Tag Archives: NFC

How is a NFC session key created?

Posted on by

I was reading MIFARE DESFire EV1 document and noticed this:

MIFARE DESFire EV1 and the reader device show in an encrypted way
that they possess the same secret which especially means the same key;
this not only confirms that both entities are permitted to perform
operations on each other but also creates a session key which can be
used to keep the further communication path secure; as the name
“session key” implicitly indicates, each time a new authentication
procedure is successfully completed a new key for further cryptographic
operations is generated

The not only part is easy to achieve. In the simplest form, ‘server’ can throw a random number at the card, and the card can reply with the hash of the secret + the random number.

The but also part, which is the establishment of a session key, is a bit hand-wavy. Since both side already have a common secret, why do you need a session key, and not just use the common secret as a session key?

Note that this question has nothing to do with public key systems or asymmetric encryption or digital signature. In this case, both sides know the same secret.

Continue reading How is a NFC session key created?

Posted in Uncategorized | Tagged

Why are card associations launching RFID enabled payment cards despite of their being unsecure?

Posted on by

You can use applications to get data from these cards. I got tracks data of my cards as well as card number and expiry from my debit card just by single tap of phone. A criminal can use that data and use it ( though my card i… Continue reading Why are card associations launching RFID enabled payment cards despite of their being unsecure?