RFID Community in Asia
NXP's MIFARE Security Risk Due to Defective Chip
Monday, July 28, 2008
by Adi Tedjasaputra
RFID security experts have revealed that MIFARE Classic from NXP Semiconductors, poses security risk. The ICs, which are used in over than 1 billion contactless smart cards worldwide, according to NXP on its website, primarily rely on more than a decade old 48-bit MIFARE Crypto-1 algorithm to protect contactless smart card applications from cloning attempts and unauthorized access. After failing to stop publication of its cracked algorithm, NXP urges customers using any systems embedded with the ICs to upgrade or switch to a completely different chip with a higher security level.
When the researchers of the Digital Security group at Radboud University Nijmegen in the Netherlands exposed the security flaw in MIFARE Classic, NXP reacted by taking the researchers to court in an effort to stop the publication of a research paper detailing the security flaw to be presented in ESORICS 2008, Malaga, Spain this October.
A couple of weeks ago, a district court in Arnhem decided to overturn NXP's injunction to stop the publication. The court viewed that the paper publication detailing MIFARE Classic's security flaw does not result in damage to NXP. The production and marketing of the defective chip is NXP's own responsibility, according to the court ruling. The original court decision (in Dutch) is available for download.
The court decision has forced NXP to advise customers using MIFARE Classic chips to either upgrade their systems or switch to a completely different chip with a higher security level. All the systems using the chips, such as Oyster cards of London's s transport network and SmartRider of Perth's transport network in Western Australia, are affected by the security risk.
The revelation, however, does not seem to deter the confidence of London transport network authority with its 17 million Oyster Cards. Quoted by BBC News, a spokesman for Transport for London said: "Transport for London remains confident in the security of the Oyster card system. We take fraud and the security of personal data extremely seriously and constantly review our security procedures."He added: "Any fraudulent card would be identified within 24 hours of being used and blocked. Using a fraudulent card for free travel is subject to prosecution and we would seek to enforce this wherever possible."
The statement came one week after thousands of London commuters were unable to use their Oyster cards due to a computer system crash. Unfortunately, the system crashed again a few days ago.
Beside transport networks, many organisations have also deployed systems based on the chip to secure entry into buildings, including military installations. Recognizing the security risk posed by the chips, one European country has brought in soldiers to guard some government facilities using the MIFARE Classic chip in their smart door key cards last March.
The writer is the Founder of RFID Asia - The Prominent RFID Community in Asia.
Send your comments.
Labels: card, chip, mifare, nxp, rfid, risk, security, smart, smartcard
Read more »
Indonesia to Play Fuel Smart Card
Monday, May 12, 2008
by Adi Tedjasaputra
After recently announcing the plan to raise the price of fuel, the Indonesian government spearheaded by Downstream Oil and Gas Regulator (BPH Migas) has confirmed the roll out plan of a Fuel Smart Card programme in September. After securing Rp 300 billion ($32.6 million) from the state budget approved by the Finance Ministry and endorsement from the Energy and Mineral Resources Ministry, BPH Migas has announced a tender for the procurement process.
The tender for the procurement process, which is expected to last for 45 days, has started last Wednesday, as reported by Media Indonesia when quoting the Minister of Energy and Mineral Resources, Purnomo Yusgiantoro. The winner of the tender will have 80 days to implement the programme, so the Fuel Smart Card programme can run from September 2008.
The Fuel Smart Card programme that aims to limit the consumption of subsidized fuel has been mulled over since last year and delayed, but it was only recently when the oil price shot up, threatened the economic growth and state budget spending, the Indonesian government decided to move forward with the programme.
In the programme, a smart card in a size of credit card and printed with a bar code will be attached to a location on a vehicle, depending whether it is a public bus, motorcycle or private car. Before filling up the tank, a fuel station officer should scan the smart card with a reader. A successful reading of the smart card will result in the vehicle registration number and its fuel quota data to be displayed on a monitor installed at the station. Based on the reading, the vehicle's owner can only buy fuel according to the remaining quota.Similar to the parking pilot project programme executed by the Jakarta City Administration in 2003 and the Fuel Smart Card programme in Tehran, Iran, the Indonesian Fuel Smart Card programme, which is currently on trial, still relies heavily on the readiness of stakeholders involved. The Jakarta City Administration abandoned the parking pilot project after the project was swamped by operational problems in 2003, while the introduction of Fuel Smart Card programme in Tehran sparked violence last year. In both cases, the stakeholders were not ready to accept the introduced systems.
Fortunately, the Indonesian government still has a chance to learn from the past and make a better decision in the Fuel Smart Card programme. There is still a room for improvement on the programme that can ease the transition from the current system and prepare all stakeholders involved to achieve the best results.
The writer is the Founder of RFID Asia - The Prominent RFID Community in Asia.
Send your comments.
Labels: card, fuel, indonesia, project, rfid, smart, smartcard, tender
Read more »
Jakarta Streets to Pave Way for Smart Card Déjà Vu
Monday, May 05, 2008
by Adi Tedjasaputra
Self-serve Parking Payment is the latest buzz on the streets of Jakarta, Indonesia. Promoted by the Jakarta City Administration and the Jakarta City Parking Agency, a new electronic payment system is still currently under review. The new system is expected to enable motorists pay for parking fees with the use of Smart Cards.
"The new system will require Smart Cards. People will just swipe their card through a machine on the street to pay parking fees," said the agency's Deputy Head, Udar Pristono as quoted by The Jakarta Post last week.
Smart Card was first introduced as a technology that requires a contact area to transfer electrical power and communicate with Smart Card Reader. In the evolution of Smart Card, Contactless Smart Card was introduced. Using inductive coupling technology, Contactless Smart Card can transfer energy from a Smart Card Reader and activate the chip in a Smart Card without the need of physical contact.
déjà vu
/day&ulzh;aa voo/
· noun a feeling of having already experienced the present situation.
— ORIGIN French, ‘already seen’.
Compact Oxford English Dictionary
/day&ulzh;aa voo/
· noun a feeling of having already experienced the present situation.
— ORIGIN French, ‘already seen’.
Compact Oxford English Dictionary
For the patrons of some streets in Jakarta, Smart Cards are not new. In 2003, the Jakarta City Administration appointed PT Adiwira Sembada as the sole contractor to run a parking pilot programme in several streets in Jakarta, while a Singapore-based company, Epecom Technology & Distribution Pte Ltd, formerly known as Gimexore Private Limited, provided full system integration for the pilot programme. In addition, INSIDE Contactless, which is headquartered in France, supplied Smart Card chip PicoTag and contactless springboard modules Hand'IT for handheld readers.Swamped by operational problems, the pilot programme using Smart Cards known as "Kartu Kontan" was eventually declared as a total failure. The Jakarta City Administration officially terminated the operational collaboration between the Jakarta City Parking Agency and PT Adiwira Sembada in November 2003 after about six months of pilot programme launching. The equipments that cost about $2,000 per unit were rendered useless.
This year, with a new concept of "two parking operators, one parking system", the Jakarta City Administration will likely to appoint two private parking operators. The two operators, one of them is PT Adiwira Sembada, were recommended by the Jakarta City Council to manage parking in Jakarta streets, as reported by The Jakarta Post in January.
The new self-serve parking payment system operated by the two parking operators is expected to increase revenue of the Jakarta City Administration from parking fees. For the operation of the new parking management units, the Jakarta City Administration has initially allocated Rp 40 billion ($4.3 million) budget.
The writer is the Founder of RFID Asia - The Prominent RFID Community in Asia.
Send your comments.
Labels: card, indonesia, jakarta, parking, payment, rfid, smart, smartcard, technology
Read more »
RFID Asia on Facebook
RFID Asia Journals
- This blog has moved
- Five Reasons for RFID in Your Library
- So You Want RFID in Your Library?
- RFID Library Security System
- Windows 7: Promising Sensor and Location Platfom?
- RFID Tag cum Reader for Apple iPhone 4G?
- Convergence Systems Limited to provide RFID equipm...
- London Underground use Confidex Ironside Tag on Es...
- Confidex Introduces On-Metal RFID Tag for IT Asset...
- New Ez-Link Contactless Smart Cards Converge Trans...
QR Code
