Mifare cards come in two technologies: Classic Mifare with sector/block structure, and Desfire with a file system and greater security features like DES encryption. Desfire has enhanced memory sizes up to 8k, more files and applications per card, and supports DES and triple DES encryption. It allows up to 32 applications identified by Application IDs. DESfire implements cryptographic security through challenge-response authentication, data encryption for confidentiality, message signatures for integrity and non-repudiation. DES is a symmetric key algorithm that encrypts data in 64-bit blocks, with security increased using triple DES. DESfire supports public key algorithms for encryption/decryption and signing with hash functions like MD5 and SHA providing message

2. Mifare Has 2 type Technology :
• Mifare Sector/Block Card (Classic Mifare)
• Mifare Desfire (File System, More secured, fast & reliable) with Crypto
• DES (Data Encryption Standard )
• What is Crypto in Desfire Cards

3. The DESFire® platform is a memory technology like the Mifare Classic, but with
enhanced file handling and security features.
DESFire ® Platform Differences
MF3IC40 MF3IC21–EV1 MF3IC41-EV1 MF3 IC D80
Memory Size 4k 2k 4k 8k
Internal Use 256 bytes
Free Space 4096 bytes 2272 bytes 4832 bytes 7936 bytes
Max. Applications 28 28 28 28
Max. Files per Application 16 32 32 32
Crypto DES, TDES DES, TDES DES, TDES DES, TDES
Life 10 Years 10 years 10 Years 10 years
DESFire® AIDs
DESFire® allows up to 32 applications on a card. Every application has a three byte
Application Identifier (AID) by means of which it can be found and selected.

4. Cryptographic Security Implementation
• Authenticity
– implementation using challenge - response
• Confidentiality
– implementation using data encryption
• Integrity
– implementation using message signature
• Non-repudiation
– implementation using message signature

5. DES - Data Encryption Standard
• symmetrical key algorithm
• manipulate data in 8 bytes block
• only known attack is exhaustive key search,
2 to the power of 56 computations
• 2 million years for today’s PC @1ms per
computation or a few hours with special
designed hardware, parallel processing
• security can be increased using triple DES

6. Symmetrical Algorithm
• Symmetrical e.g. DES (or triple DES)
– good for many-to-one and one-to-one security for e.g.
bank customers , Personal Identification &
Verification
– simple key management (Public & Private)
– Cannot achieve non-repudiation

7. DES plain text, P
DES
Z=DES(K,P)
know K, P, can find Z easily
know K,Z, can find P easily
know P,Z, impossible to find
key, K
K except exhaustive search
-1
ciphered text,Z P=DES(K,Z)
-1
DES

8. DES / Triple DES
 Single DES uses single length key (8 bytes), K(8)
 3DES uses double length key (16 bytes), K(16) = KL(8)
| KR(8) or KA(8) | KB(8)
 If the left and right part are the same, 3DES reduces
to single DES
 Allows smooth migration from single DES to 3DES
 Least significant bit of each byte not used

9. Triple DES
3-DES Encryption 3-DES Decryption
Plain Text Cipher Text
Left Key DES Left Key DES-1
Right key DES-1 Right key DES
Left Key DES Left Key DES-1
Ciphered Text Plain Text
Z=3DES(K,P) P=3DES-1 (K,Z)

10. MAC - Message Authentication Code Single DES
message
I.V. xor xor xor
key
DES DES DES
K
mac=MAC(Kmac,message)

11. MAC - Message Authentication Code Triple DES
message
I.V. xor xor xor
key
DES DES DES
K
-1
DES
DES
mac=3MAC(Kmac,message)

12. Hash
a cryptographic function
takes a variable length message
returns a fixed length hash value
also known as a Message Digest function
examples MD5(128 bits), SHA(160 bits)
analogous to a message finger print
no key is involved
usage - signature on message’s hash is as good as
signature on the message

13. Public Key Algorithm
each party gets a public key and a private (secret)
key which is unique
public key is published (free read access)
private key is secret (known only to the party)
public key is certified by a key certification body -
key certificate
the public key of the certification body is public
read access

14. Encryption Using Public Key Algorithm
 Check receiver public key certificate with CA public key
 Check public key revocation list
 Generate random 3DES key
 Encrypt message using 3DES
 Encrypt 3DES Key using other party public key
 Append encrypted 3DES key with encrypted message
Decryption Using Public Key Algorithm
 Decrypt 3DES key using the private key
 Use decrypted 3DES key to decrypt the message

15. Decryption Using Public Key Algorithm
 Decrypt 3DES key using the private key
 Use decrypted 3DES key to decrypt the message

16. Application
• Advanced public transportation
• High secure access control
• Event ticketing
• E-Government
• Identity Verification without Central connectivity
• E-Purse ( Canteen, Laundry & any payment)
Available file types
The files within an application can be any of the following types:
• Standard data files
• Backup data files
• Value files with backup
• Linear record files with backup
• Cyclic record files with backup

17. Q&A
THANKS
Zahir B. Malik