Reverse Engineering of Authentication Protocol in DesFire

Labbafniya, Mansoureh; Yusefi, Hamed; Khalesi, Akram

doi:10.22042/isecure.2023.371284.889

Reverse Engineering of Authentication Protocol in DesFire

Document Type : Research Article

Authors

Mansoureh Labbafniya

Hamed Yusefi

Akram Khalesi

Research Center on Developing Advanced Technologies, Tehran, Iran

https://doi.org/10.22042/isecure.2023.371284.889

Abstract

Nowadays contactless smart cards are extensively used in applications that need strong authentication and security feature protection. Among different cards from different companies, MIFARE DESFire cards are one of the most used cases. The hardware and software design in addition to implementation details of MIFARE DESFire cards are kept secret by their manufacturer. One of the important functions is authentication which usually its procedure is secret in cards.
MIFARE DESFire EV3 is the fourth generation of the MIFARE DESFire products which supports integrity and confidential protected communication. DESFire EV3 is the latest addition of MIFARE DESFire family of smart card chipsets from NXP. This type of card is compatible with MIFARE DESFire D40, EV1, and EV2. The details of the authentication protocols in MIFARE DESFire EV3 card with three different secure messaging protocols are introduced in this paper. We use ProxMarak4 to obtain the details of authentication protocol of the DESFire cards as readers and a Custom special purpose board as a card.

Keywords

Contactless Smart Card

EV1

EV2

EV3

MIFARE DESFire

Reverse Engineering

Secure Messaging Authentication Protocol

20.1001.1.20082045.2023.15.2.7.6

[1] Adoption of smart cards in the medical sector:: the canadian experience. Social Science & Medicine, 53(7):879–894, 2001.
[2] Brij B Gupta and Shaifali Narayan. A survey on contactless smart cards and payment system: technologies, policies, attacks and countermeasures. Journal of Global Information Management (JGIM), 28(4):135–159, 2020.
[3] Shi Chen. Trust management for a smart card based private eid manager. Master’s thesis, NTNU, 2016.
[4] Bruce Schneier, Adam Shostack, et al. Breaking up is hard to do: modeling security threats for smart cards. In USENIX Symposium on Smart Cards, 1999.
[5] Flavio D Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, and Bart Jacobs. Dismantling mifare classic. In European symposium on research in computer security, pages 97–114. Springer, 2008.
[6] NXP SemiConductors. Mifare desfire ev1 contactless multi-application ic. Product short data sheet.[online] Available at:, 2010.
[7] David F. Oswald and Christof Paar. Breaking mifare desfire mf3icd40: Power analysis and templates in the real world. In Workshop on Cryptographic Hardware and Embedded Systems, 2011.
[8] Petr Socha, Vojtˇech Miˇskovsk`y, and Martin Novotn`y. A comprehensive survey on the noninvasive passive side-channel analysis. Sensors, 22(21):8096, 2022.
[9] Oleksiy Lisovets, David Knichel, Thorben Moos, and Amir Moradi. Let’s take it offline: Boosting brute-force attacks on iphone’s user authentication through sca. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages
496–519, 2021.
[10] Jung-Sik Cho, Sang-Soo Yeo, and Sung Kwon Kim. Securing against brute-force attack: A hash-based rfid mutual authentication protocol using a secret value. Computer communications, 34(3):391–397, 2011.
[11] Dario Carluccio. Electromagnetic side channel analysis for embedded crypto devices. Master’s thesis, Ruhr Universit¨at Bochum, 2005.
[12] Timo Kasper, Ingo von Maurich, David Oswald, and Christof Paar. Chameleon: A versatile emulator for contactless smartcards. In International Conference on Information Security and Cryptology, pages 189–206. Springer, 2010.