DESFire (Data Encryption Standard Fast Innovative Reliable and Secure), the full name is MIFARE  DESFire, which refers to a widely used and introduced in 2002 and is based on a core similar to SmartMX, an inexpensive memory chip made by NXP Semiconductors and used in contactless communication systems. The DESFire communicates on the 13.56 MHz frequency and is based on the ISO 14443 specification. DESFire performs encryption and authentication using the triple DES cryptographic algorithm and provides on-chip support for a variety of applications. The original MIFARE DESFire was discontinued in 2010.

In 2008 NXP updated the DESFire line to the DESFire EV1 with backwards compatibility, the new features include:

  • Support for random ID.
  • Support for 128-bit AES
  • Hardware and operating system are Common Criteria certified at level EAL 4+

In 2016 NXP introduced the MIFARE DESFire EV2 and announced with improved performance, security, privacy and multi-application support. New features include:

  • MIsmartApp enabling to offer or sell memory space for additional applications of 3rd parties without the need to share secret keys
  • Transaction MAC to authenticate transactions by 3rd parties
  • Virtual Card Architecture for privacy protection
  • Proximity check against relay attacks
  • Further read range

The MIFARE DESFire EV3 was publicly announced by NXP on 2 June 2020. The DESFire EV3 enhanced performance with a greater operating distance and improved transaction speed compared to its predecessors. A new Transaction Timer feature, which can be used to set a maximum time per transaction to help mitigate man-in-the-middle attacks.

The latest evolution of the MIFARE DESFire contactless IC family, broadly backward compatible. New features include:

  • ISO/IEC 14443 A 1–4 and ISO/IEC 7816-4 compliant
  • Common Criteria EAL5+ certified for IC hardware and software
  • NFC Forum Tag Type 4 compliant
  • SUN message authentication for advanced data protection within standard NDEF read operation
  • Choice of open DES/2K3DES/3K3DES/AES crypto algorithms
  • Flexible file structure hosts as many applications as the memory size supports
  • Proof of transaction with card generated MAC
  • Transaction Timer mitigates risk of man-in-the-middle attacks

Comparison Chart:

  MIFARE DESFire EV3 MIFARE DESFire EV2 MIFARE DESFire EV1
ISO/IEC 14443 A 1-4 Yes Yes Yes
ISO/IEC 7816-4 support Extended Extended Extended
EEPROM data memory 2/4/8KB 2/4/8/16/32KB 2/4/8KB
Flexible file structure Yes Yes Yes
NFC Forum Tag Type 4 Yes Yes Yes
Unique ID 7B UID or 4B RID 7B UID or 4B RID 7B UID or 4B RID
Number of applications As many as memory size supports As many as memory size supports 28
Number of files per app 32 32 32
Data rates supported Up to 848 Kbit/s Up to 848 Kbit/s Up to 848 Kbit/s
Crypto algorithms supported DES/2K3DES/
3K3DES/
AES128
DES/2K3DES/
3K3DES/
AES128
DES/2K3DES/
3K3DES/
AES128
CC certification (HW+SW) EAL 5+ EAL 5+ EAL 4+
Delegated Application Management (Multi-Application) Yes, preloaded keys Yes
SUN (Secure Unique NFC Message) Yes, compatible with NTAG DNA
Transaction MAC per app Yes Yes
Multiple keysets per app Up to 16 keysets Up to 16 keysets
Multiple file access rights Up to 8 keys Up to 8 keys
Inter-app file sharing Yes Yes  
Transaction Timer Yes
Virtual Card Architecture Yes Yes
Proximity Check Yes Yes
Delivery types Wafer, MOA4, MOA8,  1FF (ID-1) & 2FF (SIM) Wafer, MOA4, MOA8,  1FF (ID-1) & 2FF (SIM) Wafer, MOA4, MOA8,  1FF (ID-1) & 2FF (SIM)

 

Known hacks:

In October 2011 researchers of Ruhr University Bochum released a paper detailing a side-channel attack against the MIFARE DESFire (MF3ICD40), which was acknowledged by NXP. The paper demonstrated that MIFARE DESFire product-based cards could be easily emulated at a cost of approximately $25 in “off the shelf” hardware. The authors asserted that this side-channel attack allowed cards to be cloned in approximately 100 ms. Furthermore, the paper’s authors included hardware schematics for their original cloning device, and have since made corresponding software, firmware and improved hardware schematics publicly available on GitHub.

In October 2011 David Oswald and Christof Paar of Ruhr-University in Bochum, Germany, detailed how they were able to conduct a successful “side-channel” attack against the card using equipment that can be built for nearly $3,000. Called “Breaking MIFARE DESFire MF3ICD40: Power Analysis and Templates in the Real World”, they stated that system integrators should be aware of the new security risks that arise from the presented attacks and can no longer rely on the mathematical security of the used 3DES cipher. Hence, to avoid, e.g. manipulation or cloning of smart cards used in payment or access control solutions, proper actions have to be taken: on the one hand, multi-level countermeasures in the back end allow to minimize the threat even if the underlying RFID platform is insecure,” In a statement NXP said that the attack would be difficult to replicate and that they had already planned to discontinue the product at the end of 2011. NXP also stated “Also, the impact of a successful attack depends on the end-to-end system security design of each individual infrastructure and whether diversified keys – recommended by NXP – are being used. If this is the case, a stolen or lost card can be disabled simply by the operator detecting the fraud and blacklisting the card, however, this operation assumes that the operator has those mechanisms implemented. This will make it even harder to replicate the attack with a commercial purpose.”

 

Related Products

Related Articles

NXP Semiconductors Presents the MIFARE SAM AV3

January 12th, 2023|

Securing Connected Systems with NXP Semiconductors More and more of daily life has become contactless. As we navigate through our lives, people around the world use devices like smartphones, wearables and smart cards to do things like pay for purchases,

STMicroelectronics has released the next generation of its STPay system-on-chip (SoC) payment solution

October 22nd, 2019|

October 2019 -- STMicroelectronics has released the next generation of its STPay system-on-chip (SoC) payment solution, leveraging state-of-the-art technology to increase contactless performance and protection, reduce power demand, and significantly improve the user experience. A sample of "STPay-Topaz-1", the first

« Back to Glossary Index