几何尺寸与公差论坛

 找回密码
 注册
查看: 2647|回复: 0

MIFARE From Wikipedia

[复制链接]
发表于 2012-5-14 10:35:10 | 显示全部楼层 |阅读模式
MIFARE

  From Wikipedia, the free encyclopedia
  Jump to: navigation, search
  MIFARE is the NXP Semiconductors-owned trademark of a  series of chips widely used in contactless smart cards and proximity cards.  According to the producers, billions of smart card chips and many millions of  reader modules have been sold.[1] The technology is  owned by NXP Semiconductors (spin off from Philips  Electronics in 2006) with its headquarters in Eindhoven, the Netherlands,  and main business sites in Nijmegen, the Netherlands, and Hamburg, Germany.

The MIFARE name covers proprietary technologies based upon various level of  the ISO/IEC 14443 Type A  13.56 MHz contactless  smart card standard.

      Contents

[hide]

[edit]  Variants

The technology is embodied in both cards and readers (also referred to as a  Proximity Coupling Device which is suitable to use).

The MIFARE name (derived from the term MIkron FARE Collection System) covers  seven different kinds of contactless cards:

MIFARE Classic employ a proprietary protocol compliant to parts (but not all) of ISO/IEC  14443-3 Type A, with an NXP proprietary security protocol for authentication and  ciphering.MIFARE Ultralightlow-cost ICs that employ the same protocol as MIFARE Classic, but without  the security part and slightly different commandsMIFARE Ultralight Cthe first low-cost ICs for limited-use applications that offer the benefits  of an open Triple DES  cryptographyMIFARE DESFireare smart  cards that comply to ISO/IEC 14443-4 Type A with a mask-ROM operating system  from NXP.MIFARE DESFire EV1includes AES encryption.MIFARE Plusdrop-in replacement for MIFARE Classic with certified security level (AES 128 based)MIFARE SAM AV2secure access module that provides the secure storage of cryptographic keys and cryptographic  functions [edit]  MIFARE Classic

The MIFARE Classic card is fundamentally just a memory storage device, where  the memory is divided into segments and blocks with simple security mechanisms  for access control.  They are ASIC-based and have  limited computational power. Thanks to their reliability and low cost, those  cards are widely used for electronic wallet, access control, corporate ID cards,  transportation or stadium ticketing.

The MIFARE Classic 1K offers 1024 bytes of data storage, split into 16  sectors; each sector is protected by two different keys, called A  and B. Each key can be programmed to allow operations such as reading,  writing, increasing value blocks, etc. MIFARE Classic 4K offers 4096 bytes split  into forty sectors, of which 32 are same size as in the 1K with eight more that  are quadruple size sectors. MIFARE Classic mini offers 320 bytes split into five  sectors. For each of these card types, 16 bytes per sector are reserved for the  keys and access conditions and can not normally be used for user data. Also, the  very first 16 bytes contain the serial number of the card and certain other  manufacturer data and are read only. That brings the net storage capacity of  these cards down to 752 bytes for Classic 1k, 3440 bytes for Classic 4k, and 224  bytes for Mini. It uses an NXP proprietary security protocol (Crypto-1) for authentication and ciphering.

MIFARE Classic encryption has been compromised, see below for details.

[edit]  MIFARE Ultralight

The MIFARE Ultralight has only 512 bits of memory (i.e. 64 bytes), without  cryptographic security. The memory is provided in 16 pages of 4  bytes.

This card is so inexpensive it is often used for disposable tickets for  events such as the Football World Cup 2006.

[edit]  MIFARE Ultralight C

Introduced at the Cartes industry trade show in 2008, MIFARE Ultralight C is  part of NXP's low-cost MIFARE offering (disposable ticket). With Triple DES,  MIFARE Ultralight C uses a widely adopted standard, enabling easy integration in  existing infrastructures. The integrated Triple DES authentication provides an  effective countermeasure against cloning.

Key features:



  • Fully compliant with ISO/IEC 14443 parts 1-3, Type A (including  anti-collision)
  • 1536 bits (192 bytes) EEPROM memory
  • Protected data access via 3-pass Triple DES authentication
  • Memory structure as in MIFARE Ultralight (pages of 4 byte)
  • Backwards compatibility to MIFARE Ultralight due to compatible command  set
  • 16 bit one-way counter
  • Unique 7 bytes serial number (UID)
Key applications for MIFARE Ultralight C are Public Transportation, Event  Ticketing, Loyalty and NFC Forum Tag Type 2.

[edit]  MIFARE DESFire

The MIFARE DESFire is based on a core similar to SmartMX,  with more hardware and software security features than MIFARE Classic. It comes  pre-programmed with the general purpose MIFARE DESFire operating system which  offers a simple directory structure and files. They are sold in four variants:  one with Triple-DES only & 4 Kbytes of storage and three with AES & 2, 4  or 8 KB (see MIFARE DESFire EV1). The AES variants have additional security  features, i.e. CMAC. MIFARE DESFire uses a  protocol compliant with ISO/IEC 14443-4.[2] The card is based on  an 8051 processor with  3DES/AES crypto accelerator, making very fast transactions possible.

The maximal read/write distance between card and reader is 10 cm (4 inches),  but actual distance depends on the field power generated by the reader and its  antenna size.

In 2011 it was announced that the MIFARE DESFire security had been  broken.[3]

[edit]  MIFARE DESFire EV1

(previously called DESFire8)

New evolution of MIFARE DESFire card, broadly backwards compatible. Available  with 2 KB, 4 KB and 8 KB NV-Memory. Other features include:



  • Support for random ID
  • Support for 128-bit AES
  • Hardware and Operating System is Common Criteria certified at level EAL 4+
MIFARE DESFire EV1 was publicly announced in November 2006[citation  needed].

[edit]  MIFARE Plus

MIFARE Plus is a replacement card for the MIFARE Classic. It provides an easy  upgrade of existing infrastructures toward high security. Data management is  identical to the MIFARE Classic, however the security management requires the  modification of the installed reader base. Other features include:



  • 2 Kbytes or 4 Kbytes of memory
  • 7 or 4 bytes UID, with optional support for random UID
  • Support for 128-bit AES
  • Common Criteria certified at level EAL 4+
  • MIFARE Plus S for simple migration or MIFARE Plus X with many eXpert  commands
  • Security upgrade with cards in the field.
It is less flexible than MIFARE DESFire EV1.

MIFARE Plus was publicly announced in March 2008 with first samples in Q1  2009.[4]

MIFARE Plus, when used in older transportation systems that do not yet  support AES on the reader side, still leaves an open door to attacks. Though it  helps to mitigate threats from attacks that broke the Crypto-1 cipher through the weak random number  generator, it does not help against brute force attacks and cryptoanalytic  attacks.[5] During the  transition period from MIFARE Classic to MIFARE Plus where only a few readers  might support AES in the first place, it offers an optional AES authentication  in Security Level 1 (which is in fact MIFARE Classic operation). This does not  prevent the attacks mentioned above but enables a secure mutual authentication  between the reader and the card to prove that the card belongs to the system and  is not fake.

[edit]  MIFARE SAM AV2

MIFARE SAMs are not contactless smartcards. They are Secure access  modules designed to provide the secure storage of cryptographic keys and  cryptographic functions for terminals to access the MIFARE products securely and  to enable secure communication between terminals and host (backend). MIFARE  SAMs are available from NXP in the contact-only module (PCM 1.1) as defined in  ISO/IEC 7816-2 and the HVQFN32 format.[citation  needed]

Key features:



  • Compatible with MIFARE portfolio solutions
  • Supports MIFARE, 3DES and AES cryptography
  • Key diversification
  • Secure download and storage of keys
  • 128 key entries
  • ISO/IEC 7816 baud rate up to 1.5 Mbit/s
  • X-mode functionality
Integrating a MIFARE SAM AV2 in a contactless smart card reader enables a design which integrates  high-end cryptography features and the support of crypto authentication and data  encryption/decryption.[citation  needed] Like any SAM, it offers functionality to store keys  securely, and perform authentication and encryption of data between the  contactless card and the SAM and the SAM towards the backend. Next to a  classical SAM architecture the MIFARE SAM AV2 supports the X-mode which allows a  fast and convenient contactless terminal development by connecting the SAM to  the microcontroller and reader IC simultaneously.[citation  needed]

MIFARE SAM AV2 offers AV1 mode and AV2 mode where in comparison to the SAM  AV1 the AV2 version includes Public  Key Infrastructure (PKI), Hash functions like SHA-1, SHA-224, and SHA-256. It supports MIFARE Plus and a secure host  communication. Both modes provide the same communication interfaces,  cryptographic algorithms (Triple-DES 112-bit and 168-bit key, MIFARE Crypto1,  AES-128 and AES-192, RSA with up to 2048-bit keys), and X-mode  functionalities.[citation  needed]

[edit]  History



  • 1994 — MIFARE Classic 1k contactless technology introduced.
  • 1996 — First transport scheme in Seoul  using MIFARE Classic 1k.
  • 1997 — MIFARE PRO with Triple  DES coprocessor  introduced.
  • 1999 — MIFARE PROX with PKI  coprocessor introduced.
  • 2001 — MIFARE UltraLight introduced.
  • 2002 — MIFARE DESFire introduced, microprocessor based product.
  • 2004 — MIFARE DESFire SAM introduced, secure infrastructure counterpart of  MIFARE DESFire.
  • 2006 — MIFARE DESFire EV1 is announced as the first product to support  128-bit AES
  • 2008 — MIFARE Plus is announced as a drop-in replacement for MIFARE Classic  based on 128-bit AES
  • 2008 — MIFARE Ultralight C is introduced as paperticket IC featuring Triple  DES Authentication
  • 2010 — MIFARE SAM AV2 is introduced as secure key storage for readers AES,  Triple DES, PKI Authentication
MIFARE was developed by Mikron; the name stands for MIkron  FARE-collection System. It was acquired by Philips in 1998. Mikron  sourced silicon from Atmel in the US, Philips in the Netherlands, and Siemens in  Germany.[citation  needed]

After the Philips acquisition, Hitachi licensed MIFARE for the development of  the contactless smart card solution for NTT's IC telephone card which  started in 1999 and finished in 2006.[citation  needed]

Motorola tried to develop MIFARE-like chip for wired-logic version but  finally gave up. The project expected one million cards per month for start, but  that fell to 100,000 per month just before they gave up the project.[citation  needed]

In the NTT contactless IC telephone card project, three parties joined:  Tokin-Tamura-Siemens, Hitachi  (Philips-contract for technical support), and Denso (Motorola-only  production).[citation  needed] NTT asked for two versions of chip, i.e.  wired-logic chip (like MIFARE Classic) with small memory and big memory  capacity. Hitachi developed only big memory version and cut part of the memory  to fit for the small memory version.

In 2008 NXP licenced MIFARE Plus and MIFARE DESFire to Renesas  Technology.[citation  needed] In 2010 NXP licenced MIFARE to Gemalto.[6] In 2011 NXP licenced  Oberthur[7]  to use MIFARE on SIM cards. These licencees are developing Near  Field Communication products.[citation  needed]

Infineon  Technologies(formerly Siemens) licenced MIFARE from Mikron in 1994[citation  needed] and developed and today produces various dervatives  based on MIFARE technology including 1K memory and various microcontrollers with  MIFARE emulations, including devices for use in USIM with Near  Field Communication.[citation  needed]

[edit]  Security of MIFARE  Classic

The encryption used by the MIFARE Classic card uses a 48 bit key.[8]

A presentation by Henryk Plötz and Karsten  Nohl[9] at the Chaos Communication Congress in  December 2007 described a partial reverse-engineering of the algorithm used in  the MIFARE Classic chip. Abstract and slides[10]  are available online. A paper that describes the process of reverse engineering  this chip was published at the August 2008 USENIX security conference.[11]

In March 2008 the Digital Security[12] research group of  the Radboud University Nijmegen made  public that they performed a complete reverse-engineering and were able to clone  and manipulate the contents of a MIFARE Classic card.[13]  For demonstration they used the Proxmark device, a 125 kHz / 13.56 MHz research  instrument.[14] The schematics and  software are released under the free GNU General Public License by Jonathan Westhues  in 2007. They demonstrate it is even possible to perform card-only attacks using  just an ordinary stock-commercial NFC reader in combination with the libnfc  library.

The Radboud University published three scientific papers concerning the  security of the MIFARE Classic:


In response to these attacks, the Dutch Minister  of the Interior and Kingdom Relations stated that they would investigate  whether the introduction of the Dutch Rijkspas could be brought forward from Q4  of 2008.[15]

NXP tried to stop the publication of the second article by requesting a  preliminary injunction. However, the injunction was denied, with the court  noting that, "It should be considered that the publication of scientific studies  carries a lot of weight in a democratic society, as does informing society about  serious issues in the chip, because it allows for mitigating of the risks."[16][17]

Both independent research results are confirmed by the manufacturer NXP.[18]

The MIFARE Classic encryption Crypto-1 can be broken in about 200 seconds on a  laptop,[19] if approx. 50 bits  of known (or chosen) key stream are available. This attack reveals the key from  sniffed transactions under certain (common) circumstances and/or allows an  attacker to learn the key by challenging the reader device.

The attack proposed in[20] recovers the  secret key in about 40 ms on a laptop. This attack requires just one (partial)  authentication attempt with a legitimate reader.

Additionally there are a number of attacks that work directly on a card and  without the help of a valid reader device.[21] These attacks have  been acknowledged by NXP.[22] In April 2009 new  and better card-only attack on MIFARE Classic has been found. It was first  announced at the Rump session of Eurocrypt 2009.[23]  This attack was presented at SECRYPT 2009.[24] The full  description of this latest and fastest attack to date can also be found in the  IACR preprint archive.[25] The new attack  improves by a factor of more than 10 all previous card-only attacks on MIFARE  Classic, has instant running time, and it does not require a costly  precomputation. The new attack allows to recover the secret key of any sector of  MIFARE Classic card via wireless interaction, within about 300 queries to the  card. It can then be combined with the nested authentication attack in the  Nijmegen Oakland paper to recover subsequent keys almost instantly. Both attacks  combined and with the right hardware equipment such as Proxmark3, one should be  able to clone any MIFARE Classic card in not more than 10 seconds. This is much  faster than previously thought.

[edit]  Considerations  for systems integration

For systems based on contactless smartcards (e.g. public transportation),  security against fraud relies on many components, of which the card is just one.  Typically, to minimize costs, systems integrators will choose a relatively  cheap card such as a MIFARE Classic and concentrate security efforts in the back office. Additional encryption on the card, transaction  counters, and other methods known in cryptography are then employed to make cloned  cards useless, or at least to enable the back office to detect a fraudulent card, and put it  on a blacklist. Systems that work with online readers only (i.e., readers with a  permanent link to the back office) are easier to protect than systems that have  offline readers as well, for which real-time checks are not possible and  blacklists cannot be updated as frequently.

[edit]  See also


[edit]  Other places  that use MIFARE technology

[edit]  Transportation

    Card name Locality Type Details   EYCON e-Bus Argentina (Bahía Blanca) MIFARE Classic 1K Planned to be used on buses and taxis.  SUBE Argentina (Buenos Aires) MIFARE Classic 1K Metro, trains and buses http://www.sube.gob.ar/  Red Bus Argentina (Córdoba, Mendoza, Salta) MIFARE Classic 1K
  Tarjeta  Sin Contacto Argentina (Rosario)
Transporte Urbano de Pasajeros TUP http://www.etr.gov.ar/  TransLink Go card Australia (Brisbane)

  ACTION MyWay Australia (Canberra)

  Green  Card Australia (Hobart)

  SmartRider Australia (Perth) MIFARE Classic 1K
  Myki Australia (Victoria) MIFARE DESFire
  Baku metrocard Azerbaijan (Baku) MIFARE Classic 1K, MIFARE Plus S 1K[26]
  tri Brazil (Porto Alegre)

  RioCard Brazil (Rio de Janeiro)

  Bilhete  Único Brazil (São Paulo)

  Orovale Brazil (Teresopolis)
Viação Dedo de Deus (buses)  ETS  Blue Canada (Edmonton, Alberta)

  OPUS card Canada (Montreal)
Société de  transport de Montréal  M-Card Canada (St. John's) MIFARE Classic 1K Used on the Metrobus Transit system. http://www.metrobus.com/mcard.asp  Presto  Card Canada (Toronto) MIFARE  DESFire
  Tarjeta  Bip! Chile (Santiago de  Chile)
Metro de Santiago, Transantiago, http://www.tarjetabip.cl  StrongLink China (Beijing)

  Yikatong China (Beijing)

  Yang Cheng  Tong China (Guangzhou)

  Cívica Colombia (Medellin)

  BuTra Croatia (Osijek)

  In  Karta Czech republic (Prag)
http://www.cd.cz/  opencard Czech republic (Prag)

  Rejsekort Denmark MIFARE Classic 4K
  Oyster card England (London) MIFARE DESFire EV1 Migrating from MIFARE Classic to MIFARE DESFire EV1[27]  EasyRider England (Nottingham)
Nottingham City Transport  IndianRailways India MIFARE DESFire Indian railways (five major cities)  Cardz  Me India (Karnataka)
Issued to students in the Indian state of Karnataka by Cardz  Middle East  SmartCard Ireland (Dublin) MIFARE Classic 1K Iarnród  Éireann
  Etalons Latvia MIFARE Ultralight
  Touch 'n Go Malaysia

  OV-chipkaart Netherlands MIFARE Classic 4K[28] Currently being introduced as a single payment system for public  transportation in the Netherlands  Białostocka  Karta Miejska Poland (Białystok) MIFARE Classic 1K Used on buses  Warszawska  Karta Miejska Poland (Warsaw) MIFARE Classic 1K Used on buses, trams, subway and railroad  RATB  Activ Romania (Bucharest) MIFARE Classic 1K Used on all public surface transportation and also availale for  subway  Moscow Metro Russia (Moscow) MIFARE Ultralight Disposable ticket  EMcard Slovakia
Used by almost every public transport system in Slovakia and some in Czech  Republic. In most cases only referred to as BCK - Bezkontaktná cipová karta  (contactless smart card)  Mybi, T-money, Upass South Korea

  Resekortet Sweden MIFARE Classic 1K[29]
  Skånetrafiken  JoJo Sweden MIFARE Classic 1K
  SL Sweden MIFARE Classic 4K Stockholms lokaltrafik (Stockholm public transit card)  EasyCard Taiwan

  KGS  Card Turkey MIFARE Classic 1K, MIFARE Plus 2K (in Classic compatibility mode) Toll Highways, KGS (acronym for Contactless Card Toll System)  Muzekart Turkey MIFARE Classic 1K, MIFARE Plus 2K
  Istanbulkart Turkey (Istanbul) MIFARE DESFire EV1 Buses, ferry boats, metro, light metro, trams and overground  trains  KentKart Turkey (Izmir)
Metro, bus, passenger ship  Breeze  card USA (Atlanta  MARTA, Georgia) MIFARE Ultralight and Classic http://www.breezecard.com/  Charlie  Card USA (Boston,  Massachusetts)
MBTA v. Anderson - Civil case related to  the responsible disclosure of flaws in the  system  MetroQ USA (Houston,  Texas) MIFARE Classic 1K
  Go-To  Card USA (Minneapolis,  Minnesota)

  Clipper card USA (San Francisco  Bay Area, California) MIFARE DESFire Replacing TransLink, which used a Motorola Card. http://clippercard.com/  ORCA Card USA (Seattle,  Washington)

  MIFARE4Mobile

NXP MIFARE technical specification  Institutions


[edit]  References

  
[edit]  Further reading


[edit]  External links



Retrieved from "http://en.wikipedia.org/w/index.php?title=MIFARE&oldid=492287573"  
    View page ratings
Rate this page
Rate this  page
Page ratings
What's this?
Current average ratings.
    Trustworthy
        
  
   
  
  Objective
        
  
   
  
  Complete
        
  
   
  
  Well-written
        
  
   
  

   I am highly knowledgeable about this topic  (optional)   I  have a relevant college/university degree
It is part of my  profession
It  is a deep personal passion
The  source of my knowledge is not listed here
  I would like to help improve  Wikipedia, send me an e-mail (optional)  We will send you a confirmation  e-mail. We will not share your e-mail address with outside parties as per our feedback  privacy statement.




Submit ratings  Saved  successfully
Your  ratings have not been submitted yet
    Your ratings have expired
Please reevaluate this page and submit  new ratings.



  An error has occurred. Please try again  later.

    Thanks! Your ratings have been saved.
  Please take a moment to complete a short  survey.
Start surveyMaybe  later


   Thanks! Your ratings have been saved.
  Do you want to create an account?
An account will help you track your edits, get  involved in discussions, and be a part of the community.
Create an accountorLog inMaybe later  


   Thanks! Your ratings have been saved.
  Did you know that you can edit this  page?
Edit this pageMaybe  later





  Categories:  

Hidden categories:  
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|小黑屋|几何尺寸与公差论坛

GMT+8, 2024-12-22 13:26 , Processed in 0.060076 second(s), 19 queries .

Powered by Discuz! X3.4 Licensed

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表