Transport and Payment

MIFARE™ — quickly make your ideas a reality
-World’s most widely adopted contactless technology — MIFARE is everywhere!
-Open platform for speed, security, and privacy
-Complete family: MIFARE Classic, MIFARE Plus, MIFARE DESFire EV1, MIFARE Ultralight™ (C), MIFARE emulations
-Smallest, thinnest contactless module (MOA8)

Leading in multi-applications for public transport and payment
-World’s first banking card with MIFARE DESFire EV1 emulation
-The convenience of transport AND payment (MasterCard® PayPass™)
-Full transport/payment convergence portfolio: PayPass™ plus MIFARE Classic and MIFARE DESFire EV1

Mifare Card Operation: The Mifare 1K card has its 1 Kbyte memory arranged as 16 sectors, each with 4 blocks of 16 bytes. The last block in each sector stores two keys, A and B, which are used to access (depending on the access conditions also set in this block) the other data blocks. The Mifare reader interacts with the card as follows; 1) Select card (ISO 14443 allows multiple cards in its field), 2) Log-in to a sector (by providing key A or key B) and 3) Read, Write, Increment, or Decrement a block (must conform to the access conditions). The Increment and Decrement operations allow the block to be treated as an electronic purse.
Mifare (In)security Update
Mifare: Little Security, Despite Obscurity was the title of the paper given at the 24th Congress of the Chaos Communication Congress that took place in Berlin on the 28th December 2007. Given by Karsten Nohl (University of Virginia) and Henryk Plötz but also involving Starbug from the Chaos Computer Club the presentation gave a
first hand account of reverse engineering the Crypto-1 algorithm employed in the Mifare RFID chips. These chips are widely used particularly in the mass transit area such as the London transport Oyster card and the ITSO cards deployed across Scotland and as also proposed for the new Dutch National public transport smart card
scheme (OV chipcard). David Everett

Smart Card & Identity
It is important to note that the cryptographic interchange takes place between the reader and the card and more precisely between the Mifare chip in the reader and the Mifare chip in the card. The terminal has to present the appropriate key to the reader and normally this key would be derived from a Master key stored in a Secure Access Module (SAM) at the terminal. The card ID and parameters, which are unique to each card, can act as the derivation factor. This means that each card is using a different key set to protect a particular sector. Breaking an individual card will not reveal the Master keys. The Login process referred to above implements a mutual authentication process (a challenge/response mechanism) which then sets up an encrypted channel between the card and the reader using Philips proprietary Crypto-1 algorithm. These security services operate at the RF (Radio Frequency) level and cannot provide any cryptographic audit trail. In essence this means that you must trust the terminal but more particularly you have no evidence if it misbehaves.
Mifare Vulnerabilities: The threats to the Mifare scheme are in three areas;
1) Attacker breaks the cryptographic algorithm,
2) Attacker implements a key exhaustion attack
3) Attacker obtains the cryptographic keys.
The scheme opens up an additional vulnerability in that Mifare cannot provide secure messaging. In other words because the Mifare chip doesn’t have a CPU it can’t cryptographically protect transactions for confidentiality, data integrity, or authentication on any form of end to end basis. This also means that message replays and deletions cannot be detected which is fundamental to most security schemes.