NTAG 424 DNA vs MIFARE Ultralight EV1
NTAG 424 DNA offers 256 bytes memory with AES-128 + SUN authentication security, making it ideal for product authentication, anti-counterfeiting, secure access. MIFARE Ultralight EV1 provides 128 bytes with 32-bit password security, suited for limited-use transit tickets, loyalty tokens.
NTAG 424 DNA
MIFARE Ultralight EV1
NTAG 424 DNA vs MIFARE Ultralight EV1
NTAG 424 DNA and MIFARE Ultralight EV1 occupy opposite ends of the NFC security spectrum. Ultralight EV1 is the lowest-cost transit-grade chip with basic password protectionpassword protection32-bit access control for memory areas (plaintext transmission)View full →. NTAG 424 DNA is the most advanced consumer-accessible NFC authenticationauthenticationIdentity verification of NFC tags/readers via passwords or cryptographyView full → chip, delivering AES-128 cryptographic verification on every tap. Understanding their capabilities clarifies why authentication-critical applications require the premium.
Overview
MIFARE Ultralight EV1 provides 48 or 128 bytes of user memoryuser memoryTag memory portion available for user data storageView full → with a 32-bit password, an OTP (one-time programmable) area, and a monotonically incrementing NFC counter. It is designed for limited-use transit tickets where cost per tag must be minimal and the read infrastructure is controlled (i.e., you own both the tag and the reader).
NTAG 424 DNA stores 256 bytes of AES-128 encrypted data in three files. Each tap generates a unique SUN (Secure Unique NFC) message — a URL with an embedded AES-128 MAC and optional encrypted mirror of the tag UID and read counter — that can be verified by a backend server without any app on the user's phone. The tag cannot be cloned without the AES key.
Key Differences
- Cryptographic strength: Ultralight EV1's 32-bit password can be bruted in seconds on a custom NFC readerNFC readerActive device generating RF field to initiate communication with tagsView full →. NTAG 424 DNA's AES-128 key cannot be bruted in any practical timeframe.
- Clone resistance: Ultralight EV1 tags can be cloned cheaply with off-the-shelf tools that copy the UID, counter value, and data. NTAG 424 DNA's SDM-SUN MAC changes every tap and cannot be replicated without the AES key.
- App requirement: NTAG 424 DNA verifies via a URL redirect — any NFC phone taps the tag, gets a URL, and the server validates the MAC. No app required. Ultralight EV1 counter-based verification requires a reader app to check the counter server-side.
- Memory: Ultralight EV1 offers 48–128 bytes. NTAG 424 DNA offers 256 bytes.
- Counter behavior: Both have a monotonically incrementing NFC counter. In 424 DNA, the counter is AES-authenticated in the SUN MAC. In Ultralight EV1, the counter is unauthenticated — a reader can present a manually-set counter value.
Technical Comparison
| Parameter | NTAG 424 DNA | MIFARE Ultralight EV1 |
|---|---|---|
| NFC Tag Type | Type 4 (ISO 14443ISO 14443Standard for contactless smart cards at 13.56 MHz (Types A and B)View full →-4) | Type 2 (ISO 14443-3A) |
| User memory | 256 bytes | 48 or 128 bytes |
| Security | AES-128 + SDM/SUN | 32-bit password |
| Clone resistance | Very high | Low (UID + data copyable) |
| Authenticated counter | Yes (in SUN MAC) | No (unauthenticated) |
| App-free verification | Yes (server-side URL validation) | No (requires reader app) |
| NDEF | Yes | Yes |
| Data rate | 106 kbps | 106 kbps |
| Data retention | 10 years | 10 years |
| Write endurance | 500,000 writes | 100,000 writes |
| Unit cost (volume) | $0.25–$0.60 | $0.05–$0.12 |
| Common Criteria | EAL4+ | None |
Use Cases
MIFARE Ultralight EV1 is appropriate for: - Single-use or limited-use transit tickets in closed reader infrastructures - Low-value coupons and loyalty tokens where cloning risk is acceptable - Event tickets where the counter prevents reuse and the reader validates server-side
NTAG 424 DNA is appropriate for: - Product authentication on luxury goods, pharmaceuticals, and electronics where cloning must be cryptographically impossible - Anti-counterfeiting programs requiring server-side SUN verification via standard browser - Any scenario where consumers tap with their own phone and the backend must distinguish genuine from cloned without a custom app
Verdict
If cost and simplicity define the requirement, MIFARE Ultralight EV1 is the transit-grade minimum. If security against cloning and spoofing is required — particularly for consumer-facing brand protection — NTAG 424 DNA is in a different class entirely. The AES-128 SUN message system represents a qualitative leap over password-based tags and justifies its 3–5x price premium in any application where counterfeiting has real cost.
Öneri
Choose NTAG 424 DNA when you need dynamic URL authentication without an app; choose MIFARE Ultralight EV1 when you need improved Ultralight with password protection.