by Adi Tedjasaputra

RFID security experts have revealed that MIFARE Classic from NXP Semiconductors, poses security risk. The ICs, which are used in over than 1 billion contactless smart cards worldwide, according to NXP on its website, primarily rely on more than a decade old 48-bit MIFARE Crypto-1 algorithm to protect contactless smart card applications from cloning attempts and unauthorized access. After failing to stop publication of its cracked algorithm, NXP urges customers using any systems embedded with the ICs to upgrade or switch to a completely different chip with a higher security level.

When the researchers of the Digital Security group at Radboud University Nijmegen in the Netherlands exposed the security flaw in MIFARE Classic, NXP reacted by taking the researchers to court in an effort to stop the publication of a research paper detailing the security flaw to be presented in ESORICS 2008, Malaga, Spain this October.

A couple of weeks ago, a district court in Arnhem decided to overturn NXP's injunction to stop the publication. The court viewed that the paper publication detailing MIFARE Classic's security flaw does not result in damage to NXP. The production and marketing of the defective chip is NXP's own responsibility, according to the court ruling. The original court decision (in Dutch) is available for download.

The court decision has forced NXP to advise customers using MIFARE Classic chips to either upgrade their systems or switch to a completely different chip with a higher security level. All the systems using the chips, such as Oyster cards of London's s transport network and SmartRider of Perth's transport network in Western Australia, are affected by the security risk.

The revelation, however, does not seem to deter the confidence of London transport network authority with its 17 million Oyster Cards. Quoted by BBC News, a spokesman for Transport for London said: "Transport for London remains confident in the security of the Oyster card system. We take fraud and the security of personal data extremely seriously and constantly review our security procedures."

He added: "Any fraudulent card would be identified within 24 hours of being used and blocked. Using a fraudulent card for free travel is subject to prosecution and we would seek to enforce this wherever possible."

The statement came one week after thousands of London commuters were unable to use their Oyster cards due to a computer system crash. Unfortunately, the system crashed again a few days ago.

Beside transport networks, many organisations have also deployed systems based on the chip to secure entry into buildings, including military installations. Recognizing the security risk posed by the chips, one European country has brought in soldiers to guard some government facilities using the MIFARE Classic chip in their smart door key cards last March.

The writer is the Founder of RFID Asia - The Prominent RFID Community in Asia.


Send your comments.

Labels: card, chip, mifare, nxp, rfid, risk, security, smart, smartcard

Read more »

 

STMicroelectronics has introduced a UHF (Ultra-High Frequency) contactless memory chip, compliant with the latest Electronic Product Code™ (EPC) specifications.

The new XRAG2 builds on its predecessor (XRA00)for Very Long Range RFID systems and operates at a range of UHF frequencies from 860 to 960MHz. This frequency agility ensures the same tag can be applied and read at any place in the world, regardless of the geographically varying wireless regulations.

The XRAG2 features an anti-collision mechanism that allows the reader to detect and correctly identify all tags in its operating range. Designed for the noisy and unpredictable radio conditions typical of RFID applications, ST devices use a tag-unique selection based on a 16-bit random handle.

The Generation 2 specifications also optimize system performance in different reader environments. At facilities with more than 10 readers, XRAG2 chips are capable of operating in the dense-reading mode, which minimizes interference by allowing readers to transmit within a different sub-band from the one within which the tags respond.

The XRAG2’s security mechanisms include password-protection against tampering and the KILL command that supports disabling tags in the field so their data can never again be accessed. The ability to permanently deactivate a tag is vital in satisfying consumer privacy concerns. For example, the KILL command could be executed when the tagged item is purchased by a consumer, thereby disabling future tracking.

The XRAG2 is a 432-bit memory offering two possible configurations, thus allowing the tag to store dedicated industrial codes: three memory banks (64 bits TID, 304 bits for EPC code and 64 bits reserved), or four memory banks (128 bits user, 64 bits TID, 176 bits for EPC code and 64 bits reserved).

Developed using a highly reliable and mature CMOS technology with embedded EEPROM, the XRAG2 is well-suited to high-volume, cost-driven markets. Its non-volatile memory technology features 40-year data retention and more than 10,000 Write/Erase cycles to support the requirements of long-life applications.

Engineering samples of the XRAG2 are now with key partners, with full sample availability within the next few weeks and volume production expected by December 2005. The device is priced at $0.07 in 100,000 unit quantities. The product can be ordered in thin un-sawn wafers, or in bumped and sawn wafers.

Labels: 2.0, chip, epcglobal, privacy, reader, rfid, security, stmicro, tag, technology, tracking

Read more »

 

A vision of developing the smallest RFID chips with a competitive price has never been stronger than ever in Asia.

After the release of Japanese Hitachi's µ-Chip as the smallest RFID chip in the world, Silicon Craft Technology Co.,Ltd. in Thailand claims its readiness to work on the world's smallest microchip with a competitive price of 2 Thailand Bath each.

Competing with the size of the current smallest RFID chip in the world, the new chip is just 0.30 millimeters square compared with Hitachi's 0.40 millimeters square µ-Chip, according to the Silicon Craft Technology's Managing Director.

Labels: 2.0, chip, rfid, technology, thailand

Read more »

 

Fujitsu has added an RFID tag chip with 256B of FRAM with a clock speed of 13.56MHz, a communication range of 70cm and a data speed of 26.48Kbps. The chip is sample-priced at ¥50.

Labels: chip, fujitsu, rfid, tag, technology

Read more »

 

RFID Asia on Facebook