DESFire

DESFire (Data Encryption Standard Fast Innovative Reliable and Secure) The full name is MIFARE  DESFire, which refers to a widely used and introduced in 2002 and is based on a core similar to SmartMX, an inexpensive memory chip made by NXP Semiconductors and used in contactless communication systems. The DESFire communicates on the 13.56 MHz frequency and is based on the ISO 14443 specification. DESFire performs encryption and authentication using the triple DES cryptographic algorithm and provides on-chip support for a variety of applications. The original MIFARE DESFire was discontinued in 2010.

In 2008 NXP updated the DESFire line to the DESFire EV1 with backwards compatibility, the new features include:

• Support for random ID.
• Support for 128-bit AES
• Hardware and operating system are Common Criteria certified at level EAL 4+

In 2016 NXP introduced the MIFARE DESFire EV2 and announced with improved performance, security, privacy and multi-application support. New features include:

• MIsmartApp enabling to offer or sell memory space for additional applications of 3rd parties without the need to share secret keys
• Transaction MAC to authenticate transactions by 3rd parties
• Virtual Card Architecture for privacy protection
• Proximity check against relay attacks
• Further read range

Known hacks:

In October 2011 researchers of Ruhr University Bochum announced that they had broken the security of MIFARE DESFire (MF3ICD40), which was acknowledged by NXP.

In April 2011, Ruhr University Bochum, led by Christof Paar, waited several months before publishing the attack. They publicly announced their results last month at a security conference in Japan.