The MIFARE® DESFire® EV3 - What's new?
In June 2020, NXP presented the third generation of the MIFARE® DESFire® chip for the first time. With the EV3, NXP sets new standards in security, connectivity and user convenience. Compared to its predecessors, the new member of the MIFARE family offers higher performance with greater read range and improved transaction speed. But perhaps the biggest innovation of the DESFire EV3 is in its security features.
The new Transaktions-Timer makes it possible to set a maximum duration per transaction for each application. If the timer expires before a transaction is completed, the changes are reset and the current transaction is cancelled. This function is used to defend against so-called man-in-middle attacks, in which an attacker intercepts data on the communication path between the reader and the transponder without being noticed and forwards it in a modified form. With this method, a hacker can also deliberately delay a transaction and keep the card in active status, even if it has already been removed from the reader. For example, he can gain access to public transport even though the ticket has already expired.
Secure Unique NFC (SUN)
Secure Unique NFC Message (SUN) is also one of the new security features of the EV3. Already known from the NTAG® 413 DNA chip, a unique code and a crypto-secure URL is generated for each tap, i.e. each time an NFC information is read out, which is attached to the NDEF message (the NFC information). The code can be transmitted directly to a backend server via the URL for verification. If it is unique and authentic, the confidentiality and integrity of the data is guaranteed. This procedure is the most secure form of communication between an NFC tag and an end device to date.
The MIFARE DESFire EV3 is compatible with NXP's new cloud-based service MIFARE 2GO. This manages digital authorisations and makes them accessible and usable for all NFC-enabled devices such as smartcards, smartphones, tags and wearables. With the right infrastructure, MIFARE 2GO allows users to upload new functions to their card, smartphone or watch on their own.
Of course, the EV3 is fully backwards compatible and brings with it all the functions of the previous generations. As with the EV2, the security of the hardware and software of the new DESFire is certified according to Common Criteria EAL 5+. A wide selection of open cryptographic algorithms based on the Data Encryption Standard (DES) 2K3DES, 3K3DES or the Advanced Encryption Standard (AES) is available. A card-generated MAC additionally helps with the secure authentication of transactions. For the defence against delay attacks, the well-known proximity check is also possible with the MIFARE DESFire EV3.
Summary of the most important features
- Transaction timer to defend against man-in-the-middle attacks
- SUN (Secure Unique NFC) message authentication for enhanced data protection
- Flexible file structure allows as many applications as memory size supports
- NFC Forum Tag Type 4 compliant
- Card-generated MAC for transaction authentication
- Proximity check to prevent delay attacks
- Public transport
- Access management
- Micropayment (in closed loops)
- Campus cards, student cards and pupil cards
- Customer cards / loyalty systems
© metamorworks – stock.adobe.com