A secure design on mifare classic cards for ensuring contactless payment and control services

dc.citation.epage28
dc.citation.issue1
dc.citation.spage22
dc.contributor.affiliationGebze Technical University, Kocaeli, Turkey
dc.contributor.affiliationKonfides Information Technologies, Istanbul, Turkey
dc.contributor.affiliationBeykent University, Istanbul, Turkey
dc.contributor.authorKose, Busra Ozdenizci
dc.contributor.authorUluoz, Hakan
dc.contributor.authorCoskun, Vedat
dc.coverage.placenameЛьвів
dc.coverage.placenameLviv
dc.date.accessioned2023-04-21T08:27:16Z
dc.date.available2023-04-21T08:27:16Z
dc.date.created2022-06-06
dc.date.issued2022-06-06
dc.description.abstractToday, various contactless smart cards are used to protect our personal information and to perform secure and fast transactions. Many contactless smart card applications are becoming commonplace, from corporate access control cards to electronic passports and financial payment. There is a wide variety of smart cards on the market that differ in size, chasis, memory, computing power, and even the security features they provide. Although MIFARE Classic cards, which are used in many areas due to their price performance, meet certain security and functional needs, the weaknesses of these cards have made the applications and systems they are used in question. The aim of this study is to introduce a new design on MIFARE Classic contactless cards that will eliminate the basic shortcomings with minimum impact, and to perform high-security payment transactions using these cards, which do not support high-security payment transactions in their basic design. By using flexible data organization and storage scheme, their sector structure can be used for different purposes. The proposed new design includes derivation of critical card data by using cardspecific information which ensures that the keys that provide access to the sectors of card are different on all cards; protection of card information through a certificate mechanism; usage of a new data structure with mirroring and redundancy methods to ensure data integrity and provide a server-side authentication mechanism for online transactions. It is possible that the proposed new design will pave the way for the secure use of MIFARE Classic cards in new generation payment and control systems.
dc.format.extent22-28
dc.format.pages7
dc.identifier.citationKose B. O. A secure design on mifare classic cards for ensuring contactless payment and control services / Busra Ozdenizci Kose, Hakan Uluoz, Vedat Coskun // Advances in Cyber-Physical Systems. — Lviv : Lviv Politechnic Publishing House, 2022. — Vol 7. — No 1. — P. 22–28.
dc.identifier.citationenKose B. O., Uluoz H., Coskun V. (2022) A secure design on mifare classic cards for ensuring contactless payment and control services. Advances in Cyber-Physical Systems (Lviv), vol. 7, no 1, pp. 22-28.
dc.identifier.doihttps://doi.org/10.23939/acps2022.01.022
dc.identifier.urihttps://ena.lpnu.ua/handle/ntb/57969
dc.language.isoen
dc.publisherВидавництво Львівської політехніки
dc.publisherLviv Politechnic Publishing House
dc.relation.ispartofAdvances in Cyber-Physical Systems, 1 (7), 2022
dc.relation.references[1] ISO/IEC 14443. Identification cards - Contactless integrated circuit(s) cards – Proximity cards (2001). Available at: https://www.iso.org/standard/28729.html
dc.relation.references[2] K. Finkenzeller, (2010). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication (3rd ed.) DOI: 10.1002/9780470665121
dc.relation.references[3] K. Finkenzeller, (2003). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification (2nd ed.). DOI: 10.1002/0470868023.
dc.relation.references[4] B. B. Gupta and S. Narayan, (2020). “A survey on contactless smart cards and payment system: technologies, policies, attacks and countermeasures”, Journal of Global Information Management (JGIM), 28(4), pp. 135–159. DOI: 10.4018/JGIM.2020100108.
dc.relation.references[5] Mifare Classic Family. Available at: https://www.mifare.net/en/products/chip-card-ics/mifare-classic/ (Accessed: 23 March 2022).
dc.relation.references[6] F. D. Garcia, G. D. Koning Gans, R. Muijrers, P. V. Rossum, R. Verdult, R. W. Schreur, and B. Jacobs, “Dismantling MIFARE classic”, in Proc. European symposium on research in computer security, 2008, pp. 97–114. DOI: 10.1007/978-3-540-88313-5_7
dc.relation.references[7] G. D. Koning Gans, J. H. Hoepman, and F.D. Garcia, “A practical attack on the MIFARE Classic”, in Proc. International Conference on Smart Card Research and Advanced Applications, 2008, pp. 267–282. DOI: 10.1007/978-3-540-85893-5_20.
dc.relation.references[8] W. H. Tan, “Practical attacks on the Mifare Classic. M.S. thesis”, Imperial College London, 2009. Available at: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.739.1658&rep=rep1&type=pdf (Accessed: 23 March 2022).
dc.relation.references[9] K. Nohl, and H. Plotz, “MIFARE: Little Security, Despite Obscurity”. Presented at 24th Congress of the Chaos Computer Club in Berlin, 2007. Available at: https://www.youtube.com/watch?v=QJyxUvMGLr0 (Accessed: 23 March 2022).
dc.relation.references[10] F. D. Garcia, P. Van Rossum, R. Verdult, and R. W. Schreur, “Wirelessly pickpocketing a Mifare Classic card”, in Proc. 30th IEEE Symposium on Security and Privacy, 2009, pp. 3–15. DOI: 10.1109/SP.2009.6.
dc.relation.references[11] K. E. Mayes and C. Cid, (2010). “The mifare classic story”, Information Security Technical Report, 15(1), 8–12. DOI: 10.1016/j.istr.2010.10.009.
dc.relation.referencesen[1] ISO/IEC 14443. Identification cards - Contactless integrated circuit(s) cards – Proximity cards (2001). Available at: https://www.iso.org/standard/28729.html
dc.relation.referencesen[2] K. Finkenzeller, (2010). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication (3rd ed.) DOI: 10.1002/9780470665121
dc.relation.referencesen[3] K. Finkenzeller, (2003). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification (2nd ed.). DOI: 10.1002/0470868023.
dc.relation.referencesen[4] B. B. Gupta and S. Narayan, (2020). "A survey on contactless smart cards and payment system: technologies, policies, attacks and countermeasures", Journal of Global Information Management (JGIM), 28(4), pp. 135–159. DOI: 10.4018/JGIM.2020100108.
dc.relation.referencesen[5] Mifare Classic Family. Available at: https://www.mifare.net/en/products/chip-card-ics/mifare-classic/ (Accessed: 23 March 2022).
dc.relation.referencesen[6] F. D. Garcia, G. D. Koning Gans, R. Muijrers, P. V. Rossum, R. Verdult, R. W. Schreur, and B. Jacobs, "Dismantling MIFARE classic", in Proc. European symposium on research in computer security, 2008, pp. 97–114. DOI: 10.1007/978-3-540-88313-5_7
dc.relation.referencesen[7] G. D. Koning Gans, J. H. Hoepman, and F.D. Garcia, "A practical attack on the MIFARE Classic", in Proc. International Conference on Smart Card Research and Advanced Applications, 2008, pp. 267–282. DOI: 10.1007/978-3-540-85893-5_20.
dc.relation.referencesen[8] W. H. Tan, "Practical attacks on the Mifare Classic. M.S. thesis", Imperial College London, 2009. Available at: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.739.1658&rep=rep1&type=pdf (Accessed: 23 March 2022).
dc.relation.referencesen[9] K. Nohl, and H. Plotz, "MIFARE: Little Security, Despite Obscurity". Presented at 24th Congress of the Chaos Computer Club in Berlin, 2007. Available at: https://www.youtube.com/watch?v=QJyxUvMGLr0 (Accessed: 23 March 2022).
dc.relation.referencesen[10] F. D. Garcia, P. Van Rossum, R. Verdult, and R. W. Schreur, "Wirelessly pickpocketing a Mifare Classic card", in Proc. 30th IEEE Symposium on Security and Privacy, 2009, pp. 3–15. DOI: 10.1109/SP.2009.6.
dc.relation.referencesen[11] K. E. Mayes and C. Cid, (2010). "The mifare classic story", Information Security Technical Report, 15(1), 8–12. DOI: 10.1016/j.istr.2010.10.009.
dc.relation.urihttps://www.iso.org/standard/28729.html
dc.relation.urihttps://www.mifare.net/en/products/chip-card-ics/mifare-classic/
dc.relation.urihttps://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.739.1658&rep=rep1&type=pdf
dc.relation.urihttps://www.youtube.com/watch?v=QJyxUvMGLr0
dc.rights.holder© Національний університет „Львівська політехніка“, 2022
dc.rights.holder© Kose B. O., Uluoz H., Coskun V., 2022
dc.subjectMIFARE Classic
dc.subjectsmart cards
dc.subjectsecure design
dc.subjectpayment services
dc.subjectcontrol services
dc.titleA secure design on mifare classic cards for ensuring contactless payment and control services
dc.typeArticle

Files

Original bundle

Now showing 1 - 1 of 1
Thumbnail Image
Name:
2022v7n1_Kose_B_O-A_secure_design_on_mifare_22-28.pdf
Size:
327.33 KB
Format:
Adobe Portable Document Format

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.76 KB
Format:
Plain Text
Description: