The MIFARE® DESFire® Chip by NXP is one of the best radio-frequency chips in terms of security. Within the MIFARE chip family, it is the top of the range in terms of encryption.
In fact, the name DESFire refers to the use of DES, 2K3DES, 3K3DES and AES hardware encryption to protect data transmission. This type of encryption is considered one of the most secure and inviolable. Due to its high level of security, the DESFire chip is used for applications such as personal identification, access control (even in military environments), loyalty, micropayments and public/private transport.
EV1, EV2, EV3: the main differences
Smart cards with MIFARE DESFire EV2 and EV3 chips have significant advantages over EV1 type cards.
The most significant aspects, in our opinion, are the following:
- a higher level of security;
- more flexible memory;
- a greater reading distance;
- data retention up to 25 years.
In addition to these benefits, DESFire EV2 and EV3 chips have backward compatibility with the previous versions, such as the DESFire EV1 and even older D40.
Higher security level
The improved security aspects are different. In particular, we would like to point out that the evaluation assurance level of the EV2/EV3 chips is EAL5+ level, while that of the EV1 is EAL4+ level.
In addition, the EV2/EV3 chips support proximity control. This means that the card is able to confirm to the reader that it is actually close to the reader and that it is not a remote data stream from a hacker. In addition to this control, the EV3 chip is also equipped with a new function called Transaction Timer which counteracts Man-in-the-Middle (MitM) attacks, in which a potential attacker delays the conclusion of a transaction by keeping the card powered after it left the legitimate reader device.
Finally, EV2 and EV3 chips have a separate encryption key management, based on the applications: this allows the card issuer to provide or sell application areas to third parties for personal use, which can be protected with their own keys without knowing the key main card.
More flexible memory
The EV1 chip has a limit of 28 simultaneous applications, while the EV2 and the EV3 have virtually no limits.
Greater reading distance
The reading range, it should be remembered, varies according to the size and geometry of the antenna, as well as the power of the RFID reader used. However, even if a read range of 100 mm is declared in the technical data sheets, we have found a significantly greater reading distance with the EV2 and EV3 chips.
This could make a transaction looks faster, as the POS starts reading the payment card first, while it is still moving towards the reader.
The MIFARE DESFire EV3 chip also supports an interesting function, new among the DESFire chips, but already featured in DNA-type chips, such as the NTAG424. This feature is called SUN message. SUN is the acronym of Secure Unique NFC. With this function, the chip is able to generate a unique and secure authentication code each time the Tag is read: a sort of disposable key generator. Every time the chip is read, it generates a different string. In this way, the content is protected from cloning.
The MIFARE DESFire EV3 chip is the one with the highest number of read/write cycles supported, equal to 1 million. Previous versions stopped at 500,000 cycles.
The MIFARE DESFire EV2 chip has rapidly spread, so much so that its market price is currently lower than the EV1. Most likely, the EV3 version will have the same success, thanks also to the new functions, in particular the SUN Message, and, last but not least, to the backwards compatibility.
Our advice is definitely to opt for the latest model available.
To know more
- MIFARE DESFire EV3 datasheet (includes all the news and a complete comparative table)
- MIFARE DESFire EV2 datasheet
- MIFARE DESFire EV1 datasheet
- PVC Cards with MIFARE DESFire EV3 chip
- PVC Cards with MIFARE DESFire EV2 chip
- PVC Cards with MIFARE DESFire EV1 chip