FAQs on the security of MIFARE Classic®
What is exactly the discussion around MIFARE Classic®?
A: NXP has come to the conclusion that up to date 3 research groups have retrieved the algorithm and developed attacks to break keys of MIFARE Classic product-enabled cards within seconds. These are the group around Karsten Nohl and Henryk Ploetz, who initially presented the reverse engineering of MIFARE Classic chips in December 2007 at the 24th Chaos Computer Congress in Berlin, the IT security specialists from the Radboud University of Nijmegen as well as Nicolas T. Courtois from the University College London.
The Nijmegen University presented a publication during a conference on October 6th, with information on how the protocol and algorithm were reverse engineered and the description of some practical attacks which can be carried out with limited means. On the same day Henryk Ploetz published a modified version of his master thesis containing detailed information on attacks on the internet.
What does this mean for my system? Is it possible that the cards of my system can be cloned?
A: Whether or not a card can be cloned depends on how the system is designed. There are countermeasures possible which limit the risk, but it cannot be fully excluded. However, NXP expects that in many systems no or little of such countermeasures are actually implemented.
How is NXP going to prevent harmful publications?
A: We have clearly explained to all research groups the potential risks that such publications would entail. In order to allow our customers a reasonable time for appropriate system security updates, we tried to delay the publication planned by the University of Nijmegen with an injunction. However, the court in Arnhem decided per July 18th to allow the publication, which took place on Oct. 6th 2008 in the interest of freedom of speech.
Subsequently, code information has been revealed to the public anonymously on various websites, which significantly facilitates attacks on MIFARE Classic® product-based cards and infrastructures. NXP is trying to prevent these publications but due to the nature of internet it is to be expected that such an effort does not meet much success.
The NXP solutions are protected by many intellectual property rights of different nature. Should it appear that any NXP rights (in the broadest sense of the word) have been illegally compromised, NXP will immediately take the appropriate action.
Which products of the MIFARE® family are referred to?
A: The attacks exclusively refer to NXP’s MIFARE Classic® chips comprising the MIFARE Mini®, the MIFARE Classic® with 1k and the MIFARE Classic® with 4k memory as well as its implementations. The attacks do not refer to other MIFARE® products like MIFARE® DESFire®, MIFARE Ultralight® or MIFARE Plus®. It also refers to the MIFARE Classic® implementations made by licensees.
When did NXP know of the MIFARE Classic® attack and what did you do about it?
A: We learned of the hack on the 31st December 2007 and immediately assembled a task force to deal with the issue. We have been assessing various implications of the vulnerabilities and been in contact with system integrators since then. NXP is also in direct contact with the research groups and has evaluated their attacks. Although not all vulnerabilities in MIFARE Classic® product-based infrastructures can be fixed short-term, we identified countermeasures to make the attacks more difficult in order to strengthen the end-to-end security of existing designs, shared these with our partners and continue to do so.
We are happy to provide such Application Notes to the interested parties (such as system integrators and service operators) under a Non-Disclosure Agreement.
I am using MIFARE Classic® in my infrastructure. What shall I do to prevent any security issues?
A: Please contact your system integrator as soon as possible to assess whether your systems would need any additional security measures in the light of the above.
What do you recommend for existing installations using MIFARE Classic®?
A: In general, NXP recommends extensive additional protection mechanisms in MIFARE Classic® product-based infrastructures, both on how the data on the card is used as well as deploying additional security layers separate from the card. The system integrators who have designed MIFARE Classic® product-based installations should review them in light of the existing vulnerabilities, in light of the value of the assets that are protected and in relation to other means of protection and fraud detection in place. Thus they can judge if these systems can remain as they are, if they would require additional measures or if a security upgrade is needed.
Can NXP fix the compromised infrastructures?
A: NXP’s expertise is the design and manufacturing of chips; although we do not design end to end security systems, we would be happy to continuously support your system integrator so that the best solutions are reached.
What does that mean exactly for transport ticketing infrastructures?
A: It is our assessment that for transport ticketing installations, end-to-end security systems can be designed with the MIFARE Classic® chip such that the residual risk of fraud not being detected in time can be reduced. Whether or not those scenarios are acceptable in the individual risk assessment depends on the assets to be protected which only the owner of the system and their system integrator can determine.
What does that mean exactly for access management systems?
A: End to end measures should also be applied for access management infrastructures, which are typically complemented by additional measures e.g. camera surveillance, security personnel, etc. when valuable assets need to be protected. We recommend that the assessment of the impact of the recent and expected developments takes into account the particular way that the system is implemented and used, its relation to other protection in place, and specifically whether there is a need to prevent unauthorized single time access or access during a limited period of time.
Depending on the specific situation in existing MIFARE Classic® product-based access management infrastructures the usage of more sophisticated card ICs may be an alternative to implementing sufficient countermeasures. MIFARE Plus® and MIFARE® DESFire® are our recommended solutions for new access management implementations where a strong level of security is required to protect against a one time unauthorized access.
What will NXP do to prevent attacks from hackers?
A: Attacks targeting IC security are part of the normal lifecycle of security products, like viruses on computers. NXP is continuously improving the security level of existing product ranges as well as creating new product ranges with security, e.g. the MIFARE® DESFire® or the MIFARE Plus® chip. Both MIFARE Plus® and our product MIFARE® DESFire® ICs offer strong AES encryption and are certified by the internationally recognized 3rd party Common Criteria security certification.