Nedap's AEOS maximises resistance to DESFire relay attacks
NFC-enabled credit cards have received much attention because of their vulnerability to relay attacks. Widely used NXP DESFire EV1 cards use the same technology, and are vulnerable...
NFC-enabled credit cards have received much attention because of their vulnerability to relay attacks. Widely used NXP DESFire EV1 cards use the same technology, and are vulnerable to relay attacks, which raised concern in the access control market. A relay attack fraudulently extends the distance between smart card and card reader enabling, for example, unauthorised access to buildings. Research carried out by the Dutch knowledge institute TNO has proved that Nedap's security platform AEOS maximises resistance to relay attacks.
It has been known for some time that so-called proximity communication - as described in the ISO/IEC 14443 protocol - is vulnerable to relay attacks. It only requires two smartphones with built-in NFC technology to extend the distance between card and reader without restrictions. Extending this communication distance, however, creates a delay. By applying much stricter delay times in all of its card readers than is prescribed by the ISO/IEC 14443 protocol, Nedap significantly reduces the chances of possible relay attacks.
As in 2009, when Nedap was the first manufacturer to respond to the possible security risks of the Mifare Classic chip, Nedap has moved quickly to give its clients the best protection. In response to the TNO research, Nedap has reduced the delay times of its card readers even further, without having to make concessions to user-friendliness. Because AEOS can provide card readers with new firmware remotely, clients can now get better protection against relay attacks at the press of a button.
Proximity check
To prevent the chance of relay attacks, NXP applies a check between card and reader in its Mifare Plus X technology to determine whether the card is actually in the proximity of the reader. The successor of the much-used DESFire EV1-chip, the DESFire EV2-chip, is also expected to have this built-in proximity check. Until this card is launched, however, it is the responsibility of users to map out the security risks together with their suppliers. Manufacturers therefore face the task of developing solutions to minimise the risks.
