MIFARE From Wikipedia
MIFAREFrom Wikipedia, the free encyclopedia
Jump to: navigation, search
MIFARE is the NXP Semiconductors-owned trademark of aseries of chips widely used in contactless smart cards and proximity cards.According to the producers, billions of smart card chips and many millions ofreader modules have been sold. The technology isowned by NXP Semiconductors (spin off from PhilipsElectronics in 2006) with its headquarters in Eindhoven, the Netherlands,and main business sites in Nijmegen, the Netherlands, and Hamburg, Germany.
The MIFARE name covers proprietary technologies based upon various level ofthe ISO/IEC 14443 Type A13.56 MHz contactlesssmart card standard.
Contents
[hide]
[*]1 Variants
[*]1.1 MIFARE Classic
[*]1.2 MIFARE Ultralight
[*]1.3 MIFARE UltralightC
[*]1.4 MIFARE DESFire
[*]1.5 MIFARE DESFireEV1
[*]1.6 MIFARE Plus
[*]1.7 MIFARE SAMAV2
[*]2 History
[*]3 Security of MIFAREClassic
[*]4Considerations for systems integration
[*]5 See also
[*]6Other places that use MIFARE technology
[*]6.1 Transportation
[*]7 References
[*]8 Further reading
[*]9 Externallinks
[edit]Variants
The technology is embodied in both cards and readers (also referred to as aProximity Coupling Device which is suitable to use).
The MIFARE name (derived from the term MIkron FARE Collection System) coversseven different kinds of contactless cards:
MIFARE Classic employ a proprietary protocol compliant to parts (but not all) of ISO/IEC14443-3 Type A, with an NXP proprietary security protocol for authentication andciphering.MIFARE Ultralightlow-cost ICs that employ the same protocol as MIFARE Classic, but withoutthe security part and slightly different commandsMIFARE Ultralight Cthe first low-cost ICs for limited-use applications that offer the benefitsof an open Triple DEScryptographyMIFARE DESFireare smartcards that comply to ISO/IEC 14443-4 Type A with a mask-ROM operating systemfrom NXP.MIFARE DESFire EV1includes AES encryption.MIFARE Plusdrop-in replacement for MIFARE Classic with certified security level (AES 128 based)MIFARE SAM AV2secure access module that provides the secure storage of cryptographic keys and cryptographicfunctions [edit]MIFARE Classic
The MIFARE Classic card is fundamentally just a memory storage device, wherethe memory is divided into segments and blocks with simple security mechanismsfor access control.They are ASIC-based and havelimited computational power. Thanks to their reliability and low cost, thosecards are widely used for electronic wallet, access control, corporate ID cards,transportation or stadium ticketing.
The MIFARE Classic 1K offers 1024 bytes of data storage, split into 16sectors; each sector is protected by two different keys, called Aand B. Each key can be programmed to allow operations such as reading,writing, increasing value blocks, etc. MIFARE Classic 4K offers 4096 bytes splitinto forty sectors, of which 32 are same size as in the 1K with eight more thatare quadruple size sectors. MIFARE Classic mini offers 320 bytes split into fivesectors. For each of these card types, 16 bytes per sector are reserved for thekeys and access conditions and can not normally be used for user data. Also, thevery first 16 bytes contain the serial number of the card and certain othermanufacturer data and are read only. That brings the net storage capacity ofthese cards down to 752 bytes for Classic 1k, 3440 bytes for Classic 4k, and 224bytes for Mini. It uses an NXP proprietary security protocol (Crypto-1) for authentication and ciphering.
MIFARE Classic encryption has been compromised, see below for details.
[edit]MIFARE Ultralight
The MIFARE Ultralight has only 512 bits of memory (i.e. 64 bytes), withoutcryptographic security. The memory is provided in 16 pages of 4bytes.
This card is so inexpensive it is often used for disposable tickets forevents such as the Football World Cup 2006.
[edit]MIFARE Ultralight C
Introduced at the Cartes industry trade show in 2008, MIFARE Ultralight C ispart of NXP's low-cost MIFARE offering (disposable ticket). With Triple DES,MIFARE Ultralight C uses a widely adopted standard, enabling easy integration inexisting infrastructures. The integrated Triple DES authentication provides aneffective countermeasure against cloning.
Key features:
[*]Fully compliant with ISO/IEC 14443 parts 1-3, Type A (includinganti-collision)
[*]1536 bits (192 bytes) EEPROM memory
[*]Protected data access via 3-pass Triple DES authentication
[*]Memory structure as in MIFARE Ultralight (pages of 4 byte)
[*]Backwards compatibility to MIFARE Ultralight due to compatible commandset
[*]16 bit one-way counter
[*]Unique 7 bytes serial number (UID)
Key applications for MIFARE Ultralight C are Public Transportation, EventTicketing, Loyalty and NFC Forum Tag Type 2.
[edit]MIFARE DESFire
The MIFARE DESFire is based on a core similar to SmartMX,with more hardware and software security features than MIFARE Classic. It comespre-programmed with the general purpose MIFARE DESFire operating system whichoffers a simple directory structure and files. They are sold in four variants:one with Triple-DES only & 4 Kbytes of storage and three with AES & 2, 4or 8 KB (see MIFARE DESFire EV1). The AES variants have additional securityfeatures, i.e. CMAC. MIFARE DESFire uses aprotocol compliant with ISO/IEC 14443-4. The card is based onan 8051 processor with3DES/AES crypto accelerator, making very fast transactions possible.
The maximal read/write distance between card and reader is 10 cm (4 inches),but actual distance depends on the field power generated by the reader and itsantenna size.
In 2011 it was announced that the MIFARE DESFire security had beenbroken.
[edit]MIFARE DESFire EV1
(previously called DESFire8)
New evolution of MIFARE DESFire card, broadly backwards compatible. Availablewith 2 KB, 4 KB and 8 KB NV-Memory. Other features include:
[*]Support for random ID
[*]Support for 128-bit AES
[*]Hardware and Operating System is Common Criteria certified at level EAL 4+
MIFARE DESFire EV1 was publicly announced in November 2006[citationneeded].
[edit]MIFARE Plus
MIFARE Plus is a replacement card for the MIFARE Classic. It provides an easyupgrade of existing infrastructures toward high security. Data management isidentical to the MIFARE Classic, however the security management requires themodification of the installed reader base. Other features include:
[*]2 Kbytes or 4 Kbytes of memory
[*]7 or 4 bytes UID, with optional support for random UID
[*]Support for 128-bit AES
[*]Common Criteria certified at level EAL 4+
[*]MIFARE Plus S for simple migration or MIFARE Plus X with many eXpertcommands
[*]Security upgrade with cards in the field.
It is less flexible than MIFARE DESFire EV1.
MIFARE Plus was publicly announced in March 2008 with first samples in Q12009.
MIFARE Plus, when used in older transportation systems that do not yetsupport AES on the reader side, still leaves an open door to attacks. Though ithelps to mitigate threats from attacks that broke the Crypto-1 cipher through the weak random numbergenerator, it does not help against brute force attacks and cryptoanalyticattacks. During thetransition period from MIFARE Classic to MIFARE Plus where only a few readersmight support AES in the first place, it offers an optional AES authenticationin Security Level 1 (which is in fact MIFARE Classic operation). This does notprevent the attacks mentioned above but enables a secure mutual authenticationbetween the reader and the card to prove that the card belongs to the system andis not fake.
[edit]MIFARE SAM AV2
MIFARE SAMs are not contactless smartcards. They are Secure accessmodules designed to provide the secure storage of cryptographic keys andcryptographic functions for terminals to access the MIFARE products securely andto enable secure communication between terminals and host (backend). MIFARESAMs are available from NXP in the contact-only module (PCM 1.1) as defined inISO/IEC 7816-2 and the HVQFN32 format.[citationneeded]
Key features:
[*]Compatible with MIFARE portfolio solutions
[*]Supports MIFARE, 3DES and AES cryptography
[*]Key diversification
[*]Secure download and storage of keys
[*]128 key entries
[*]ISO/IEC 7816 baud rate up to 1.5 Mbit/s
[*]X-mode functionality
Integrating a MIFARE SAM AV2 in a contactless smart card reader enables a design which integrateshigh-end cryptography features and the support of crypto authentication and dataencryption/decryption.[citationneeded] Like any SAM, it offers functionality to store keyssecurely, and perform authentication and encryption of data between thecontactless card and the SAM and the SAM towards the backend. Next to aclassical SAM architecture the MIFARE SAM AV2 supports the X-mode which allows afast and convenient contactless terminal development by connecting the SAM tothe microcontroller and reader IC simultaneously.[citationneeded]
MIFARE SAM AV2 offers AV1 mode and AV2 mode where in comparison to the SAMAV1 the AV2 version includes PublicKey Infrastructure (PKI), Hash functions like SHA-1, SHA-224, and SHA-256. It supports MIFARE Plus and a secure hostcommunication. Both modes provide the same communication interfaces,cryptographic algorithms (Triple-DES 112-bit and 168-bit key, MIFARE Crypto1,AES-128 and AES-192, RSA with up to 2048-bit keys), and X-modefunctionalities.[citationneeded]
[edit]History
[*]1994 — MIFARE Classic 1k contactless technology introduced.
[*]1996 — First transport scheme in Seoulusing MIFARE Classic 1k.
[*]1997 — MIFARE PRO with TripleDES coprocessorintroduced.
[*]1999 — MIFARE PROX with PKIcoprocessor introduced.
[*]2001 — MIFARE UltraLight introduced.
[*]2002 — MIFARE DESFire introduced, microprocessor based product.
[*]2004 — MIFARE DESFire SAM introduced, secure infrastructure counterpart ofMIFARE DESFire.
[*]2006 — MIFARE DESFire EV1 is announced as the first product to support128-bit AES
[*]2008 — MIFARE Plus is announced as a drop-in replacement for MIFARE Classicbased on 128-bit AES
[*]2008 — MIFARE Ultralight C is introduced as paperticket IC featuring TripleDES Authentication
[*]2010 — MIFARE SAM AV2 is introduced as secure key storage for readers AES,Triple DES, PKI Authentication
MIFARE was developed by Mikron; the name stands for MIkronFARE-collection System. It was acquired by Philips in 1998. Mikronsourced silicon from Atmel in the US, Philips in the Netherlands, and Siemens inGermany.[citationneeded]
After the Philips acquisition, Hitachi licensed MIFARE for the development ofthe contactless smart card solution for NTT's IC telephone card whichstarted in 1999 and finished in 2006.[citationneeded]
Motorola tried to develop MIFARE-like chip for wired-logic version butfinally gave up. The project expected one million cards per month for start, butthat fell to 100,000 per month just before they gave up the project.[citationneeded]
In the NTT contactless IC telephone card project, three parties joined:Tokin-Tamura-Siemens, Hitachi(Philips-contract for technical support), and Denso (Motorola-onlyproduction).[citationneeded] NTT asked for two versions of chip, i.e.wired-logic chip (like MIFARE Classic) with small memory and big memorycapacity. Hitachi developed only big memory version and cut part of the memoryto fit for the small memory version.
In 2008 NXP licenced MIFARE Plus and MIFARE DESFire to RenesasTechnology.[citationneeded] In 2010 NXP licenced MIFARE to Gemalto. In 2011 NXP licencedOberthurto use MIFARE on SIM cards. These licencees are developing NearField Communication products.[citationneeded]
InfineonTechnologies(formerly Siemens) licenced MIFARE from Mikron in 1994[citationneeded] and developed and today produces various dervativesbased on MIFARE technology including 1K memory and various microcontrollers withMIFARE emulations, including devices for use in USIM with NearField Communication.[citationneeded]
[edit]Security of MIFAREClassic
The encryption used by the MIFARE Classic card uses a 48 bit key.
A presentation by Henryk Plötz and KarstenNohl at the Chaos Communication Congress inDecember 2007 described a partial reverse-engineering of the algorithm used inthe MIFARE Classic chip. Abstract and slidesare available online. A paper that describes the process of reverse engineeringthis chip was published at the August 2008 USENIX security conference.
In March 2008 the Digital Security research group ofthe Radboud University Nijmegen madepublic that they performed a complete reverse-engineering and were able to cloneand manipulate the contents of a MIFARE Classic card.For demonstration they used the Proxmark device, a 125 kHz / 13.56 MHz researchinstrument. The schematics andsoftware are released under the free GNU General Public License by Jonathan Westhuesin 2007. They demonstrate it is even possible to perform card-only attacks usingjust an ordinary stock-commercial NFC reader in combination with the libnfclibrary.
The Radboud University published three scientific papers concerning thesecurity of the MIFARE Classic:
[*]A Practical Attack on the MIFARE Classic
[*]Dismantling MIFARE Classic
[*]Wirelessly Pickpocketing a Mifare Classic Card
In response to these attacks, the Dutch Ministerof the Interior and Kingdom Relations stated that they would investigatewhether the introduction of the Dutch Rijkspas could be brought forward from Q4of 2008.
NXP tried to stop the publication of the second article by requesting apreliminary injunction. However, the injunction was denied, with the courtnoting that, "It should be considered that the publication of scientific studiescarries a lot of weight in a democratic society, as does informing society aboutserious issues in the chip, because it allows for mitigating of the risks."
Both independent research results are confirmed by the manufacturer NXP.
The MIFARE Classic encryption Crypto-1 can be broken in about 200 seconds on alaptop, if approx. 50 bitsof known (or chosen) key stream are available. This attack reveals the key fromsniffed transactions under certain (common) circumstances and/or allows anattacker to learn the key by challenging the reader device.
The attack proposed in recovers thesecret key in about 40 ms on a laptop. This attack requires just one (partial)authentication attempt with a legitimate reader.
Additionally there are a number of attacks that work directly on a card andwithout the help of a valid reader device. These attacks havebeen acknowledged by NXP. In April 2009 newand better card-only attack on MIFARE Classic has been found. It was firstannounced at the Rump session of Eurocrypt 2009.This attack was presented at SECRYPT 2009. The fulldescription of this latest and fastest attack to date can also be found in theIACR preprint archive. The new attackimproves by a factor of more than 10 all previous card-only attacks on MIFAREClassic, has instant running time, and it does not require a costlyprecomputation. The new attack allows to recover the secret key of any sector ofMIFARE Classic card via wireless interaction, within about 300 queries to thecard. It can then be combined with the nested authentication attack in theNijmegen Oakland paper to recover subsequent keys almost instantly. Both attackscombined and with the right hardware equipment such as Proxmark3, one should beable to clone any MIFARE Classic card in not more than 10 seconds. This is muchfaster than previously thought.
[edit]Considerationsfor systems integration
For systems based on contactless smartcards (e.g. public transportation),security against fraud relies on many components, of which the card is just one.Typically, to minimize costs, systems integrators will choose a relativelycheap card such as a MIFARE Classic and concentrate security efforts in the back office. Additional encryption on the card, transactioncounters, and other methods known in cryptography are then employed to make clonedcards useless, or at least to enable the back office to detect a fraudulent card, and put iton a blacklist. Systems that work with online readers only (i.e., readers with apermanent link to the back office) are easier to protect than systems that haveoffline readers as well, for which real-time checks are not possible andblacklists cannot be updated as frequently.
[edit]See also
[*]RFID
[*]Physicalsecurity
[*]NFC
[edit]Other placesthat use MIFARE technology
[edit]Transportation
Card name Locality Type Details EYCON e-Bus Argentina (Bahía Blanca) MIFARE Classic 1K Planned to be used on buses and taxis.SUBE Argentina (Buenos Aires) MIFARE Classic 1K Metro, trains and buses http://www.sube.gob.ar/Red Bus Argentina (Córdoba, Mendoza, Salta) MIFARE Classic 1K
TarjetaSin Contacto Argentina (Rosario)
Transporte Urbano de Pasajeros TUP http://www.etr.gov.ar/TransLink Go card Australia (Brisbane)
ACTION MyWay Australia (Canberra)
GreenCard Australia (Hobart)
SmartRider Australia (Perth) MIFARE Classic 1K
Myki Australia (Victoria) MIFARE DESFire
Baku metrocard Azerbaijan (Baku) MIFARE Classic 1K, MIFARE Plus S 1K
tri Brazil (Porto Alegre)
RioCard Brazil (Rio de Janeiro)
BilheteÚnico Brazil (São Paulo)
Orovale Brazil (Teresopolis)
Viação Dedo de Deus (buses)ETSBlue Canada (Edmonton, Alberta)
OPUS card Canada (Montreal)
Société detransport de MontréalM-Card Canada (St. John's) MIFARE Classic 1K Used on the Metrobus Transit system. http://www.metrobus.com/mcard.aspPrestoCard Canada (Toronto) MIFAREDESFire
TarjetaBip! Chile (Santiago deChile)
Metro de Santiago, Transantiago, http://www.tarjetabip.clStrongLink China (Beijing)
Yikatong China (Beijing)
Yang ChengTong China (Guangzhou)
Cívica Colombia (Medellin)
BuTra Croatia (Osijek)
InKarta Czech republic (Prag)
http://www.cd.cz/opencard Czech republic (Prag)
Rejsekort Denmark MIFARE Classic 4K
Oyster card England (London) MIFARE DESFire EV1 Migrating from MIFARE Classic to MIFARE DESFire EV1EasyRider England (Nottingham)
Nottingham City TransportIndianRailways India MIFARE DESFire Indian railways (five major cities)CardzMe India (Karnataka)
Issued to students in the Indian state of Karnataka by CardzMiddle EastSmartCard Ireland (Dublin) MIFARE Classic 1K IarnródÉireann
Etalons Latvia MIFARE Ultralight
Touch 'n Go Malaysia
OV-chipkaart Netherlands MIFARE Classic 4K Currently being introduced as a single payment system for publictransportation in the NetherlandsBiałostockaKarta Miejska Poland (Białystok) MIFARE Classic 1K Used on busesWarszawskaKarta Miejska Poland (Warsaw) MIFARE Classic 1K Used on buses, trams, subway and railroadRATBActiv Romania (Bucharest) MIFARE Classic 1K Used on all public surface transportation and also availale forsubwayMoscow Metro Russia (Moscow) MIFARE Ultralight Disposable ticketEMcard Slovakia
Used by almost every public transport system in Slovakia and some in CzechRepublic. In most cases only referred to as BCK - Bezkontaktná cipová karta(contactless smart card)Mybi, T-money, Upass South Korea
Resekortet Sweden MIFARE Classic 1K
SkånetrafikenJoJo Sweden MIFARE Classic 1K
SL Sweden MIFARE Classic 4K Stockholms lokaltrafik (Stockholm public transit card)EasyCard Taiwan
KGSCard Turkey MIFARE Classic 1K, MIFARE Plus 2K (in Classic compatibility mode) Toll Highways, KGS (acronym for Contactless Card Toll System)Muzekart Turkey MIFARE Classic 1K, MIFARE Plus 2K
Istanbulkart Turkey (Istanbul) MIFARE DESFire EV1 Buses, ferry boats, metro, light metro, trams and overgroundtrainsKentKart Turkey (Izmir)
Metro, bus, passenger shipBreezecard USA (AtlantaMARTA, Georgia) MIFARE Ultralight and Classic http://www.breezecard.com/CharlieCard USA (Boston,Massachusetts)
MBTA v. Anderson - Civil case related tothe responsible disclosure of flaws in thesystemMetroQ USA (Houston,Texas) MIFARE Classic 1K
Go-ToCard USA (Minneapolis,Minnesota)
Clipper card USA (San FranciscoBay Area, California) MIFARE DESFire Replacing TransLink, which used a Motorola Card. http://clippercard.com/ORCA Card USA (Seattle,Washington)
MIFARE4Mobile
NXP MIFARE technical specificationInstitutions
[*]New CollegeSchool in Oxford - Buildingaccess[citationneeded].
[*]Imperial College London - Staff andstudent ID access card in London, UK.
[*]Cambridge University- Student/Staff ID and access card, library card, canteen payments in somecolleges
[*]University of Warwick - Staff and studentID card and separate Eatingat Warwick stored value card in Coventry, UK.
[*]Regent'sCollege, London - Staff and student ID access card in London, UK.
[*]BucknellUniversity - Student ID access card in Lewisburg, Pennsylvania.
[*]University of New South Wales -Student ID access card.
[*]University of Alberta - Staff OneCard trial currently underway.
[*]Northumbria University - Student/Staffbuilding and printer access.
[*]City University of Hong Kong -Student/Staff building, Library, Amenities Building.
[*]University of Bayreuth - Student ID cardand canteen card for paying.
[*]Universityof Ibadan, Nigeria - Student IDcard and Examination Verification and Attendance.
[*]ConvenantUniversity, Nigeria - Student ID card and Examination Verification andAttendance.
[*]Lead CityUniversity, Nigeria - Student ID card and Examination Verification andAttendance.
[*]Hogeschool-UniversiteitBrussel, Belgium - Student IDcard, canteen card for paying, library and building access.
[*]Southampton University - Student IDcard, library and building access - Mifare Classic 4K.
[edit]References
[*]^ MIFARE (2009-12-18). "The success of MIFARE". http://www.mifare.net/.
[*]^ Some ISO/IEC 7816-4 commands areused by MIFARE DESFire EV1, including a proprietary method to wrap native MIFAREDESFire commands into a ISO/IEC 7816 APDU.
[*]^ "GermanResearchers Crack Mifare RFID Encryption". Slashdot. http://it.slashdot.org/story/11/10/10/1850230/.
[*]^ "NXPintroduces new security and performance benchmark with MIFARE Plus" (Pressrelease). NXP. 2008-03-10. http://www.nxp.com/news/content/file_1418.html.
[*]^ https://www.blackhat.com/presentations/bh-usa-08/Nohl/BH_US_08_Nohl_Mifare.pdf
[*]^ http://www.gemalto.com/press/archives/2010/2010-11-25_NXP_Gemalto_MIFARE_License_en.pdf
[*]^ http://www.nxp.com/news/content/file_1818.html
[*]^ "MIFARE Classic 1K specification". 2009-02-22. http://mifare.net/products/smartcardics/mifare_standard1k.asp.
[*]^ Karsten Nohl homepage at the University of Virginia
[*]^ Nohl, Karsten; Henryk Plötz. "Mifare: Little Security, Despite Obscurity". ChaosCommunication Congress. http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html.
[*]^ Nohl, Karsten; David Evans (2008-08-01). "Reverse-Engineering a Cryptographic RFID Tag". Proceedingsof the 17th USENIX Security Symposium. http://www.usenix.org/events/sec08/tech/nohl.html.
[*]^ RadboudUniversity Nijmegen Digital Security
[*]^ Digital Security Group (2008-03-12). "Security Flaw in Mifare Classic". Radboud UniversityNijmegen. http://www.ru.nl/ds/research/rfid/.
[*]^ "Proxmark". http://www.proxmark.org. Retrieved 2011-01-25.
[*]^ "Dutch Page". http://www.rijksoverheid.nl/documenten-en-publicaties/kamerstukken/2008/10/31/antwoord-op-kamervragen-over-de-beveiliging-van-de-chip-pas.html. Retrieved 2012-03-24.
[*]^ Arnhem Court Judge Services (2008-07-18). "Pronunciation, Primary Claim". Rechtbank Arnhem. http://zoeken.rechtspraak.nl/ResultPage.aspx?snelzoeken=t&searchtype=ljn&ljn=BD7578.
[*]^ "Judge denies NXP's injunction against security researchers".The Standard. 2008-07-18. http://www.thestandard.com/news/2008/07/18/judge-denies-nxps-injunction-against-security-researchers. Retrieved 2010-02-13.
[*]^ "mifare.net ::Security". http://www.mifare.net/technology/security/. Retrieved 2011-01-25.
[*]^ Courtois, Nicolas T.; Karsten Nohl; Sean O'Neil(2008-04-14). "Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classicand Oyster Cards". Cryptology ePrint Archive. http://eprint.iacr.org/2008/166.
[*]^ Garcia, Flavio D.; Gerhard de Koning Gans; Ruben Muijrers;Peter van Rossum, Roel Verdult; Ronny Wichers Schreur; Bart Jacobs (2008-10-04)."Dismantling MIFARE Classic". 13th European Symposium onResearch in Computer Security (ESORICS 2008), LNCS, Springer. http://www.cs.ru.nl/~flaviog/publications/Dismantling.Mifare.pdf.
[*]^ Garcia, Flavio D.; Peter van Rossum; Roel Verdult; RonnyWichers Schreur (2009-03-17). "Wirelessly Pickpocketing a Mifare Classic Card". 30th IEEESymposium on Security and Privacy (S&P 2009), IEEE. http://www.cs.ru.nl/~flaviog/publications/Pickpocketing.Mifare.pdf.
[*]^ Third and fourthbullet points under "MIFARE Classic vulnerabilities" at http://mifare.net/security/mifare_classic.asp
[*]^ Courtois, Nicolas T. (2009-04-28). "Conditional Multiple Differential Attack on MIFARE Classic".Slides presented at the rump session of Eurocrypt 2009 conference. http://eurocrypt2009rump.cr.yp.to/7870fc6d38647a661145594ef0c33015.pdf.
[*]^ Courtois, Nicolas T. (2009-07-07). "The Dark Side of Security byObscurity and Cloning MiFare Classic Rail and Building Passes Anywhere,Anytime". In SECRYPT 2009 – International Conference on Security andCryptography, to appear. http://www.secrypt.org/.
[*]^ Courtois, Nicolas T. (2009-05-04). "The Dark Side of Securityby Obscurity and Cloning MiFare Classic Rail and Building Passes Anywhere,Anytime". IACR Cryptology Preprint Archive. http://eprint.iacr.org/2009/137.
[*]^ LOT ltd. "Integrator's web site (subway solutions)". http://lotgate.com/index.php?option=com_content&view=article&id=9&Itemid=30&lang=en.
[*]^ http://www.nfctimes.com/news/transport-london-discard-mifare-classic-seeks-desfire-sims
[*]^ Steve Ragan - The Tech Herald. "Replacement suggested for NXP chips used in OV-Chipkaart". http://www.thetechherald.com/articles/Replacement-suggested-for-NXP-chips-used-in-OV-Chipkaart/13223/.
[*]^ Resekortet i Sverige AB. "RKF-specifikationen - Svensk Kollektivtrafik". http://www.svenskkollektivtrafik.se/Resekortet/Puffar/Annonser-langst-ned-pa-startsida/Kontakt/RKF-specifikationen/.
[*]^ http://www.cl.cam.ac.uk/local/wgb/securityaccess.html
[*]^ http://www.clare.cam.ac.uk/academic/handbook/food-drink.html
[edit]Further reading
[*]Dayal, Geeta, "How they hacked it: The MiFare RFID crack explained; A look at theresearch behind the chip compromise, Computerworld, March 19, 2008.
[edit]External links
[*]MIFAREofficial website.
[*]24C3 Talk about MIFARE Classic Video of the 24C3 Talkpresenting the results of reverse engineering the MIFARE Classic family, raisingserious security concerns
[*]Presentation of 24th Chaos Computer Congress in Berlin Claimingthat the MIFARE classic chip is possibly not safe
[*]Demonstration of an actual attack on MIFARE Classic (a buildingaccess control system) by the Radboud University Nijmegen.
Retrieved from "http://en.wikipedia.org/w/index.php?title=MIFARE&oldid=492287573"
View page ratings
Rate this page
Rate thispage
Page ratings
What's this?
Current average ratings.
Trustworthy
Objective
Complete
Well-written
I am highly knowledgeable about this topic(optional) Ihave a relevant college/university degree
It is part of myprofession
Itis a deep personal passion
Thesource of my knowledge is not listed here
I would like to help improveWikipedia, send me an e-mail (optional)We will send you a confirmatione-mail. We will not share your e-mail address with outside parties as per our feedbackprivacy statement.
Submit ratingsSavedsuccessfully
Yourratings have not been submitted yet
Your ratings have expired
Please reevaluate this page and submitnew ratings.
An error has occurred. Please try againlater.
Thanks! Your ratings have been saved.
Please take a moment to complete a shortsurvey.
Start surveyMaybelater
Thanks! Your ratings have been saved.
Do you want to create an account?
An account will help you track your edits, getinvolved in discussions, and be a part of the community.
Create an accountorLog inMaybe later
Thanks! Your ratings have been saved.
Did you know that you can edit thispage?
Edit this pageMaybelater
Categories:
[*]Contactless smartcards
Hidden categories:
[*]All articles withunsourced statements
[*]Articleswith unsourced statements from November 2011
[*]Articleswith unsourced statements from March 2011
[*]Articleswith unsourced statements from October 2008
页:
[1]