Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

RFID Journal Blog

BlogsRFID Journal BlogMaking Mifare Safe

Making Mifare Safe

Feig Electronic has issued a press release indicating that although Mifare Classic chips have been hacked, systems using them can still be secured.
Posted By Mark Roberti, 07.25.2008
A lot has been written about the fact that Henryk Plotz, a German researcher, and Karsten Nohl, a doctoral candidate in computer science at the University of Virginia, succeeded in breaking the security algorithm of the Mifare Classic chip from NXP Semiconductors (see NXP Announces New, More Secure Chip for Transport, Access Cards).

The Mifare Classic chip is used in RFID-based access control cards, as well as some payment cards around the world. This has raised concerns that a reasonably tech-savvy thief could clone an access-control card and walk into any government building or corporate office.

Not so fast!

Feig Electronic, a major manufacturer of RFID interrogators, claims there are ways to make Mifare systems safe. One option, the company explains, would be to make card cloning more difficult by connecting a card's serial number to the data stored on that card, and encrypting this data with the host system. Thus, the data would not be directly readable, even if the Mifare Classic security key were known.

Another option, according to NXP, would be to encrypt the information stored on the card with a customized encryption key. Each card would be encrypted with an individual code. This method, the company reports, would prevent a thief from obtaining the codes for all cards once an individual card has been hacked.

Both methods would require additional programming, but they could prove to be useful options until customers are ready to upgrade to the new, more secure Mifare chip. Read the full press release here: Security of RFID Systems in Spite of Hacked Mifare-Classic RFID Chips.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark's opinions, click here or here.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Next Post
Accusations of Anti-RFID Bias Are Deserv...
Previous Post
New Research Papers from the University ...
Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations