Security Of RFID Systems In Spite Of Hacked Mifare-Classic RFID Chips

By FEIG Electronic

One option is to make card cloning more complicated by connecting the card's serial number to the data stored and additionally encrypting this data with the host-system. This way, the data is not directly readable, even if the Mifare-Classic key is known.

Another option is to encrypt the stored data with a customized encryption key, where every card receives an individual code. This method prevents the delivery of the code for all cards for a specific application, once an individual card has been hacked.

Although both alternatives require additional programming, they can be easily implemented, even into the infrastructure of already existing systems. System Terminals can be used in order to convert cards that are already in circulation.

Monitoring transaction data by using a clearing-system is another method for fraud defense. For this purpose, a transaction counter can be easily installed on the card. Another way to increase the level of security is saving the specific time a transaction is made. In case a cloned card enters circulation, the clearing-system should recognize the irregular actions and freeze the card.