MIFARE Ultralight EV1 vs MIFARE DESFire EV1
MIFARE Ultralight EV1 offers 128 bytes memory with 32-bit password security, making it ideal for limited-use transit tickets, loyalty tokens. MIFARE DESFire EV1 provides 2-8 KB with 3DES + AES-128 security, suited for transit, campus cards, access control.
MIFARE Ultralight EV1
MIFARE DESFire EV1
MIFARE Ultralight EV1 vs MIFARE DESFire EV1
MIFARE Ultralight EV1 and MIFARE DESFire EV1 represent a clear step-change in NFC security capability. Ultralight EV1 is the cost-minimum transit token. DESFire EV1 is the first AES-capable multi-application smart card in the DESFire line. The comparison illustrates when the AES premium is worth paying.
Overview
MIFARE Ultralight EV1: 48–128 bytes, 32-bit password, 24-bit counter, OTP area, NFC ForumNFC ForumIndustry body developing NFC standards, specifications, and certifications since 2004View full → Type 2. Targeted at single-use and limited-use transit tickets where cost per tag must be minimized and the monotonic counter is the primary anti-reuse mechanism.
MIFARE DESFire EV1: 2–8 KB EEPROMEEPROMNon-volatile memory technology retaining data without powerView full →, AES-128 (and 3DES), ISO 14443ISO 14443Standard for contactless smart cards at 13.56 MHz (Types A and B)View full →-4 (T=CL) command set, flexible multi-application file system with up to 28 independent applications and separate AES key sets. The first DESFire generation to provide AES — widely deployed in transit, campus, and corporate access control systems globally. AuthenticationAuthenticationIdentity verification of NFC tags/readers via passwords or cryptographyView full → is reader-initiated mutual AES, providing cryptographic security that 32-bit passwords cannot approach.
Key Differences
- Security: DESFire EV1's AES-128 provides cryptographically sound protection. Ultralight EV1's 32-bit password can be bruted in seconds on a targeted reader.
- Multi-application: DESFire EV1 supports up to 28 independent applications with separate AES keys. Ultralight EV1 is a single-application NDEF tag.
- Memory: DESFire EV1 offers 2–8 KB vs Ultralight EV1's 48–128 bytes.
- NDEF / NFC Forum: Ultralight EV1 is Type 2 NDEF compatible natively. DESFire EV1 requires NDEF application setup with a dedicated configuration step.
- Cost: Ultralight EV1 at $0.05–$0.12 vs DESFire EV1 at $0.50–$1.20 — a 5–10x premium for AES security.
- Transaction complexity: DESFire EV1 requires ISO 14443-4 T=CL with AES challenge-response — more reader complexity and software overhead. Ultralight EV1 is simple ISO 14443-3A read/write with no mutual authenticationmutual authenticationTwo-way identity verification between reader and tagView full →.
- Card lifetime: DESFire EV1's write endurancewrite enduranceMaximum write/erase cycles before memory degradation (typically 100K)View full → of 500,000 cycles vs Ultralight EV1's 100,000 cycles supports longer card lifetimes — relevant for multi-year transit cards.
Technical Comparison
| Parameter | MIFARE Ultralight EV1 | MIFARE DESFire EV1 |
|---|---|---|
| NFC Tag Type | Type 2 (ISO 14443-3A) | Type 4 (ISO 14443-4) |
| User memoryUser memoryTag memory portion available for user data storageView full → | 48 or 128 bytes | 2 KB / 4 KB / 8 KB |
| Security | 32-bit password | AES-128 + 3DES |
| Multi-application | No | Yes (up to 28) |
| Monotonic counter | Yes (hardware 24-bit) | Via value files (AES-protected) |
| Clone resistance | Low | High (AES required) |
| NDEF native | Yes | Requires application config |
| Data rate | 106 kbps | 106 / 212 / 424 kbps |
| Data retention | 10 years | 10 years |
| Write endurance | 100,000 writes | 500,000 writes |
| Unit cost (volume) | $0.05–$0.12 | $0.50–$1.20 |
| ISO 14443 level | Level 3 | Level 4 |
| Common Criteria | None | EAL4+ |
Use Cases
MIFARE Ultralight EV1 is appropriate for disposable or limited-use transit tickets, event wristbands, and loyalty stamps where the token is discarded after use and cost per unit drives the decision. The hardware counter provides use-limit enforcement without requiring AES value decrement logic.
MIFARE DESFire EV1 is appropriate for long-lived cards requiring AES security: transit smart cards, campus cards, corporate access — where the card is carried for months or years and where compromising sector keys would have real financial or security consequences. Its 500,000-write endurance supports years of daily tap transactions.
Verdict
Ultralight EV1 is the correct choice when a low-cost, short-lived token with a monotonic counter is sufficient and the entire system (tags and readers) is controlled by the operator. DESFire EV1 is the correct choice when AES-authenticated, long-lived, multi-application security is required. The 5–10x cost premium for DESFire EV1 is justified in any deployment where Crypto-1Crypto-1Broken proprietary cipher in MIFARE Classic (reverse-engineered 2008)View full →'s broken-cipher problems (Classic series) or 32-bit password weakness (Ultralight series) create unacceptable risk — particularly for long-lived cards that remain in circulation for years.
おすすめ
Choose MIFARE Ultralight EV1 when you need improved Ultralight with password protection; choose MIFARE DESFire EV1 when you need flexible file system with strong encryption.