A secure design on mifare classic cards for ensuring contactless payment and control services
| dc.citation.epage | 28 | |
| dc.citation.issue | 1 | |
| dc.citation.spage | 22 | |
| dc.contributor.affiliation | Gebze Technical University, Kocaeli, Turkey | |
| dc.contributor.affiliation | Konfides Information Technologies, Istanbul, Turkey | |
| dc.contributor.affiliation | Beykent University, Istanbul, Turkey | |
| dc.contributor.author | Kose, Busra Ozdenizci | |
| dc.contributor.author | Uluoz, Hakan | |
| dc.contributor.author | Coskun, Vedat | |
| dc.coverage.placename | Львів | |
| dc.coverage.placename | Lviv | |
| dc.date.accessioned | 2023-04-21T08:27:16Z | |
| dc.date.available | 2023-04-21T08:27:16Z | |
| dc.date.created | 2022-06-06 | |
| dc.date.issued | 2022-06-06 | |
| dc.description.abstract | Today, various contactless smart cards are used to protect our personal information and to perform secure and fast transactions. Many contactless smart card applications are becoming commonplace, from corporate access control cards to electronic passports and financial payment. There is a wide variety of smart cards on the market that differ in size, chasis, memory, computing power, and even the security features they provide. Although MIFARE Classic cards, which are used in many areas due to their price performance, meet certain security and functional needs, the weaknesses of these cards have made the applications and systems they are used in question. The aim of this study is to introduce a new design on MIFARE Classic contactless cards that will eliminate the basic shortcomings with minimum impact, and to perform high-security payment transactions using these cards, which do not support high-security payment transactions in their basic design. By using flexible data organization and storage scheme, their sector structure can be used for different purposes. The proposed new design includes derivation of critical card data by using cardspecific information which ensures that the keys that provide access to the sectors of card are different on all cards; protection of card information through a certificate mechanism; usage of a new data structure with mirroring and redundancy methods to ensure data integrity and provide a server-side authentication mechanism for online transactions. It is possible that the proposed new design will pave the way for the secure use of MIFARE Classic cards in new generation payment and control systems. | |
| dc.format.extent | 22-28 | |
| dc.format.pages | 7 | |
| dc.identifier.citation | Kose B. O. A secure design on mifare classic cards for ensuring contactless payment and control services / Busra Ozdenizci Kose, Hakan Uluoz, Vedat Coskun // Advances in Cyber-Physical Systems. — Lviv : Lviv Politechnic Publishing House, 2022. — Vol 7. — No 1. — P. 22–28. | |
| dc.identifier.citationen | Kose B. O., Uluoz H., Coskun V. (2022) A secure design on mifare classic cards for ensuring contactless payment and control services. Advances in Cyber-Physical Systems (Lviv), vol. 7, no 1, pp. 22-28. | |
| dc.identifier.doi | https://doi.org/10.23939/acps2022.01.022 | |
| dc.identifier.uri | https://ena.lpnu.ua/handle/ntb/57969 | |
| dc.language.iso | en | |
| dc.publisher | Видавництво Львівської політехніки | |
| dc.publisher | Lviv Politechnic Publishing House | |
| dc.relation.ispartof | Advances in Cyber-Physical Systems, 1 (7), 2022 | |
| dc.relation.references | [1] ISO/IEC 14443. Identification cards - Contactless integrated circuit(s) cards – Proximity cards (2001). Available at: https://www.iso.org/standard/28729.html | |
| dc.relation.references | [2] K. Finkenzeller, (2010). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication (3rd ed.) DOI: 10.1002/9780470665121 | |
| dc.relation.references | [3] K. Finkenzeller, (2003). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification (2nd ed.). DOI: 10.1002/0470868023. | |
| dc.relation.references | [4] B. B. Gupta and S. Narayan, (2020). “A survey on contactless smart cards and payment system: technologies, policies, attacks and countermeasures”, Journal of Global Information Management (JGIM), 28(4), pp. 135–159. DOI: 10.4018/JGIM.2020100108. | |
| dc.relation.references | [5] Mifare Classic Family. Available at: https://www.mifare.net/en/products/chip-card-ics/mifare-classic/ (Accessed: 23 March 2022). | |
| dc.relation.references | [6] F. D. Garcia, G. D. Koning Gans, R. Muijrers, P. V. Rossum, R. Verdult, R. W. Schreur, and B. Jacobs, “Dismantling MIFARE classic”, in Proc. European symposium on research in computer security, 2008, pp. 97–114. DOI: 10.1007/978-3-540-88313-5_7 | |
| dc.relation.references | [7] G. D. Koning Gans, J. H. Hoepman, and F.D. Garcia, “A practical attack on the MIFARE Classic”, in Proc. International Conference on Smart Card Research and Advanced Applications, 2008, pp. 267–282. DOI: 10.1007/978-3-540-85893-5_20. | |
| dc.relation.references | [8] W. H. Tan, “Practical attacks on the Mifare Classic. M.S. thesis”, Imperial College London, 2009. Available at: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.739.1658&rep=rep1&type=pdf (Accessed: 23 March 2022). | |
| dc.relation.references | [9] K. Nohl, and H. Plotz, “MIFARE: Little Security, Despite Obscurity”. Presented at 24th Congress of the Chaos Computer Club in Berlin, 2007. Available at: https://www.youtube.com/watch?v=QJyxUvMGLr0 (Accessed: 23 March 2022). | |
| dc.relation.references | [10] F. D. Garcia, P. Van Rossum, R. Verdult, and R. W. Schreur, “Wirelessly pickpocketing a Mifare Classic card”, in Proc. 30th IEEE Symposium on Security and Privacy, 2009, pp. 3–15. DOI: 10.1109/SP.2009.6. | |
| dc.relation.references | [11] K. E. Mayes and C. Cid, (2010). “The mifare classic story”, Information Security Technical Report, 15(1), 8–12. DOI: 10.1016/j.istr.2010.10.009. | |
| dc.relation.referencesen | [1] ISO/IEC 14443. Identification cards - Contactless integrated circuit(s) cards – Proximity cards (2001). Available at: https://www.iso.org/standard/28729.html | |
| dc.relation.referencesen | [2] K. Finkenzeller, (2010). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication (3rd ed.) DOI: 10.1002/9780470665121 | |
| dc.relation.referencesen | [3] K. Finkenzeller, (2003). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification (2nd ed.). DOI: 10.1002/0470868023. | |
| dc.relation.referencesen | [4] B. B. Gupta and S. Narayan, (2020). "A survey on contactless smart cards and payment system: technologies, policies, attacks and countermeasures", Journal of Global Information Management (JGIM), 28(4), pp. 135–159. DOI: 10.4018/JGIM.2020100108. | |
| dc.relation.referencesen | [5] Mifare Classic Family. Available at: https://www.mifare.net/en/products/chip-card-ics/mifare-classic/ (Accessed: 23 March 2022). | |
| dc.relation.referencesen | [6] F. D. Garcia, G. D. Koning Gans, R. Muijrers, P. V. Rossum, R. Verdult, R. W. Schreur, and B. Jacobs, "Dismantling MIFARE classic", in Proc. European symposium on research in computer security, 2008, pp. 97–114. DOI: 10.1007/978-3-540-88313-5_7 | |
| dc.relation.referencesen | [7] G. D. Koning Gans, J. H. Hoepman, and F.D. Garcia, "A practical attack on the MIFARE Classic", in Proc. International Conference on Smart Card Research and Advanced Applications, 2008, pp. 267–282. DOI: 10.1007/978-3-540-85893-5_20. | |
| dc.relation.referencesen | [8] W. H. Tan, "Practical attacks on the Mifare Classic. M.S. thesis", Imperial College London, 2009. Available at: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.739.1658&rep=rep1&type=pdf (Accessed: 23 March 2022). | |
| dc.relation.referencesen | [9] K. Nohl, and H. Plotz, "MIFARE: Little Security, Despite Obscurity". Presented at 24th Congress of the Chaos Computer Club in Berlin, 2007. Available at: https://www.youtube.com/watch?v=QJyxUvMGLr0 (Accessed: 23 March 2022). | |
| dc.relation.referencesen | [10] F. D. Garcia, P. Van Rossum, R. Verdult, and R. W. Schreur, "Wirelessly pickpocketing a Mifare Classic card", in Proc. 30th IEEE Symposium on Security and Privacy, 2009, pp. 3–15. DOI: 10.1109/SP.2009.6. | |
| dc.relation.referencesen | [11] K. E. Mayes and C. Cid, (2010). "The mifare classic story", Information Security Technical Report, 15(1), 8–12. DOI: 10.1016/j.istr.2010.10.009. | |
| dc.relation.uri | https://www.iso.org/standard/28729.html | |
| dc.relation.uri | https://www.mifare.net/en/products/chip-card-ics/mifare-classic/ | |
| dc.relation.uri | https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.739.1658&rep=rep1&type=pdf | |
| dc.relation.uri | https://www.youtube.com/watch?v=QJyxUvMGLr0 | |
| dc.rights.holder | © Національний університет „Львівська політехніка“, 2022 | |
| dc.rights.holder | © Kose B. O., Uluoz H., Coskun V., 2022 | |
| dc.subject | MIFARE Classic | |
| dc.subject | smart cards | |
| dc.subject | secure design | |
| dc.subject | payment services | |
| dc.subject | control services | |
| dc.title | A secure design on mifare classic cards for ensuring contactless payment and control services | |
| dc.type | Article |