The 25th International exhibition of security and fire protection equipment and products
19-22 March 2019 • Moscow, Expocentre Fairgrounds, Pavilions 2, 8

TNO research proves: Nedap’s AEOS maximises resistance to DESFire relay attacks

NFC-enabled credit cards have received much attention because of their vulnerability to relay attacks.

Groenlo, the Netherlands, 27 May 2015

Widely used NXP DESFire EV1 cards use the same technology, and are vulnerable to relay attacks, which raised concern in the access control market. A relay attack fraudulently extends the distance between smart card and card reader enabling, for example, unauthorised access to buildings. Research carried out by the Dutch knowledge institute TNO has proved that Nedap’s security platform AEOS maximises resistance to relay attacks.

It has been known for some time that so-called proximity communication - as described in the ISO/IEC 14443 protocol - is vulnerable to relay attacks. It only requires two smartphones with built-in NFC technology to extend the distance between card and reader without restrictions. Extending this communication distance, however, creates a delay. By applying much stricter delay times in all of its card readers than is prescribed by the ISO/IEC 14443 protocol, Nedap significantly reduces the chances of possible relay attacks.

As in 2009, when Nedap was the first manufacturer to respond to the possible security risks of the Mifare Classic chip, Nedap has moved quickly to give its clients the best protection. In response to the TNO research, Nedap has reduced the delay times of its card readers even further, without having to make concessions to user-friendliness. Because AEOS can provide card readers with new firmware remotely, clients can now get better protection against relay attacks at the press of a button.

Proximity check

To prevent the chance of relay attacks, NXP applies a check between card and reader in its Mifare Plus X technology to determine whether the card is actually in the proximity of the reader. The successor of the much-used DESFire EV1-chip, the DESFire EV2-chip, is also expected to have this built-in proximity check. Until this card is launched, however, it is the responsibility of users to map out the security risks together with their suppliers. Manufacturers therefore face the task of developing solutions to minimise the risks.

Nedap is a manufacturer of intelligent technological solutions for the themes facing society today. Enough food for a growing population, clean drinking water across the globe, and smart networks for sustainable energy are just a few examples of issues Nedap is working to address, always with a focus on technology that matters.
The world of security is constantly changing. Organisations must deal with changing technologies, increasing regulations and tighter budgets. With AEOS, the first software-based platform for security management, Nedap provides the answer to these challenges, so organisations can use their budgets efficiently and effectively and the security system can grow with these changes.


Evgeniy Kin