End to end system security risk considerations for implementing MIFARE Classic

MIFARE Classic Crypto1, contactless card, end-to-end system security, vulnerabilities, threat and attack analysis, countermeasures

MIFARE Classic is the brand name for integrated circuits with an ISO14443 contactless Radio Frequency-interface and the MIFARE Classic Crypto1 security algorithm. The product was launched in 1995 and was the first product which could be fitted into an ISO size contactless smart card, allowing very high volume production. It has become the pioneer and front runner of contactless smart cards operating in the 13.56 MHz frequency range, offering read and write capabilities. Today, over 1 billion MIFARE cards are shipped around the globe, covering more than 70% of the contactless smart card market. As such, MIFARE Classic has become the industry’s choice.

NXP Semiconductors currently supplies MIFARE Classic in three versions: The MIFARE Mini with 320 bytes EEPROM1, the MIFARE Standard with 1 Kbytes EEPROM 2 and the MIFARE Standard 4k with 4 Kbytes of EEPROM3 . For multi-application cards, MIFARE Standard 4k can support up to 40 different applications on the card, each with its own dedicated keys and memory area.

Next to the products mentioned above there is also an implementation of MIFARE Classic in the SmartMX and in the MIFARE Plus (security level1).

Finally, there are also products with MIFARE Classic functionality on the market from other suppliers than NXP.

This document assumes that the reader of this document has detailed, expert level technical knowledge of the MIFARE Classic card from a user point of view.

Recently some media have published reports showing that certain security measures of the MIFARE Classic card can be circumvented. The research community has revealed the functionality of the Classic cryptographic algorithm and the interested public can find information on the internet. This document therefore assumes that the cryptographic algorithm is known to the attackers.

The latest revelations of the research community also make certain countermeasures useless. Therefore some of the countermeasures that were published in earlier versions of this application note are no longer useful and have therefore been removed.

System integrators now have to reconsider whether they have implemented appropriate additional security measures for the use of the MIFARE Classic card for applications that need security. In any scheme, it is the overall end-to-end system security that should be taken into account. The security of a system must not be restricted to the individual components. It is also essential to ensure that the individual components are used in the right way to prevent some attacks on the system.

For every application the actual security requirements need to be specified by the customer, along with the needed security level for those targets. When the security requirements for the system are know the actual threats and required countermeasures can be determined by the customer.

This document provides some tips for implementing a certain level of security in systems specifically using MIFARE Classic cards. Several general suggestions on how to securely integrate contactless cards are provided in Reference [4]. These general guidelines are also applicable for MIFARE Classic and assumed to be known to the reader of this document. For this document the reader especially needs to be familiar with the principle and implementation of key diversification and cryptographic binding.

Some of the proposed measures in this document may be hard to implement in practice. This document is not meant to cover all possible threats specific to the use of MIFARE Classic, nor is it meant to cover all or the best countermeasures against the listed threats, nor is it meant to provide for a complete guidance on implementing the security level required by customer. Please also be aware of that these countermeasures can have side effects (e.g. on performance)