Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

NXP Announces New, More Secure Chip for Transport, Access Cards

According to the company, the chip is backward-compatible with the less-secure Mifare Classic chip, recently hacked by two research groups.
By Mary Catherine O'Connor
Mar 14, 2008NXP Semiconductors, a Philips spin-off, announced on Monday the completion of a new RFID chip designed for access control and payment applications. The chip, known as Mifare Plus, can support a number of data security protocols, including those employing advanced encryption standard (AES) encryption.

The new chip is backward-compatible with the Mifare Classic chip, introduced in 1994. The Classic chip uses proprietary cryptography that was recently hacked by two separate research teams by reverse-engineering the chip and uncovering the security algorithm it uses. A party who knows the Classic chips' security algorithm could use this information to clone RFID tags containing the chip—a weakness that could be exploited to make fake transit passes or unauthorized copies of key cards, in order to enter buildings. London's transit system uses the Classic Chip in its RFID-based Oyster transit cards (see RFID Payment Platforms Gaining Momentum), and Boston also sells transit cards carrying the Classic chip for riding its transit system, the T (see Smart Cards for Smart Commuters).

According to NXP, the Mifare Plus chip's backward-compatibility means issuers of transit cards, key cards and other products that use the Classic chip can introduce similar offerings containing the Mifare Plus chip without having to revoke or reissue cards that carry the Classic chip and are already in users' hands. To read the embedded RFID tags made with the Mifare Plus chip, however, users will need to upgrade their reader software.

An RFID interrogator can employ the AES encryption deployed on the Mifare Plus chip to authenticate that chip before accepting its data and triggering a function, such as opening a locked door or allowing a commuter to pass through a transit turnstile. A number of additional security features, through the support of secure random identifiers, can prevent individuals from being identified and tracked by nefarious parties with RFID readers, NXP reports.

The chip's encryption scheme uses a 128-bit key, whereas the Mifare Classic's security algorithm employs a 48-bit key. The larger an encryption key, the longer it will take hackers to determine the key through reverse engineering.

NXP declines to reveal pricing for the Mifare Plus chip, but a chip's price generally increases in step with its security features, so it will most likely cost more than the Classic chip. NXP says it will continue to manufacture and sell the Mifare Classic chip. Compared with other chips in the Mifare product family, the Classic supports the fewest security features. According to Manuel Albers, NXP's director of regional marketing in the Americas, the Plus is more secure than the Classic but less secure than the Mifare DESfire chip, which uses a very robust data protection scheme called triple-DES. All chips in the Mifare line are made for passive 13.56 MHz applications, compliant with the ISO 14443 air interface protocol.

Karsten Nohl, a graduate student at the University of Virginia's Department of Computer Science, was on a team of experts that cracked the Mifare Classic encryption method. Nohl presented the team's findings at a security conference in December, and said he expected NXP would soon announce a new chip with more robust security than the Classic, but less robust than the DESfire chip, thus making it still affordable for NXP customers who currently deploy millions of cards for transit and access applications that utilize the Classic chip.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

PREMIUM CONTENT
Case Studies Features Best Practices How-Tos
RFID JOURNAL EVENTS
Live Events Virtual Events Webinars
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL
JOIN THE CONVERSATION ON TWITTER
Loading
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations
© Copyright 2002-2016 RFID Journal LLC.
Powered By: Haycco