International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2015): 78.96 | Impact Factor (2015): 6.391 Volume 6 Issue 7, July 2017 www.ijsr.net Licensed Under Creative Commons Attribution CC BY Secure Transaction by MIFARE Cards using NFC Technology Tejaswini P Chinde 1 , Deepika Dash 2 1 M.Tech CNE, Department of CSE, R.V College of Engineering, Bengaluru, Karnataka, 560040, India 2 Assistant Professor, Department of CSE, R.V College of Engineering, Bengaluru, Karnataka, 560040, India Abstract: With improvement in mobile technology, the usage of mobiles in day to day lives of people has increased and handling of it is a difficult task. The ideal solution evolved for secure transaction is MIFARE cards. MIFARE cards are the smart cards which have security mechanism embedded in the secure element or the chip to provide secure transactions and it operates with NFC (Near Field Communication) technology where communication happens between two NFC enabled devices within the range of 10cm. MIFARE cards have different applications like public transport, parking, movies and concert tickets, E- payments, E- passport etc. Keywords: AES - Advance Encryption Standard, APDU - Application Protocol Data Unit, CAPDU - Command APDU, DES - Data Encryption Standard, ISO/IEC - International Organization for Standardization/ International Electro technical Commission, JCOP - Java Card Operating Platform, NFC - Near Field Communication, OTA - Over The Air, RAPDU - Response APDU, RFID - Radio Frequency Identification, VCM - Virtual Card Management. 1. Introduction As advancement in technology especially in wireless communication is trending but it has its own security breaches. Now a day there is more usage of mobile devices in daily lives of people leads to an intension to easier the works of people by using MIFARE card for secure transactions. MIFARE cards are NXP Semiconductor’s proprietary for Smart cards which are a computing chip that has memory and microprocessor for storing and processing the data [1]. The MIFARE cards uses NFC (Near Field Communication) technology i.e. the communication between two NFC enabled devices which happens in the range of 10 cm, 13.56 MHZ and is an advance technology to RFID [1]. Each MIFARE cards has operating system depending upon application, the common used OS are JCOP (Java Card Open Platform), MultiOS, windows for smart card, etc. For any online transactions there are many security challenges and breaches or issues to be considered [2]. Each MIFARE cards implement different algorithms such as AES, DES, 3DES, Crypto1 etc. for providing security for those applications. It under goes MIFARE for mobile methodology where the service provider has a right to access the secure element from remote and manage it from a single interface over the air (OTA). 2. MIFARE card and its variants MIFARE cards perform secure transactions using MIFARE for Mobile methodology using NFC technology where MIFARE for Mobile is over the air (OTA) process that is the single interface which is available for service provider to access remotely to the secure element and manage it. There are variants of MIFARE cards like Classic, DESFire, Ultralight and Plus [3]. These variants have its own feature and algorithm implemented depending upon the desired application requirement and is explained as below and is as shown in below figure 1 different MIFARE cards. Figure 1: MIFARE cards MIFARE Classic: In MIFARE cards classic was the first card developed which is later lead to evolution of other cards. It has two types based on memory configuration size that is 1K and 4K bytes. It performs Crypto1 algorithm and follows ISO/IEC 14443 -3. It is used for single application usage like Employee or student or campus cards, car parking, public transportation etc. [3] MIFARE DESFire: It is improvised card in terms of security and application based. It stands for DES algorithm used in it and FIRE refers “Fast, Innovation, Reliable and sEcure”. The algorithms that can be implemented in it are DES, 3DES, AES. Its memory configuration types are 2K, 4K and 8K bytes. It also supports ISO/IEC 14443 – 3 and 4 standards [3]. MIFARE Ultralight: It is the light weighted physical cards as its name depicts. It is used in limited use application like movie, concert tickets etc. No security is provided by these cards and there is no implementation of any algorithm depending upon applications and it supports ISO/IEC 14443 – 3, but in Ultralight C card it implements 3DES algorithm [3]. MIFARE Plus: It has multiple security levels like level 0, 1 and 2 depending on application requirements and it has backward compatibility feature implemented. It can follow Crypto1 and AES algorithms [4]. It has Memory of 2K, 4K bytes and adopted for all ISO/IEC 14443 standards that is from 1 – 4. It is compatible with MIFARE Classic card [3]. Paper ID: ART20175360 663