlstadsbuss Resekort
SL Sweden MIFARE Classic 4K Stockholms lokaltrafik (Stockholm public transit card)
Västtrafik Sweden MIFARE Classic 1K/4K, MIFARE Plus, MIFARE Ultralight Västtrafikkortet
EasyCard Taiwan MIFARE Classic, MIFARE Plus[64]
KGS Card Turkey MIFARE Classic 1K, MIFARE Plus 2K (in Classic compatibility mode) Toll Highways, KGS (acronym for Contactless Card Toll System)
Muzekart Turkey MIFARE Classic 1K, MIFARE Plus 2K
Istanbulkart Turkey (Istanbul) MIFARE DESFire EV1 Buses, ferry boats, metro, light metro, trams and overground trains
KentKart Turkey (Izmir) Metro, bus, passenger ship
Iff card United Kingdom (Cardiff) MIFARE DESFire EV1 Used on Cardiff Bus services.
SmartTech Production Hong Kong NXP Mifare Golden Partner[65]
Oyster card United Kingdom (London) MIFARE DESFire EV1 Migrating from MIFARE Classic to MIFARE DESFire EV1[66]
EasyRider United Kingdom (Nottingham) Nottingham City Transport
Breeze Card[67] USA (Atlanta, Georgia) MIFARE Ultralight and MIFARE Classic
CharlieCard USA (Boston, Massachusetts) MBTA v. Anderson - Civil case related to the responsible disclosure of flaws in the system
MetroQ USA (Houston, Texas) MIFARE Classic 1K
Transit Access Pass USA (Los Angeles, California) MIFARE Plus [68]
Go-To Card USA (Minneapolis, Minnesota) MIFARE Classic 1K
ConnectCard USA (Pittsburgh, Pennsylvania) Mifare Classic
Clipper card USA (San Francisco Bay Area, California) MIFARE DESFire Replacing TransLink, which used a Motorola Card.[69]
PATH SmartLink USA (New York/New Jersey) MIFARE DESFire
ORCA Card USA (Seattle, Washington) MIFARE DESFire EV1
Easy Card USA (South Florida, Florida) MIFARE Ultralight Used on Metrobus, Metrorail, Tri-Rail, City of Hialeah Transit, and Conchita Transit Express.
Compass Card USA (San Diego) MIFARE Classic 1K Used on buses, trolleys, Coaster and Sprinter trains in SDMTS and NCTD
SmarTrip USA (Washington Metropolitan Area, Washington, D.C.) MIFARE Plus X Used on the Washington Metropolitan Area Transit Authority and neighboring transit systems
Rabbit Card Thailand MIFARE DESFire EV1 Used on BTS Skytrain, Bangkok BRT, restaurants, shops and cinemas that accept Rabbit Card
Smart Purse Thailand MIFARE Classic 1k Used on Metrobus (buses), 7-Eleven, shops and restaurants that accept Smart Purse
Bangkok Metro Smart card Thailand MIFARE Classic 1k Bangkok Metro

Application References[edit]

Application Application Category Project NXP Partner Locality used Product Usecase
Automatic Fare Collection Smart Mobility Moscow Metro Smart Technologies Group Moscow Ultralight Contactless smartcards for payment in the AFC System of the Moscow Metro [70]
Road Tolling Smart Mobility Touch'n'Go Smart Technologies Group Moscow Ultralight Contactless smartcards for payment in the AFC System of the Moscow Metro [70]
Automatic Fare Collection Smart Mobility Touch’n Go Kuala Lumpur Malaysian toll expressway and highway operators payment system
Parking Smart Mobility NOL RTA Dubai DESFire EV1 Multiapplication Card inter alia used for parking[71]
Parking Smart Mobility Pay on Foot system Skidata Ireland Used for cashless vending applications for parking[72]
Mobile Ticketing Access MIFARE4Mobile Gemalto, Giesecke & Devrient, Oberthur Technologies, STMicroelectronics SmartMX Access to buildings through Smartphone [73]
Tourist Card Smart Mobility Mobilis Card Agencia Valenciana de Mobilidad (aVM) Valencia SmartMX Tourist card, bike rental, electric car rental, transport ticketing, taxi card, access management and payment function [74]
Tourist Card Smart Mobility Oyster Card London Classic 1k Used for public transport [70]
Fuel Card Smart Mobility Shell Plastkart Turkey Classic 1k Loyalty Programs at petrol stations[75]
Fuel Card Smart Mobility Petrol Ofisi Plastkart Turkey Classic 1k Loyalty Programs at petrol stations[76]
Taxi Card Smart Mobility Touch Travel Card Sri Lanka DESFire EV1 payment solution in taxis[77]
Taxi Card Smart Mobility NOL RTA Dubai Muliapplication card also used for Taxi payment[78]
Ferry Card Smart Mobility Opal card Sydney DESFire EV1 Card for Transport and Ferry services [70]
Car sharing Smart Mobility Car2Go Daimler DESFire EV1 Used for Car sharing [79]
Bike rental Smart Mobility OV-fiets Netherlands Bike rental smartcard
Bike rental Smart Mobility Callock Bike rental [80]
Corporate Access Access Nestlé KABA DESFire EV1 Access Security Solution[81]
Bike rental Smart Mobility Callock Bike rental [80]
Home Access Access AirKey EVVA SmartMX Mobile Access[80]
Home Access Access Immobilienfirma Top-Invest sárl Salto Luxemburg DESFire EV1 Smart Lock for Home Access [82]
Hotel Access Access Marriott Hotel Card KABA Hotel Access Card [83]
Campus card Access Campus Card University of Cambridge Salto Cambridge, UK DESFireEV1 Multiapplication Campus Card [84]
Campus Card Access Campus Card University of Oxford Oxford, UK DESFire EV1 4k Multiapplication Campus Card [85]
Event Ticketing Access FC Köln Payment Solutions Köln, Germany DESFire EV1 Event ticketing application for soccer games[86]
Event Ticketing Access Ticket FIFA 2014 Brazil Event ticketing for Soccer WM [87]
Citizen Card Access National Entitlement Card (NEC) Scotland, UK SMartMX 30 different services (identity, transport, financial and health-related services...) [88]
Library Card Access Berlin Dietrich-Bonhoeffer library Bibliotheca Berlin, Germany DESFire EV1 Library ID [89]
Library Card Access City Library Reutlingen Germany DESFire EV1 Cashless Payment for Library Fees[80]
Amusement Park Access Transdev Studio Bank Mega Makassar DESFire EV1 Access,loyalty & Micro Payments[90]
Museum Card Access Müze Kart Mapikart, Türsab Istanbul, Turkey Classic 1k Access to Museum [91]
Membership Card Loyalty Manchester City Football Club - Stadium Membership Card Gemalto Manchester Access, Loyalty, Membership, Payment function[92]
Loyalty Card Loyalty Rabbit Card – Carrot Rewards Bangkok, Thailand DESFire EV1 Used for Transport, shops, restaurants, Identification, Access control, security and Carrot Reward[93]
Loyalty Card Loyalty Trans Studio Amusement Park Bank Mega Indonesia DESFire EV1 Trans Studio Amusement Park[94]
NFC Tags NFC NFC Tag SMARTRAC NFC enabled Smartphones [95]
Health Card Identification European Health Insurance Card Europe JCOP Health and Identification Card [96]
Health Card Identification Sesam-Vitale card France SmartMX Health and Identification Card [97]
Digital Signature Identification Vingcard Assa Abloy Digital Signature used for Access [98]
Micropayment Micropayment Yeldi India DESFire EV1 Cashless payments via mobile phones [99]
Multiapplication Card Multiapplication Touch Travel Card Sri Lanka DESFire EV1 ; SAM AV2 Transport, Micropayment, Payment for Shops orTaxis, NFC Mobile Ticketing [77]
Multiapplication Card Multiapplication Passolig (TFF) E-Kart, E-Kent, Aktifbank Turkey JCOP  ; DESFire EV1 Stadium Access - Ticketing, Micropayment, Payment, Transport[100]
Smart Paper Ticket Moscow Metropolitan Card Smart Technologies Group Moscow, Russia Ultralight Used for electronic smart paper ticketing in public transport[101]
Banking Banking Touch Travel Card Sri Lanka DESFire EV1 Payment Solution[102]

Institutions[edit]

References[edit]

  1. ^ MIFARE (2009-12-18). "The success of MIFARE". 
  2. ^ "nfc tags". nfc-phones.org. Retrieved 5 August 2012. 
  3. ^ "nfc tags". Retrieved 11 August 2013. 
  4. ^ http://www.mifare.net/files/8413/5167/2490/MIFARE_Ultralight_EV1_.pdf
  5. ^ Some ISO/IEC 7816-4 commands are used by MIFARE DESFire EV1, including a proprietary method to wrap native MIFARE DESFire commands into a ISO/IEC 7816 APDU.
  6. ^ "German Researchers Crack Mifare RFID Encryption". Slashdot. 
  7. ^ "Security of MF3ICD40". 
  8. ^ http://www.mifare.net/index.php?cID=3119
  9. ^ "NXP introduces new security and performance benchmark with MIFARE Plus" (Press release). NXP. 2008-03-10. 
  10. ^ https://www.blackhat.com/presentations/bh-usa-08/Nohl/BH_US_08_Nohl_Mifare.pdf
  11. ^ "MIFARE a world of possibilities" (Press release). NXP. 
  12. ^ http://www.telecompaper.com/news/siemens-and-mikron-agree-licensing-deal--22439
  13. ^ http://www.infineon.com/cms/en/corporate/press/news/releases/2007/INFAIM200711-015.html
  14. ^ http://news.cnet.com/2100-1001-204306.html
  15. ^ http://www.smartcard.co.uk/members/newsletters/1998/feb98.pdf
  16. ^ http://www.nxp.com/news/press-releases/2008/11/renesas-and-nxp-announce-licensing-agreement-on-mifare-contactless-technology.html
  17. ^ http://www.gemalto.com/press/archives/2010/2010-11-25_NXP_Gemalto_MIFARE_License_en.pdf
  18. ^ http://www.nxp.com/news/content/file_1818.html
  19. ^ "MIFARE Classic 1K specification". 2009-02-22. 
  20. ^ Karsten Nohl homepage at the University of Virginia
  21. ^ Nohl, Karsten; Henryk Plötz. "Mifare: Little Security, Despite Obscurity". Chaos Communication Congress. 
  22. ^ Nohl, Karsten; David Evans (2008-08-01). "Reverse-Engineering a Cryptographic RFID Tag". Proceedings of the 17th USENIX Security Symposium. 
  23. ^ Radboud University Nijmegen Digital Security
  24. ^ Digital Security Group (2008-03-12). "Security Flaw in Mifare Classic". Radboud University Nijmegen. 
  25. ^ "Proxmark". Retrieved 2011-01-25. 
  26. ^ "Dutch Page". Retrieved 2012-03-24. 
  27. ^ Arnhem Court Judge Services (2008-07-18). "Pronunciation, Primary Claim". Rechtbank Arnhem. 
  28. ^ "Judge denies NXP's injunction against security researchers". The Standard. 2008-07-18. Retrieved 2010-02-13. 
  29. ^ "mifare.net :: Security". Retrieved 2011-01-25. 
  30. ^ Webside id-nee: Preparations continue as normal, visited 7 July 2012
  31. ^ Webwereld: New OV chip prevents fraude, 6 October 2011. Visited 7 July 2012
  32. ^ Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil (2008-04-14). "Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards". Cryptology ePrint Archive. 
  33. ^ Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers; Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs (2008-10-04). "Dismantling MIFARE Classic". 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. 
  34. ^ Garcia, Flavio D.; Peter van Rossum; Roel Verdult; Ronny Wichers Schreur (2009-03-17). "Wirelessly Pickpocketing a Mifare Classic Card". 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE. 
  35. ^ Third and fourth bullet points under "MIFARE Classic vulnerabilities" at http://mifare.net/security/mifare_classic.asp
  36. ^ Courtois, Nicolas T. (2009-04-28). "Conditional Multiple Differential Attack on MIFARE Classic". Slides presented at the rump session of Eurocrypt 2009 conference. 
  37. ^ Courtois, Nicolas T. (2009-07-07). "The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes Anywhere, Anytime". In SECRYPT 2009 – International Conference on Security and Cryptography, to appear. 
  38. ^ Courtois, Nicolas T. (2009-05-04). "The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes Anywhere, Anytime". IACR Cryptology Preprint Archive. 
  39. ^ http://www.iacr.org/workshops/ches/ches2011/presentations/Session%205/CHES2011_Session5_1.pdf
  40. ^ http://www.mifare.net/links/news/update-on-mifare-desfire-mf3icd40/
  41. ^ http://intrepidusgroup.com
  42. ^ http://eusecwest.com/agenda.html
  43. ^ http://www.youtube.com/watch?feature=player_embedded&v=-uvvVMHnC3c
  44. ^ http://www.mifare.net/products/mifare-smartcard-ic-s/mifare-ultralight-ev1/
  45. ^ http://www.nxp.com/news/press-releases/2013/01/nxps-mifare-deafire-selected-to-support-vancouvers-green-city-plan.html
  46. ^ http://www.translink.ca/en/Fares-and-Passes/Compass-Card.aspx
  47. ^ http://www.efesur.com.ar/
  48. ^ http://www.sube.gob.ar/
  49. ^ "Adquisición de un Sistema de Bicicletas Públicas para Rosario" (PDF). Proyecto de Transporte Sostenible y Calidad del Aire - Secretaría de Transporte del Ministerio del Interior y Transporte a través de la Unidad Ejecutora de Proyecto (UEP). 2013. Archived from the original on 2013. 
  50. ^ http://www.etr.gob.ar/
  51. ^ http://www.adelaidemetro.com.au/ticketing/metrocard
  52. ^ LOT ltd. "Integrator's web site (subway solutions)". 
  53. ^ http://www.metrobus.com/mcard.asp
  54. ^ http://www.metro-valparaiso.cl/viaje-en-metro/medios-de-pago
  55. ^ http://www.tarjetabip.cl
  56. ^ http://www.cd.cz/
  57. ^ http://www.hsl.fi/EN/ticketsandfares/ticketsontravelcard/Pages/default.aspx
  58. ^ http://ttc.com.ge/?lang_id=ENG&sec_id=155
  59. ^ Triple RFID card-scan, scanned and retrieved: 19 September 2012
  60. ^ https://www.sii.bz.it
  61. ^ Steve Ragan - The Tech Herald. "Replacement suggested for NXP chips used in OV-Chipkaart". 
  62. ^ Enotna mestna kartica URBANA
  63. ^ Resekortet i Sverige AB. "RKF-specifikationen - Svensk Kollektivtrafik". 
  64. ^ Contactless Smartcard Technology Needs More Security
  65. ^ SmartTech Production. "Card Manufacturer - NXP Mifare Golden Partner". 
  66. ^ http://www.nfctimes.com/news/transport-london-discard-mifare-classic-seeks-desfire-sims
  67. ^ Breezecard homepage
  68. ^ http://www.eetimes.com/document.asp?doc_id=1276540
  69. ^ http://clippercard.com/
  70. ^ a b c d http://www.smartek.ru/en/solutions/afcs/afcsprojets/mosmetroafcs.aspx
  71. ^ http://www.mifare.net/en/aboutmifare/news/multi-application-mobile-ticketing-based-mifare-technolo/
  72. ^ http://www.apsparking.com/project-specific.aspx?title=cork-university-hospital
  73. ^ http://nxp-rfid.com/nxp-enables-mobile-ticketing-for-smart-mobile-devices/
  74. ^ http://www.avmm.es/c/document_library/get_file?uuid=ec899839-1020-4680-955d-cb7d9d1c1e46&groupId=16203
  75. ^ https://www.shellsmart.com/smart/index.html?site=en-en
  76. ^ http://www.positivecard.com.tr/
  77. ^ a b http://www.orik.lk/news_and_press.php
  78. ^ http://secureidnews.com/news-item/dubai-ask-renews-agreement-for-citys-multimodal-ticketing-system/
  79. ^ http://www.nfc.cc/tag/car2go/
  80. ^ a b c d http://calllock.com/en/menu1/Solutions/
  81. ^ http://www.techpro.vn/en/news/news/476-nestle-completes-electronic-security-installation.html file:///C:/Users/nxp68019/Downloads/security-update-1-2012.pdf
  82. ^ http://saltosystems.de/index.php?option=com_content&task=view&id=365
  83. ^ http://www.rfidjournal.com/articles/view?10036/2
  84. ^ http://www.godrejlocks.com/godrej/godrejlocks/Pdf/cambridge.pdf
  85. ^ http://www.ox.ac.uk/enewsletters/aad_news_alert/student_administration_and_services/25_06_12_new.html
  86. ^ http://www.rfidsolutionsonline.com/doc/1-fc-kln-implements-philips-chip-technology-f-0001
  87. ^ http://www.siemens.com/innovation/apps/pof_microsite/_pof-spring-2014/_html_en/sports-facilities.html
  88. ^ http://www.mifare.net/en/aboutmifare/news/new-smart-card-solution-scotland/
  89. ^ http://www.mifare.net/en/aboutmifare/news/berlins-libraries-implement-rfid-modernization/
  90. ^ http://www.mifare.net/en/aboutmifare/news/nxp-and-bank-mega-enhance-customer-experience-with-multi-applica/
  91. ^ http://www.muzekart.com/tr/muzekart
  92. ^ http://www.rfidjournal.com/articles/view?3985
  93. ^ http://www.carrotrewards.co.th/ http://www.free-press-release.com/news-new-rabbit-card-brings-e-money-system-to-bangkok-1339744796.html
  94. ^ http://www.nxp.com/news/press-releases/2011/12/nxp-and-bank-mega-enhance-customer-experience-with-multi-application-smart-card-solution-for-in-door-theme-parks.html
  95. ^ http://www.nfctags.com/nfc-applications-which-tag
  96. ^ http://www.mifare.net/files/7113/4978/9303/NXP_JCOP.pdf
  97. ^ http://www.cn.nxp.com/documents/literature/75015874.pdf
  98. ^ http://www.vingcardelsafe.com/en/vce/VingCardElsafe/Products/?productId=604980
  99. ^ http://www.nxp.com/news/press-releases/2012/10/yeldi-group-selects-identive-and-nxp-for-launch-of-first-major-mobile-nfc-cashless-payment-solution-in-india.html
  100. ^ http://www.passolig.com.tr/
  101. ^ http://www.nxp.com/news/press-releases/2009/01/moscow-metro-the-world-s-first-major-transport-system-to-operate-fully-contactless-with-nxp-s-mifare-technology.html
  102. ^ http://www.mifare.net/index.php?cID=3180
  103. ^ http://www.cl.cam.ac.uk/local/wgb/securityaccess.html
  104. ^ http://www.clare.cam.ac.uk/academic/handbook/food-drink.html

Further reading[edit]

External links[edit]