Comparison between Mifare Classic and Mifare Plus S/X

Comparison between Mifare Classic and Mifare Plus S/X

Due to my personal reason, I need to dig deep into the specification of the three kinds of card for comparison.

1. Mifare Classic 1K

Mifare 1K card architecture

1) Memory Structure
16 sector, every sector contains 4 block: the first 3 block are value blocks, the last block is sector trailor where store the 4 block access condition, Key A and Key B.

2) Memory operation
3 Pass authentication with Key A and/or Key B is needed before any memory operation: read/write/transfer/increment, etc.

2) Security
Keys are fixed in their blocks.
In the 3 pass authentication, card generate a random number to reader, the reader calculate a response based on the key, random number and an additional input. Then together with the response, the reader generate a random number as challenge to the card, the card verifies the response, then also calculate the response and send to the reader. The reader verifies the response.
After the 3 pass authentication, the reader can access the memory location and operate the memory.


2. Mifare Plus S/X
Mifare Plus is an alternative of Mifare Desfire in case of required migration from Mifare Classic to Mifare Desfire. See the feature below for the architecture of a Mifare Plus card.

1) Memory Structure
The memory structure of Mifare Plus is no difference from Mifare Classic--fixed memory.

2) Memory Operation
A special feature of Mifare Plus is the Multi-sector authentication, and Multi-block read and write which provide a leap of communication speed-- Up to 848kbps!

Reading along, you will find that different level of security has different rule of memory operation!

3) Security
The significant difference lies on the security mechanism:

Mifare Plus as a card type offer three/four(Mifare Plus X) kind of security levels of operation.
If the card is configured as Level 1, it appear no different form Mifare Classic in normal usage: memory operation controlled by key A/B and access condition lies in between.

If the card is configured as Level 2, which is only available for Mifare Plus X, AES authentication is mandatory and that the CRYPTO1 keys are derived for each session using the results from the AES authentication, rather than being constant for a specific sector

If the card is configured as Level 3, the 3-Pass authentication before any memory operation is based on AES, after that, data manipulation commands is also secured by AES encryption based MACing method.

#edit on 2013-Dec-2
One more security level I am going to introduce to you, is security level 0.
Security level 0 is the initial delivery configuration of the Mifare Plus.
In this level, all you can do with the card is originality and update AES key. The Originality function is used to verify a card as the real the Mifare plus card. The later function is to first define the 4 essential key to any other operation, like switching to next level.
Having understand the aforementioned 4 security levels, you should find no difficulty understanding the following memory operation flow for the four SL chart.

More information about the 4 security levels of Mifare Plus:
http://tech.springcard.com/2011/mifare-plus-in-a-nutshell/

and of course specification from
http://www.mifare.net/en/products/mifare-smartcard-ic-s/mifare-plus/

Comparison of Mifare Desfire EV1 to be shared later.

Card Technology--Card application design

Capture the Smart Card Technology Class in 13th.

Smart card application.
This class we talked about the life cycle of a Smart card application.

1. System purpose
2. System requirement
3. Software requirement and specification
    Software specification is actually link with your hardware specification, hardware specification is the card specification. First what card do you use?
    For example, software for Mifare Classic, Mifare Plus, Mifare Desfire card can be very different.
    Here is a comparison of these three types of cards:
 

 

*Copy right of NXP

The fundamental different? Desfire is a CPU card, the card is based on microprocessor and embedded with a card operation system--the Mifare DESFire operating system, it is like a micro-computer with an dedicated OS. While the Mifare plus and classics are classic smart card--card with embedded integrated circuit chip. 

Mifare one is a static filing structure, that means the file is stored in a fixed location which can be found on the main directory file. The access condition is quite straight forward, either you match on of the key of the field, either you match both of the key. On Mifare Desfire, the files are allocated according to application and each application can control its data file access condition. 

Besides, Mifare DesFire allows a whole more application level, data level commands then Mifare Class, offering a secured, and stronger platform for vendor and card issuer to integrate multiple applications.

Unlike PC industry which is dominated by one or two giant company, card industry offer various card type(technology), and card operation system, which has a strong link with the software on top. Card system designer should consider which card technology is applied when then design the system.

4. Development Model

Moving forward, the professor talked about the software development models: the straight forward but not neccesarily most efficient one—linear development model; The most familiar one---V model; The model widely used in R&S—prototype development model; The most popular commercial use model---Evolutionary and incremental model.

Talking about the development model, the professor mentioned the software development experience in his university. “The most important one is, you will adapt which development model, and why? You need to argue.” This is not only related to your product/project, actually it involves a corporation level topic: which model allows the best benefit for the corporation?

 For example, the most economic one should be the evolutionary model because it improves the system progressively, this can keep the risk, man power, time cost down. Of course if the requirement does not change a lot you can just modify the current system, but if the requirement change a lot, or you want to pursue higher efficiency/performance system, you may need to start over and the development model should fall within linear or Vmodel.

So actually there is no “best model”, different development model suit different situation.

Wanna know more about Mifare? Check the below website out:

Classic: http://www.nxp.com/products/identification_and_security/smart_card_ics/mifare_smart_card_ics/mifare_classic/

Desfire: http://www.nxp.com/products/identification_and_security/smart_card_ics/mifare_smart_card_ics/mifare_desfire/

Master Programme

Finally I have get back here.

First of all I have to say something personnel, that's ,I really wonder if I should pursue a master degree.

Date back to 13th, when I was in the "smart card technology" class, the professor share his experience in university and work. That inspired me. I would capture the several memorable points as below:
1. Some student asked me how long I studied in England, just 1 year. Is it really short? I do not understand why it need 3,4years, the phase there is fast. It does not mean you learn fast like swallow everything, but it move fast.

2.For me, what you should learn in the university is how to sharpen your thought. When others follow the old route being stuck in the mud, you have another thought, say "hey it should be like this!"

These two points, together with the credential master degree I want to get from a university. I came home, and thought, what major should be pursue? When? Where?
And I found out that since my job here does not allow me to use my creativity, I feel tortured.

I shared my feeling with my friend, who is a supplier of another subsystem.
I explained him why I feel tortured, and how I want to study again. He said that "If you think this way, I am afraid you cannot learn much from your master programme as well."
So I reconsider what can I learn and how can I use my creativity in my life.

I lists out the class I would have take in my master programme:
1. Project management
2. System Design
3. English Correspondence
4. Communication and Information
5. Software Engineering
6. Programming
7. Database and data analysis
8. Entrepreneurship
9. Card Technology
10. Professional Conduct
11. Japanese

Why you think you cannot use your creativity? Yes, your creativity may not be noticed yet, but you can always use your creativity to create something, for yourself to make yourself outstanding, earn a lot, so on. Your influence to other may not be big now, but you will as time being.
So start from: 1.Blog(output what you learn, understand) 2. Personal development plan 3. Homework

What can stop you from learning and creating actually? Only your instinct: Laziness and forgetfulness.
What you want is you can make good living in every places: Knowledge and ability to gain knowledge, Network and ability to establish network, Ability to manage people

To my questions: When, Where, What do I pursue my master degree, I cannot answer yet. I need some more input and more thinking.

Install Oracle-from the begining 2

Continue from the failure yesterday.

I knew it would not go smooth.

Since the file image copied from cpttm is for 64bit, however, since my desktop only support 32bit application, I have to download the Oracle Linux for 32bit, but what follows is worse...the initial parameter setting may vary from the one for Oracle Linux x86-64bit. OK, but I need to fixed it anyway!

After dowloading the Linux ISO file, I installed the Linux OS into my VM. And, I found another problem, I actually download the Oracle Linux 6 while what I learned from the cpttm is Linux 5...well so basically I cannot follow the note given by Ken.

THe installation indeed is different from Linux 5 in which require a lot of settings. For Linux 6, I can hardly choose anything. There is one I had not configured in Linux 5 before, is the software, application type of the OS. Whether it is a basic server? database server or mail server. As this is used for Oracle, I chose database server, but then I found something wrong, the database software in the next step is MySQL!? Then I found out from the internet that database server is to configured a MySQL server, while basic server is for Oracle softeare. Odd name! On the same page, you can customize the software in the OS. In contrast to my instinct to follow the default setting, I click in the customized software setting and see what kind of application I can choose. There are a lot of tools: network tool, basic function...and X Window. 

X Window? soemething like Windows? No applicable for this Linux right? So I did not choose it.

After I finished the installation of Linux, it remains in the typical CLI HMI. Even after I logged in as root successfully, it just stayed there. What should I do with it?

As searched from the web, the command "startx" should put me to Linux desktop GUI, where I am familiar with. However, when I enter the command "startx" it returned "command not found". Afterward I found out that it is because I did not check X window application when I customize the application on my Linux.

So actually X Window has nothing to do with MS Windows, it is a GUI system in Linux. Based on WIKI:

X provides the basic framework, or primitives, for building such GUI environments: drawing and moving windows on the display and interacting with a mouse, keyboard or touchscreen. X does not mandate the user interface; individual client programs handle this. Programs may use X's graphical abilities with no user interface. As such, the visual styling of X-based environments varies greatly; different programs may present radically different interfaces.

Since I exclude X windows in the Linux, the startx command cannot be recognized by the system. I then chose the most stupid way: reinstall the Linux. This time I checked all the application available, then after I logged in as root, the GUI appear. OK, I can start the configuration eventually,

To be continue.

Install Oracle-from the begining

Today I actually did not learn much.

I tried to install a Oracle into my office computer, but fail, I have expected failure in the installation, since there are many layers of platform needed to be configure to enable the Oracle database installation.
That comes:
1. Window OS
2. Vmplayer
3. Oracle Linux(need to maunally configure)
4. Oracle RAC ( can skip)
5. Oracle server software
6. Oracle database
7. SQLplus

Every layer have their own challenge and difficulty for me as an entrance of IT.
This morning, I tried to put the image of VM and Linux into my desktop in the office, but it turn out that the Oracle Linux in cpttm is X86_64, but my desktop use X86_32bit.

Actually the computer CPU is X86_64, but somehow the software installed on the desktop are running 32bit. When I run the 64bit Linux, it prompted a message that the long mode is not supported in my desktop, then all the application of 64bit will not be able to run in that VM. Then another error came, the VT-X of the host is supported but disabled.
Then comes the question, what is VT-x? How to enable this feature?
VT-x is the hardware visualization technology of intel. To quote from Wiki:

 It allows multiple operating systems to simultaneously share x86 processor resources in a safe and efficient manner. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of virtualization support while attaining reasonable performance.

The VT-X is a rather low level technology. To enable the Vt-x, you need to access BIOS configuration to enable the usuallly disabled feature. The readhat linux detailed the procedure to enable thi feature:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-Virtualization-Troubleshooting-Enabling_Intel_VT_and_AMD_V_virtualization_hardware_extensions_in_BIOS.html

But before you set your foot to this low level setting, a go-through on the basic computer theory is very help for your understanding of what happen in the configuration:
http://linux.vbird.org/linux_basic/0110whatislinux.php


To be continued.

Oracle Installation 1

Sunday again, it is the exiting Oracle class that takes me one whole day.

What's there?
1) Oracle memory structure
2) Oracle EM
3) About the error Ora-01031: Insufficient Privileges

The course today is mainly talking about the element field of the oracle instance. Then in order to shows us the more concrete memory consumption of an oracle instance, Ken showed us the Oracle enterprise management panel. After that, he came back to chapter 2,3,4 of the textbook which is about installing Oracle database instance. Since we have already gone through the installation in the previous two weeks, it should not be a big problem, however, when I switch on the instance that was built in the pre-installed database software based on RAC. I could not startup the database---due to error Ora-01031: Insufficient Privileges. I have been searching for solution against this problem and find several solution. However, this solution cannot be verified now, so I would better put it down here for my own reference next week.

1) Oracle instance can be a complicated one, it contain two main part: SGA(physically RAM) and processes.

Here lets recall how what is an instance: an instance is serial of instruction that enable user to operate a database. Without an instance, a database, simply speaking, is a group of data that you cannot make use of. 
So instance is the tool you can move the data between disk and SGA, and manipulate it into something meaningful and useful by those instance process. A more accurate and official definition is:

An instance is a set of memory structures that manage database files. The instance consists of a shared memory area, called the system global area (SGA), and a set of background processes.

SGA contains a lot of share pool, database buffer cache, redo log buffer, and other small area like stream cache. Database buffer cache usually take up 2/3 of the RAM given to an instance, because it is the area to store the data taken from the disk. The data from the actually database should first be moved here for user's usage. Therefore, it should be big enough to store the data, in order to lessen the read/write of the hard disk.
The data updated by the user will be kept in the database buffer cache until a certain time, then all the changed data(called dirty block) will be written to the disk as a permanently modification on the data. This predefined time should not be too short in order to maintain database efficiency. The reliability of the modification of data lies on the other area: redo log buffer.
The redo log buffer takes up a rather small area in SGA, in most of the time, the log stored here will be recorded into the disk in a very short time. 

This mechanism enable the reliability of the database operation---most the misdo should be able to be recovered by the redo log---at the same time ensure the efficiency of database operation. Most of the read operation is implemented between database buffer cache and disk, while most of the write operation is implemented between redo log cache and disk. It lessen the time for collision operation in read and writing data.

2) Oracle Enterprise Manager

All the above are sentence on the book, how about an example? This can be shown in the Oracle Enterprise Manager. Oracle EM is a web-based control panel of an instance which turns out to be a very power tool for a dba. In the Oracle EM, you can check the status of an instance, and schedule jobs on the instance. 
How to turn on the EM? You can easily gain access of the EM by entering a line of script into the terminal:
emctl start dbconsole The terminal will return a URL that can direct you to the EM.
Open the webpage, login using "sys" and sysdba password with "SYSDBA" as operator, then you can access to the EM panel.
But I have failed to login, it keeped return to me that cannot login. I tried many combination of acc and password, but still failed! Then I realize that my instance is not started up yet. So I started up the database:

sqlplus sys/oracle as sysdba
SQL>startup. 
SQL> database mounted.

Tried login the EM as sys again, success!

3) About the error Ora-01031: Insufficient Privileges

The error returned in when I tried to startup an instance that was installed in the database software on the Oracle Cluster. The error, I assume, is caused by some wrong setting during the installation since I was quite confused when I installed the database software on the cluster, and might mess up some parameter setting.

The script goes like:

lsnrctl start;
sqlplus sys/oracle as sysdba
SQL> startup;
SQL> Ora-01031: Insufficient Privileges

So, it is telling that the user "oracle" has no privilege to startup a database.
Have a preliminary search for the reason, it could be because the oracle is not inside the group "dba".
To verify this, I went to the system>user and privilege panel, and fond that the user group indeed is different from a workable database setting, or more accurately, it is an OS setting.
In the OS with error, there are only two groups: dba, oinstall, while the oinstall is the primary group of the user "oracle". But the other one are configured with four groups: dba, oinstall, sysadmin, sysopera.

I have found many solution on the internet solving the problem, yet the following two post should be the most explanatory ones:

1. http://www.dba-oracle.com/t_ora_01031.htm
2. http://askdba.org/weblog/2008/05/ora-1031-as-sysdba/

Need to verify next Sunday.

There was an opportunity in front of me today, but I could not catch it, because I am not competent-- I get to reconsider what I can do to catch and attract opportunities to me.
Opportunities, though can be attracted by your ambition and appearance, can only be caught by the value to can create.

2013/11/10

letsgettheretogether

Hello World.

It's kind of funny here. What's funny about it? I am gonna tell you later.

This is my first blog, aiming to share my view, creating spark, deepen my understanding of the world and knowledge, refining my logical thinking( I assume all of the passage here follow a robust logical structure), improving my English composition skill.
It is not a blog storing my own thinking in the sake of expressing myself only, it is a blog where I want convey an idea to the world.

How I make it happen?
I will blog, everyday, what I learn, what I understand, what I observe from my life. Since I have this duty, my observation and reading is not only a simple process of taking in information, but them will transfer into part of my knowledge organization, that comes out with my own type and understanding. They are mine now. I am going to share my knowledge with you, you are most welcomed to ask question, to discuss or to argue with me. Through discussing and sharing of understanding, we will both broaden our understanding, and deepen our knowledge. That's why the domain name here is "let's go there together."

But why "letsgettheretogether2"? That's why I said funny.
I think this name is odd enough to be an usable domain name, but it turned out that this domain name is already used! I was very excited to see what kind of blog it is to take this name, but unfortunately this blog is already removed.

Let's stop here, or, let's start here.