Tag 101

Learn the differences between several types of NFC tags

6 minute read

Introduction

Here at TapTrack, one of the first decisions we have to make when starting any new project is what type of NFC tag we intend to use. With a lot of different tag technologies on the market many having wildly varying capabilities and capacities, this decision is not as simple as one would hope, and it often has a huge impact on what the resulting project will look like. Unfortunately, the terminology surrounding NFC tags is often very confusing, so we’d like to take a moment to provide a brief overview of the major categories.

NFC Forum Tag Types

The NFC Forum standardizes five different tag technologies which comprise the bulk of the tags readily available on the market. There are also several tag types which are not part of an NFC forum standard, the most common of which is the MIFARE Classic from NXP Semiconductors. Of the common tag technologies, Type 1 and Type 2 tags provide a basic set of features, while Type 3 and Type 4 tags introduce higher memory capacities and more advanced capabilities such as cryptographic authentication. MIFARE Classic tags are similar to Type 3 and 4 tags, but operate according to a proprietary NXP standard instead of following an NFC Forum standard. Type 5 tags were very recently added by the NFC Forum and make use of tags operating according to the ISO15693 standard (other NFC tags follow ISO14443).

NFC Forum Type 1 / 2

Historically, the difference between Type 1 tags and Type 2 tags was very simple. While they both provided a rewriteable NFC tag with the ability to permanently lock the tag to be read-only, Type 1 tags communicated at a slower rate than Type 2, but were available in higher memory capacities – 512 bytes for the Topaz 512 vs 64 bytes for the NXP MIFARE Ultralight. Both tag types were highly available and cost-effective, so if you needed more memory, you used Type 1 tags, otherwise you would generally go with Type 2.

In recent years, new Type 2 tags have been released with much higher capacities. The NXP NTAG21x series of Type 2 tags are currently available with capacities from ranging from 144 bytes all the way to 888 bytes. These new Type 2 tags also include several advanced features including fast-reading, counters, user-configurable password-protection, and even 3-pass mutual authentication in the case of the Ultralight C. These more advanced Type 2 tags do cost a bit more than their predecessors, but their additional capacity and new capabilities have caused them to largely supplant earlier Type 1 and Type 2 tags. Additionally, some readers (including a few Android phones) do not support Type 1 tags very well, so, now that higher-memory Type 2 tags are an option, they’re generally the better choice.

NFC Forum Type 3 / 4

Type 3 is the standard covering the Sony FeliCa tag technology. These tags provide high memory capacities and advanced features, but are very uncommon outside of Japan. In the rest of the world, Type 4 tags are the most common of the advanced tag technologies, with the MIFARE DESFire being by far the most available option.

The DESFires are available in versions with 2kB, 4kB, and 8kB of memory, but their true strength is in their additional functionality and security features. DESFires support several user-configurable data types including 32-bit counters and cyclic records in addition to the basic binary and NDEF data files. DESFires also have the ability to modify data using transactions in order to help maintain data integrity. In terms of security, they support user-configurable finely-grained access controls using with multiple ‘accounts’ defined by keys used for DES- or AES-based three pass mutual authentications. These tags are also hardened against side channel attacks and are able to communicate in a fully enciphered manner using one-time use randomly generated session keys. In short, these are the tags you use when you require strong security. However, it is worth noting that the Ultralight C also supports DES authentication, which makes it a lower-cost alternative for certain secure applications.

NFC Forum Type 5

In contrast to other NFC tags that use the ISO14443 protocol, Type 5 tags communicate using the protocol specified in the ISO15693 standard. While they are a relatively basic tag type in general, Type 5 tags are designed to be capable of communicating over much longer ranges than other NFC tags, although, in practise, this is largely dependent on the power of the reader. Type 5 tags are relatively uncommon, but they are the only option in applications that have to be able to communicate over distances greater than a few centimetres.

MIFARE Classic

Rounding out this summary of tag technologies is the proprietary NXP MIFARE Classic. The MIFARE Classic is an advanced high-capacity smartcard similar to Type 3 and Type 4 tags, but using a proprietary authentication method based on an NXP-developed algorithm called Crypto-1. The result is a card that provides some of the advanced features of Type 3 and 4 tags at a lower cost; however, their proprietary nature causes the Classic to have compatibility issues. Readers using chips not made by NXP often do not natively support the MIFARE Classic’s proprietary authentication scheme, which means that many readers are incapable of working with them. In particular, many modern Android phones use Broadcom NFC controllers that do not support MIFARE Classics, so if broad compatibility with mobile devices is a requirement of your application, the MIFARE Classic is a very risky choice.

MIFARE Classic Security Concerns

The low cost of the MIFARE Classic also comes at the cost of security. The proprietary encryption algorithm used in the Classic has serious shortcomings* that render it inappropriate for use in situations that necessitate strong security. However, they can still be an option for cost-sensitive applications where the consequences of a card being hacked are minor relative to the cost of upgrading to a more secure tag, such as ticketing for rides at a fair. *see the MIFARE Classic security references below:

MIFARE Classic Security References

[1] Garcia, Flavio D., et al. “Dismantling MIFARE classic.” Computer Security-ESORICS 2008. Springer Berlin Heidelberg, 2008. 97-114.

[2] de Koning Gans, Gerhard, Jaap-Henk Hoepman, and Flavio D. Garcia. “A practical attack on the MIFARE Classic.” Smart Card Research and Advanced Applications. Springer Berlin Heidelberg, 2008. 267-282.

[3] Garcia, Flavio D., et al. “Wirelessly pickpocketing a Mifare Classic card.”Security and Privacy, 2009 30th IEEE Symposium on. IEEE, 2009.

Share on: LinkedIn, Twitter, Google+