The MIFARE® DESFire® EV3 - What's new?

In June 2020, NXP presented the third generation of the MIFARE® DESFire® chip for the first time. With the EV3, NXP sets new standards in security, connectivity and user convenience. Compared to its predecessors, the new member of the MIFARE family offers higher performance with greater read range and improved transaction speed. But perhaps the biggest innovation of the DESFire EV3 is in its security features.

Transaction Timer

The new Transaktions-Timer makes it possible to set a maximum duration per transaction for each application. If the timer expires before a transaction is completed, the changes are reset and the current transaction is cancelled. This function is used to defend against so-called man-in-middle attacks, in which an attacker intercepts data on the communication path between the reader and the transponder without being noticed and forwards it in a modified form. With this method, a hacker can also deliberately delay a transaction and keep the card in active status, even if it has already been removed from the reader. For example, he can gain access to public transport even though the ticket has already expired.

Secure Unique NFC (SUN)

Secure Unique NFC Message (SUN) is also one of the new security features of the EV3. Already known from the NTAG® 413 DNA chip, a unique code and a crypto-secure URL is generated for each tap, i.e. each time an NFC information is read out, which is attached to the NDEF message (the NFC information). The code can be transmitted directly to a backend server via the URL for verification. If it is unique and authentic, the confidentiality and integrity of the data is guaranteed. This procedure is the most secure form of communication between an NFC tag and an end device to date.

 

SmartCity Collage mit Stadtbild und Mensch

MIFARE 2GO

The MIFARE DESFire EV3 is compatible with NXP's new cloud-based service MIFARE 2GO. This manages digital authorisations and makes them accessible and usable for all NFC-enabled devices such as smartcards, smartphones, tags and wearables. With the right infrastructure, MIFARE 2GO allows users to upload new functions to their card, smartphone or watch on their own.

Natürlich ist der EV3 vollständig abwärts kompatibel und bringt alle Funktionen der vorherigen Generationen mit. Wie bereits beim EV2 ist die Sicherheit von Hard- und Software des neuen DESFire nach Common Criteria EAL 5+ zertifiziert. Es steht eine breite Auswahl an offenen Kryptoalgorithmen auf Basis des „Data Encryption Standard“ (DES) 2K3DES, 3K3DES oder des Advanced Encryption Standard (AES) zur Verfügung. Ein kartengenerierter MAC hilft zusätzlich bei der sicheren Authentifizierung von Transaktionen. Für die Abwehr von Delay-Angriffen ist auch der bekannte Proximity-Check mit dem MIFARE DESFire EV3 möglich.

Summary of the most important features

  • Transaction timer to defend against man-in-the-middle attacks
  • SUN (Secure Unique NFC) message authentication for enhanced data protection
  • Flexible file structure allows as many applications as memory size supports
  • NFC Forum Tag Type 4 compliant
  • Card-generated MAC for transaction authentication
  • Proximity check to prevent delay attacks

Typical applications

  • SmartCity
  • Public transport
  • Access management
  • Micropayment (in closed loops)
  • Campus cards, student cards and pupil cards
  • Customer cards / loyalty systems

picture credits

© metamorworks – stock.adobe.com