MIFARE Ultralight EV1 vs MIFARE DESFire EV2
MIFARE Ultralight EV1 offers 128 bytes memory with 32-bit password security, making it ideal for limited-use transit tickets, loyalty tokens. MIFARE DESFire EV2 provides 2-32 KB with AES-128 + proximity check security, suited for high-security transit, national ID, government.
MIFARE Ultralight EV1
MIFARE DESFire EV2
MIFARE Ultralight EV1 vs MIFARE DESFire EV2
MIFARE Ultralight EV1 is the minimal-cost transit token. MIFARE DESFire EV2 is the mid-generation DESFire with relay attack protection and expanded memory. The gap between them is wide — Ultralight EV1 is a simple password-protected NDEF tag; DESFire EV2 is a full ISO 14443ISO 14443Standard for contactless smart cards at 13.56 MHz (Types A and B)View full →-4 secure smartcard with hardware proximity check.
Overview
MIFARE Ultralight EV1: 48–128 bytes, 32-bit password, 24-bit monotonic counter, OTP area, NFC ForumNFC ForumIndustry body developing NFC standards, specifications, and certifications since 2004View full → Type 2. Minimal transit token for single or limited use in controlled reader environments. Designed for transit operators who issue and collect tickets with full reader control.
MIFARE DESFire EV2: 2–32 KB EEPROMEEPROMNon-volatile memory technology retaining data without powerView full →, AES-128 with hardware proximity check, up to 28 independent applications, per-transaction MAC for stored value files. Builds on DESFire EV1's multi-application AES architecture by adding relay attack protection — a hardware mechanism that measures round-trip signal timing to defeat attackers who forward the reader-card communication over long distances. Widely deployed in high-security national transit and corporate access control programs.
Key Differences
- Security: DESFire EV2 AES-128 with proximity check vs Ultralight EV1 32-bit password. AES-128 is cryptographically unbreakable; 32-bit passwords are brutable.
- Relay attack protection: DESFire EV2 has hardware proximity check — the primary new feature vs EV1. Ultralight EV1 has no relay attack protection.
- Memory: DESFire EV2 up to 32 KB vs Ultralight EV1 128 bytes — a 250x difference.
- Multi-application: DESFire EV2 supports 28 independent applications with separate AES key domains. Ultralight EV1 is single-application.
- Transaction MAC: DESFire EV2 introduced per-transaction MAC that authenticates every command response — protecting value file decrements from tampering. Ultralight EV1's counter is unauthenticated.
- Cost: Ultralight EV1 $0.05–$0.12 vs DESFire EV2 $0.80–$2.00 — a 15–20x premium.
Technical Comparison
| Parameter | MIFARE Ultralight EV1 | MIFARE DESFire EV2 |
|---|---|---|
| NFC Tag Type | Type 2 (ISO 14443-3A) | Type 4 (ISO 14443-4) |
| User memoryUser memoryTag memory portion available for user data storageView full → | 48 or 128 bytes | 2–32 KB |
| Security | 32-bit password | AES-128 + proximity check |
| Relay attack protection | No | Yes (hardware proximity check) |
| Multi-application | No | Yes (up to 28) |
| Monotonic counter | Yes (hardware 24-bit, unauthenticated) | Via AES-protected value files |
| Transaction MAC | No | Yes |
| Clone resistance | Low | High |
| Write endurance | 100,000 writes | 500,000 writes |
| Unit cost (volume) | $0.05–$0.12 | $0.80–$2.00 |
| Common Criteria | None | EAL4+ |
Use Cases
MIFARE Ultralight EV1 is appropriate for single-use or very limited-use transit tickets (day passes, event tickets) in operator-controlled environments where cost per tag is the dominant constraint and the infrastructure prevents sophisticated attacks.
MIFARE DESFire EV2 is appropriate for high-value long-lived transit cards in programs where stored value requires per-transaction MAC protection, where relay attacks are a realistic threat at access gates, and where multi-application card layouts are required across transit, loyalty, and access domains.
Verdict
These chips serve entirely different deployment tiers. Ultralight EV1 is the cost-minimum disposable token for closed operator environments. DESFire EV2 is the AES security card with relay attack protection for high-value long-lived multi-application deployments. For transit systems handling high-value stored-value cards or corporate credentials over multi-year card lifetimes, DESFire EV2 is the appropriate standard. For single-use tickets where cost drives every decision and the infrastructure is fully operator-controlled, Ultralight EV1 remains the industry reference. Organizations upgrading aging Ultralight deployments should budget for DESFire EV2 when per-transaction MAC integrity, relay attack resistance, and multi-application card consolidation become firm requirements.
التوصية
Choose MIFARE Ultralight EV1 when you need improved Ultralight with password protection; choose MIFARE DESFire EV2 when you need relay attack protection via proximity check.