Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Access This Premium Content

Options To Access This Article:

What Subscribers Are Saying

  • "Probably the best investment I've ever made."
    Steve Meizlish, President & CEO, MeizCorp Services, Inc.
  • "I have found that RFID Journal provides an objective viewpoint of RFID. It you are looking for a resource that provides insights as to the application and implications of deploying RFID, RFID Journal will meet your needs, It gives you a broad perspective of RFID, beyond the retail supply chain."
    Mike O'Shea, Director of Corporate AutoID/RFID Strategies & Technologies, Kimberly-Clark Corp.
  • "No other source provides the consistent value-added insight that Mark Robert and his staff do. In a world dominated by press release after press release, RFID Journal is developing as the one place to go to make the most sense out of the present and future of RFID in commerce."
    Bob Hurley, Project Leader for RFID, Bayer HealthCare's Consumer Care Division
  • "RFID Journal is the one go-to source for information on the latest in RFID technology."
    Bruce Keim, Director, Hewlett-Packard
  • "RFID Journal is the only source I need to keep up to the minute with the happenings in the RFID world."
    Blair Hawley, VP of Supply Chain, Remington Products Company

Behind the Headlines

Mifare hacking will not halt contactess ticketing for transportation systems.
By Jonathan Collins
Oct 01, 2008—In March 2008, the Digital Security research group of Radboud Uni­versity Nijmegen in the Netherlands announced that it had cloned and manipu­lated the contents of a contactless card using NXP's Mifare Classic chip. In June, the same group claimed it had cloned a London Transport Oyster card, which employs the same technology, and used it to make trips on the system without paying. More than 16 million Oyster cards have been issued in the United Kingdom since the system was launched in 2003, with millions of people dependent on the contactless tickets to get them around the capital.

Both incidents re­sulted in news stories predicting major woes for contactless ticketing. Given the popularity of the Mifare Classic platform for transportation applications around the world—roughly 2 billion integrated circuits (ICs) have been shipped—we can expect to hear more of these stories. But while any breach of security is a concern, and the cloning of the Oyster card is no exception, a system's security level is based on a number of checks, as well as design choices. One key choice is balancing technology costs with security requirements for each element of the system.

Transportation ticketing systems do not involve high-value sums when it comes to single trips—even in London! So Mifare—the lowest security level that NXP offers in its contactless portfolio and, accordingly, the lowest-priced IC it sells—makes sense. Ticketing systems employ more than just the entry/exit gates to ensure customers pay their fares. There are back-office checks that operate in real time, and Transport for London (TfL), the government body responsible for the citywide transportation system, maintains it can catch any cloned card at one of its gates within a few attempts.

TfL adopted contactless ticketing to help reduce fare evasion, but the automated system also gets people through the ticket barriers much faster than older magnetic-stripe tickets, and the reusable tickets reduce the cost and waste of issuing paper tickets for each trip. All told, that puts the benefits of Mifare ticketing systems ahead of any threat from cloning. In addition, Mifare Plus, with a new strengthened security encryption, is due by year's end.

While the cracking of Mifare is unlikely to push any transportation operator to stop using or considering contactless ticketing, it may prompt a discussion about the future of contactless systems. Transportation companies are not particularly interested in printing and managing contactless tickets. If they could increase ticket security and offload ticket management to others, all the better.

The "others" are the banks and credit card companies promoting contactless credit and debit cards, such as MasterCard's PayPass or Visa's payWave. Transportation operators have the option to move from a closed payment system based on Mifare to one that accepts payments from those cards directly. Such a step could mean real benefits for commuters—but, so far, it's the Mifare breach that makes the best headlines.

Jonathan Collins, former RFID Journal European editor, is now a principal analyst with ABI Research. Based in London, his focus is on RFID and contactless commerce.
To continue reading this article, please log in or choose a purchase option.

Option 1: Become a Premium Member.

One-year subscription, unlimited access to Premium Content: $189

Gain access to all of our premium content and receive 10% off RFID Reports and RFID Events!

Option 2: Purchase access to this specific article.

This article contains 504 words and 1 page. Purchase Price: $19.99

Upgrade now, and you'll get immediate access to:

  • Case Studies

    Our in-dept case-study articles show you, step by step, how early adopters assessed the business case for an application, piloted it and rolled out the technology.

    Free Sample: How Cognizant Cut Costs by Deploying RFID to Track IT Assets

  • Best Practices

    The best way to avoid pitfalls is to know what best practices early adopters have already established. Our best practices have helped hundreds of companies do just that.

  • How-To Articles

    Don’t waste time trying to figure out how to RFID-enable a forklift, or deciding whether to use fixed or mobile readers. Our how-to articles provide practical advice and reliable answers to many implementation questions.

  • Features

    These informative articles focus on adoption issues, standards and other important trends in the RFID industry.

    Free Sample: Europe Is Rolling Out RFID

  • Magazine Articles

    All RFID Journal Premium Subscribers receive our bimonthly RFID Journal print magazine at no extra cost, and also have access to the complete online archive of magazine articles from past years.

Become a member today!

RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations