Making Mifare Safe

Feig Electronic has issued a press release indicating that although Mifare Classic chips have been hacked, systems using them can still be secured.
Published: July 25, 2008

A lot has been written about the fact that Henryk Plotz, a German researcher, and Karsten Nohl, a doctoral candidate in computer science at the University of Virginia, succeeded in breaking the security algorithm of the Mifare Classic chip from NXP Semiconductors (see NXP Announces New, More Secure Chip for Transport, Access Cards).

The Mifare Classic chip is used in RFID-based access control cards, as well as some payment cards around the world. This has raised concerns that a reasonably tech-savvy thief could clone an access-control card and walk into any government building or corporate office.

Not so fast!

Feig Electronic, a major manufacturer of RFID interrogators, claims there are ways to make Mifare systems safe. One option, the company explains, would be to make card cloning more difficult by connecting a card’s serial number to the data stored on that card, and encrypting this data with the host system. Thus, the data would not be directly readable, even if the Mifare Classic security key were known.

Another option, according to NXP, would be to encrypt the information stored on the card with a customized encryption key. Each card would be encrypted with an individual code. This method, the company reports, would prevent a thief from obtaining the codes for all cards once an individual card has been hacked.

Both methods would require additional programming, but they could prove to be useful options until customers are ready to upgrade to the new, more secure Mifare chip. Read the full press release here: Security of RFID Systems in Spite of Hacked Mifare-Classic RFID Chips.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark’s opinions, click here or here.