After the infamous Mifare hack, there’s been a lot of talk on Mifare Classic chips. Some governments even issued laws for banning Mifare Classic in the future for using some specific purposes.
So what did NXP do? Actually NXP was already aware of the upcoming issues and was working on next generation of Mifare. There has been two outputs of this study, as fas as I know. One of them is Mifare Plus and the other is Mifare EV1, which is to be announced soon.
What is Mifare Plus and how does it overcome the security issue? More importantly, how does it help to migrate the current installation of devices working with Mifare Classic only? I think NXP did a great job to respond to the security and migration questions with Mifare Plus.
Mifare Plus is actually the update of Crypto1 to AES while the memory organization of the chip remaining the same. Mifare Plus comes with 4 security levels, each of them having a different authentication levels.
- Level 0 is the personalization level.
- Level 1 is Mifare Classic level, where the chip acts exactly as Mifare Classic. This level helps start issuing more secure cards while the reader infrastructure is still the same.
- Level 2 is only valid for Mifare Plus X cards, I will come to that later.
- And Level 3 is where good old Crypto1 ends its journey and AES is being used for authentication.
There are 2 types of Mifare Plus chips; S and X. With Mifare Plus S, you can only utilize the AES alghoritm and MAC’ing while X comes with much more features like encryption of exchanged data and proximity check. X is an export controlled product. With Mifare Plus X, there is the option of using both Crypto1 and AES at the Security Level 2.
Another big update of Mifare Plus is the 7 bytes unique id. Since the 4 byte unique ids are almost at the end of its limit, Mifare Plus chips has 7 bytes unique ids. Mifare Plus also has a very important implementation; now you can read and write multiple blocks instead of one at a time. This will dramatically improve the trransaction speed, if implemented correctly. The last of the updates is that Mifare Plus supports random uid, which responds to again some security issues.
I think that Mifare Plus is a very solid product for migrating from Mifare Classic to a more secure platform with minimal infrastructure updates. If you need more features that this you can go for Mifare DesFire which provides much more flexibility in terms of file integrity and flexibility.