Today, various contactless smart cards are used to protect our personal information and to perform secure and fast transactions. Many contactless smart card applications are becoming commonplace, from corporate access control cards to electronic passports and financial payment. There is a wide variety of smart cards on the market that differ in size, chasis, memory, computing power, and even the security features they provide. Although MIFARE Classic cards, which are used in many areas due to their price performance, meet certain security and functional needs, the weaknesses of these cards have made the applications and systems they are used in question. The aim of this study is to introduce a new design on MIFARE Classic contactless cards that will eliminate the basic shortcomings with minimum impact, and to perform high-security payment transactions using these cards, which do not support high-security payment transactions in their basic design. By using flexible data organization and storage scheme, their sector structure can be used for different purposes. The proposed new design includes derivation of critical card data by using card- specific information which ensures that the keys that provide access to the sectors of card are different on all cards; protection of card information through a certificate mechanism; usage of a new data structure with mirroring and redundancy methods to ensure data integrity and provide a server-side authentication mechanism for online transactions. It is possible that the proposed new design will pave the way for the secure use of MIFARE Classic cards in new generation payment and control systems.
Read full abstract