You are currently browsing the archives for the mifare category


Mobile phone reading data from a watch!

Due to an NFC project I am currently involved in, I have an iCarte dongle from WDI. Luckily, I also happen to have a Mifare watch from LAKS from a previous project.

I was browsing the AppStore and found this great app, iCarte Reader by which you can read and write mifare chips over an iPhone with an iCarte dongle. Since I already have a cool mifare gadget, my LAKS watch, I began to impress my friends by using my iPhone to read and write data to my watch!

This is a true contactless show case for me; my phone and watch exchanging data over the contactless interface. How cool is that!

Mifare emulation

Mifare is definitely the most used contactless chip in the world. I’ve already covered main topics on Mifare on my previous posts. You can find it everywhere; it has been used billions of times, hacked, cloned and it is still the most popular chip in the world.

If any software product has this much of popularity in its class, the need for running it on different platforms is a must. That is what NXP did years ago. Now almost all dual interface chips -including SIM cards- have the option for running mifare as an emulation.

What is mifare emulation? Mifare emulation is actually an application running on the chip operating system. It emulates the mifare classic operating system by providing the exact same hardware and software functionality. Once it has been installed, it responds exactly like a native mifare chip to the readers transmitting mifare commands. Dual interface chips have the contact interface and mifare emulation automatically utilizes this interface. This brings the ability to personalize the mifare emulation applet over the contact interface, which is simply impossible on a native mifare chip.

It is of course very useful to have the mifare functionality on other platforms, but it has some drawbacks as well:

  • First, it has the exact same security problem with the native mifare. But this is something you must have considered while using mifare classic, so it can be skipped.
  • Mifare emulation applet is generally slower than native mifare chip while responding the mifare commands. You need to consider this if you must use native mifare chips and mifare emulation at the same time.
  • You may have to re-configure the readers if they are set to work only with native mifare classic chips.

Another tip is that some vendor’s implementation does not allow to read the Mifare UID from contact interface. This is a great barrier for personalization where you will need the UID for key diversification.

Mifare emulation applets provide an API for accessing the mifare blocks over the contact interface during run time. This way, you get the chance to update the data stored in the mifare blocks during another contact transaction.

DesFire has also been implemented as an emulation and Mifare Plus is also announced to be released next in 2011/2012.

NXP and Gemalto sign licensing agreement for adding Mifare to UICC

Today, Gemalto announced that Gemalto and NXP signed a licensing agreement for adding Mifare to Gemalto’s SIM products.

Gemalto is clearly the global market leader in providing banking smart cards. What else? Gemalto also has an OTA platform for mobile network operators. Gemalto is a member of Open Handset Alliance -the organization behind Android, which officialy announced the NFC support very short time ago. They even acquired the Mifare4Mobile team from NXP two years ago. Well, putting them all together, we can say that they have “the whole package” for an NFC ecosystem.

Without a doubt, transport ticketing is the killer application for NFC and Mifare is the strongest player for hosting the transport ticketing applications. All the mifare classic hacks couldn’t change this. NXP announced that 4 byte UIDs reached the end and they will start non-unique 4 byte UIDs or 7 byte UIDs for Mifare Classic.

So adding a mifare emulation applet on top of Gemalto’s current product range means only one thing; mifare based ticketing systems have a clear path for an NFC project. Gemalto can provide an end-to-end solution for transport operators, regulatory authorities, or even to banks for running a mifare based application via mobile phones.

Again; the only missing part is still the lack of handsets with NFC support!

Fast track at the airport : TAV Passport Card

Passing through airport gates and check in procedures always require a very long time to be spent in the airports. Thanks to contactless devices, that may be history.

Contactless ecosystem and airport check in services has much to offer together. TAV Passport card is no exception in that sense. TAV is the operator of biggest 3 airports in Turkey -and a few more in neighboring countries. They are doing excellent job in running these airports, yet they developed a contactless card for frequent flyers.

TAV Card is a contactless card -mifare 1k- offering:

  • a special gate for fast entrance to airport
  • business check in -regardless from your ticket type
  • free parking at the airport parking area for 30 days/year
  • airport transfers
  • fast passport control at a special gate for TAV card holders
  • discount rates at duty free
  • discount rates at the coffee shops at the airport

It’s a very well designed product for frequent flyers which need speed and convenience on the time they spend at the airport. Contactless devices provide these requirements, so it’s the correct choice to use a contactless card.

Castle POS terminals were used and credits go to Verisoft for developing the whole system.

Mifare Plus, a migration chip to more secure times

After the infamous Mifare hack, there’s been a lot of talk on Mifare Classic chips. Some governments even issued laws for banning Mifare Classic in the future for using some specific purposes.

So what did NXP do? Actually NXP was already aware of the upcoming issues and was working on next generation of Mifare. There has been two outputs of this study, as fas as I know. One of them is Mifare Plus and the other is Mifare EV1, which is to be announced soon.

What is Mifare Plus and how does it overcome the security issue? More importantly, how does it help to migrate the current installation of devices working with Mifare Classic only? I think NXP did a great job to respond to the security and migration questions with Mifare Plus.

Mifare Plus is actually the update of Crypto1 to AES while the memory organization of the chip remaining the same. Mifare Plus comes with 4 security levels, each of them having a different authentication levels.

  • Level 0 is the personalization level.
  • Level 1 is Mifare Classic level, where the chip acts exactly as Mifare Classic. This level helps start issuing more secure cards while the reader infrastructure is still the same.
  • Level 2 is only valid for Mifare Plus X cards, I will come to that later.
  • And Level 3 is where good old Crypto1 ends its journey and AES is being used for authentication.

There are 2 types of Mifare Plus chips; S and X. With Mifare Plus S, you can only utilize the AES alghoritm and MAC’ing while X comes with much more features like encryption of exchanged data and proximity check. X is an export controlled product. With Mifare Plus X, there is the option of using both Crypto1 and AES at the Security Level 2.

Another big update of Mifare Plus is the 7 bytes unique id. Since the 4 byte unique ids are almost at the end of its limit, Mifare Plus chips has 7 bytes unique ids. Mifare Plus also has a very important implementation; now you can read and write multiple blocks instead of one at a time. This will dramatically improve the trransaction speed, if implemented correctly. The last of the updates is that Mifare Plus supports random uid, which responds to again some security issues.

I think that Mifare Plus is a very solid product for migrating from Mifare Classic to a more secure platform with minimal infrastructure updates. If you need more features that this you can go for Mifare DesFire which provides much more flexibility in terms of file integrity and flexibility.

my-d move from Infineon against NXP’s Mifare Ultralight

Contactless chips for limited use have been popular in public transportation for some years. NXP, just like in mifare case, has been leading this market with mifare ultralight. Ultralight chips have limited memory and no crypto support, but have OTP (one time programmable) memory area which is perfect for enabling the restriction the limited use of the ticket. Later on NXP developed a next generation of Ultralight, which is called Ultralight C. Ultralight C supports 3DES in addition to its elder brother Ultralight. Good.

Of course, Ultralight is not the only product in the market. Infineon, as one of the strongest players in the semi-conductor manufacturers have a great product as a competitor to NXP’s Ultralight family called my-d move. my-d move is a member of my-d family of Infineon and has 128 bytes of memory for application and supports 32 bit password for authentication. It also supports password re-try counter feature against brute force attacks. Unlike Ultralight C, my-d move does not have any keys stored in the chip, but has a secure code which is written at the time of issuing the chip. Secure code is authenticated at the time of using the chip along with the password.

One great future of my-d move is, just like Mifare Ultralight, the support for NFC Type 2 Tag Operations. This practically means that my-d move can interact with NFC devices like handsets or other contactless readers. This opens a whole new world for these products. Infineon positions the product as a limited use media like single trip ticket for transportation or event ticketing. Imagine tickets for a rock music event being formatted by a cell phone on an over-the-air service. my-d move and Ultralight opens a gate for enabling projects like this. You can create the ticket with a mobile phone and then send the ticket data to central host over GPRS/3G connection of the mobile handset. You can also validate/invalidate tickets via NFC handsets. Great opportunity. One great addition to this would be the usage of the ticket for buying a drink inside the event. Or think of voting for polls displayed on kiosks with contactless readers and people voting and identifying themselves with the contactless ticket.

Basicly, my point is that these chips are great for any type of ticketing, not limited to limited use for transportation.

Mifare classic the legend

It’s quite common nowadays to talk about security leaks of mifare classic chips. It’s easy to “hack” the chip, clone it, read the contents of it without knowing the keys, and so on; the list goes on like this. Even the license holder NXP is recommending to migrate to mifare plus. Well not good for any product!

These words definitely don’t sound good, however there’s the fact that a huge number of mifare chips (more than one billion, according to unofficial sources of mine) are already being used for systems mainly transportation and access control. Many of these applications do not require anything more than reading a unique id. When it’s transportation or e-purse, it’s authenticating a few sectors and updating the purse balance.

Mifare was developed by an Austrian company called Micron. It was specifically designed for transportation and the name was chosen accordingly: Micron Fare Collection, which was Mi-Fare. The chip was very fast and providing a good level of security required for access control and transport ticketing environment. The memory structure is not flexible enough for today’s complex mechanisms but back then, I think it was more than enough.

Basically, mifare operating system has 16 sectors of secure memory protected by two 48 bit keys stored in the chip. Each sector has 4 blocks for storing data. Each block has 16 bytes of data storage. Each sector has one block reserved for keys and access conditions. Although not recommended, you can even use the keys as data storage.

I think the strength of mifare platform comes mainly from off-the-shelf readers and components widely available on the market. Today, designing a mifare application, developing it on readers and formatting the cards is quite a standardized process. You can find virtually unlimited number of products and companies providing mifare based application and systems. The “security” rules are also very well defined and documented.

Well, there’s been many projects that it was planned that mifare will be phased out. Or mifare is specifically blacklisted as a prerequisite. However, I strongly believe that mifare is quite a successful product and it has made a very good job for deploying contactless systems. If mifare did not exist, I think contactless systems would not be popular as it is today. Of course there are very strong competitors of mifare such as Legic, Calypso and Felica, but mifare is the most popular one among all. I will try to cover the competitors of mifare, which are all stronger than mifare in the security level, but not as much as deployed worldwide as mifare. This is actually the point that I’d like to point out with this post.

It’s quite common nowadays to talk about security leaks of mifare classic chips. It’s easy to “hack” the chip, clone it, read the contents of it without knowing the keys, and so on; the list goes on like this. Even the license holder NXP is recommending to migrate to mifare plus. Well not good for any product!
These words definitely don’t sound good, however there’s the fact that a huge number of mifare chips (more than one billion, according to unofficial sources of mine) are already being used for systems mainly transportation and access control. Many of these applications do not require anything more than reading a unique id. When it’s transportation or e-purse, it’s authenticating a few sectors and updating the purse balance.
Mifare was developed by an Austrian company called Micron. It was specifically designed for transportation and the name was chosen accordingly: Micron Fare Collection, which was Mi-Fare. The chip was very fast and providing a good level of security required for access control and transport ticketing environment. The memory structure is not flexible enough for today’s complex mechanisms but back then, I think it was more than enough.
Basically, mifare operating system has 16 sectors of secure memory protected by two 48 bit keys stored in the chip. Each sector has 4 blocks for storing data. Each block has 16 bytes of data storage. Each sector has one block reserved for keys and access conditions. Although not recommended, you can even use the keys as data storage.
I think the strength of mifare platform comes mainly from off-the-shelf readers and components widely available on the market. Today, designing a mifare application, developing it on readers and formatting the cards is quite a standardized process. You can find virtually unlimited number of products and companies providing mifare based application and systems. The “security” rules are also very well defined and documented.
Well, there’s been many projects that it was planned that mifare will be phased out. Or mifare is specifically blacklisted as a prerequisite. However, I strongly believe that mifare is quite a successful product and it has made a very good job for deploying contactless systems. If mifare did not exist, I think contactless systems would not be popular as it is today. Of course there are very strong competitors of mifare such as Legic, Calypso and Felica, but mifare is the most popular one among all. I will try to cover the competitors of mifare, which are all stronger than mifare in the security level, but not as much as deployed worldwide as mifare. This is actually the point that I’d like to point out with this post.

Transportation task force from GlobalPlatform

Access control applications and transportation systems were the “killer applications” that caused the boom in the contactless cards. Access control systems are generally do not require anything more than a unique id, but transportation systems are more complex.

Speaking generally, two products dominate the contactless transportation installations: NXP‘s mifare family and the Calypso family, which are famous from the ISO 14443 Type A and B, by the way. Mifare has been dominant for years, but with the security leak that was imposed by the German CCC has been quite a barrier for Mifare lately. NXP responded with Mifare Plus, which is a product designed for migrating the current systems without changing the card media. I think it’s a very good move.

In the last 3-4 years, we saw that banks are trying to penetrate into the contactless transportation systems. Unfortunately the technology that the banks have -EMV- can not respond to the transportation ticketing requirements. Both Visa and MasterCard are working on this.

On the other hand, I saw a very interesting news on Near Field Communications World.com about GlobalPlatform‘s new task force on transportation systems.

I think this will eventually lead to more standardized schemes in the transport ticketing world. Both NXP and Calypso already have compliant products with GlobalPlatform. But the effort that the GlobalPlatform itself will make more efficient affect, not just on the cards, but the readers and terminals as well. It’s also important in terms of NFC based payment scenarios in the transportation since the GSM world will be using a SIM-centric systems based on GlobalPlatform standards.