User's Manual
HF Mifare Easy Module V1.0
ACG Identification Technologies GmbH 58
8.4 How safe is Mifare
®
Standard for cashless payment?
Security is always a property of the overall system, not of the components. It requires
careful design.
A properly designed system will require ALL barriers to be hacked in order to be
broken.
For good design start specifying feasible attacks. Then create barriers to block them.
Mifare
®
was specifically designed for cashless payment applications. The Mifare
®
concept provides following barriers:
•
Anticollision/-selection
•
Atomic value transaction
•
Ciphered communication
•
Storage of values and data protected by mutual authentication
•
Weak field keys that allow decrement only
•
Stored keys in the reader that are not readable
•
Keys in the card that are not readable
•
A brute force attack by trying different keys is limited by the transaction time
(several msec) of the card and would last virtually forever.
•
etc.
The Application can and should provide more barriers:
•
Sector access conditions. It is possible to assign access conditions in a way
that only decrementing of values is allowed with the keys used in the field. So
even a manipulated field station cannot be used to charge cards with
additional values. As a rule, key A is used as a field key, allowing decrement
and read only, and key B to format the card or charge values.
•
Diversified keys. To make life even harder for attackers, keys can be modified
using serial number and memory content of the card. So each card uses
different keys and a listening attack on the reader interface would be
hopeless.
•
Limiting cash volume stored on a card
•
Do not use the transport keys (keys as programmed after delivery) for ticketing
applications!
•
Ciphered and scrambled data storage
•
Sabotage alarm
•
etc.
•
Even higher security with contactless controller cards like DESFire,
MifareProX, Smart MX etc.