Manuals+
NXP MIFARE DUOX: Secure EV Charging Access Fact Sheet

NXP MIFARE DUOX: Secure, Contactless Access to Electric Vehicle Charging Services

Fact Sheet

Introduction

NXP's MIFARE DUOX IC is designed for secure, contactless access to electric vehicle (EV) charging services. It integrates both asymmetric and symmetric cryptography on a single chip, offering a cost-effective solution for secure authentication and offline signature validation for end-user authorization on EV charging terminals.

Target Applications

  • Residential Charging (private home)
  • Public Charging (along public roadway)
  • EV Roaming (access to networks from different providers)
  • Workplace Charging (on-site at company premises)

The Challenge in EV Charging Security

Current EV charging infrastructure often relies on contactless smartcards (RFID mediums) for convenience, allowing drivers to start/stop charging, make payments, and track data via NFC taps. While this enhances EV ownership and provides data insights for fleet operators, security is a significant concern.

Vulnerability of Unique Identifiers (UID)

Some charging stations authenticate solely based on the smartcard's Unique Identifier (UID). The UID is a serial number programmed during manufacturing, essential for linking credentials to EV drivers. However, relying only on the UID is vulnerable to fraud, as it can be easily retrieved in plaintext. Hackers can clone cards by copying the UID, leading to unauthorized charging at another driver's expense. This can cause significant financial damage to users. The risk escalates with UID guessing attacks, where fraudsters brute-force numbers close to a known valid UID. Possession of a few valid UIDs allows fraudsters to use devices like RFID emulators (e.g., Flipper Zero, Chameleon Ultra, iCopy-X, Proxmark) to clone credentials.

Limitations of Symmetric Cryptography

To improve security beyond UID-only methods, some systems implement an additional authentication step using symmetric cryptography. This method uses the same key for encryption and decryption, making it robust, fast, and efficient. However, it presents challenges in complex EV charging infrastructures. All parties (charging terminal, smartcard, backend systems) must share the same symmetric key. This requirement complicates key management, especially when scaling to large numbers of entities involved in EV roaming and electricity sharing. Secure key generation, storage, distribution, rotation, and revocation become critical and complex. A single mishandled symmetric key can compromise the entire system.

The Solution: Asymmetric Cryptography and VDE-AR-E 2532-100

Efforts to enhance smartcard security in EV charging have led to standards like the VDE-AR-E 2532-100 application rule, issued by VDE and DKE. This standard promotes upgrading to asymmetric cryptography to prevent unauthorized charging and fraud.

High Security with Asymmetric Cryptography

Asymmetric cryptography offers superior protection and flexibility. It uses a pair of keys: a public key (distributable openly) and a private key (kept confidential). This enables stronger authentication of smartcards and secure digital transactions via digital signatures. Implementing asymmetric cryptography addresses concerns over fraud, counterfeiting, and data integrity, while also opening possibilities for multi-application smartcards (e.g., micropayments, secure car/parking access).

Cost-Effective Upgrade Path

The VDE-AR-E 2532-100 upgrade is designed to be cost-effective for charging system manufacturers. It primarily involves a firmware extension on the charging station's reader, not hardware changes, keeping the bill of materials consistent. This software upgrade allows charging stations to handle asymmetric cryptography, public keys, and certificates for reading and validating dynamic card signatures. The upgrade can be implemented in a backward-compatible mode to accept older UID-based cards. Alternatively, the software extension can reside in the EV charging backend system, simplifying reader upgrades. The transition can be gradual, offering manufacturers flexibility.

Secure User Authentication in Compliance with EV Charging Regulations

To facilitate the implementation of VDE-AR-E 2532-100, NXP offers MIFARE DUOX. This IC combines asymmetric and symmetric cryptography, simplifying key management and enabling fast asymmetric authentication for EV charging. MIFARE DUOX ensures secure NFC-based communication for end-user authentication, promoting interoperability, ease of deployment, and flexibility.

MIFARE DUOX for EV charging adheres to VDE-AR-E 2532-100 specifications, featuring built-in support for authentication and authorization. Its asymmetric cryptography and Public Key Infrastructure (PKI) capabilities enable interoperability between multiple Charge Point Operators (CPOs) and e-Mobility Service Providers (eMSPs). This allows a single smartcard to be used across various EV charging systems, ideal for EV roaming scenarios.

Simplified Deployment with Pre-Configuration

MIFARE DUOX is available as a ready-made product with a pre-configured card structure, including an on-chip application, keys, and certificates for EV charging as per VDE-AR-E 2532-100. NXP pre-loads the required card layout, application structure, configuration settings, and chip-unique asymmetric key pairs and security certificates during manufacturing. NXP acts as the Certificate Authority (CA) for these EV charging certificates and keys. The EV charging root certificate and public key are freely available from the NXP EV Charging CA and can be injected into EV charging reader terminals that support MIFARE DUOX smartcards. This ensures seamless operation within any EV charging infrastructure compliant with VDE-AR-E 2532-100 and its unilateral asymmetric authentication, based on real-time dynamic card-generated signature verification at the reader terminal.

Learn More

For a deeper understanding of the VDE-AR-E 2532-100 application rule for EV charging and how MIFARE DUOX realizes this concept, please refer to the NXP application note.

NXP Application Note

PDF preview unavailable. Download the PDF instead.

MIFAREDUOXEVFS Adobe PDF Library 17.0

Related Documents

Preview MIFARE Ultralight AES Quick Start Guide
A quick start guide from NXP Semiconductors introducing the MIFARE Ultralight AES, its features, applications, and product support package. Covers AES authentication, security, and design-in aspects.
Preview NXP NTAG I²C Technical Product Presentation: Features and Specifications
A detailed technical overview of NXP's NTAG I²C NFC tags, covering dual interface capabilities (NFC/I²C), embedded SRAM, field detection, energy harvesting, memory arbitration, and product support resources.
Preview NXP Secure Smart Card Controller P60D144/080MVA with MIFARE Plus MF1PLUSx0 Certification Report
This document is the certification report for the NXP Secure Smart Card Controller P60D144/080MVA including IC Dedicated Software with MIFARE Plus MF1PLUSx0. It details the evaluation process, security policy, and results according to Common Criteria standards.
Preview NXP BMx7318/7518 Battery Cell Controller ICs for Advanced BMS Solutions
NXP Semiconductors introduces the BMx7318/7518 family of 18-channel Li-Ion battery cell controllers, offering advanced, cost-effective solutions for high-performance and safe Battery Management Systems (BMS) in electric vehicles, energy storage, and 48V applications. Features include high precision, reduced component count, and ASIL-C/SIL2 compliance.
Preview NXP DocStore to NXP.com Migration Guide: User Instructions
This user guide provides instructions for migrating from NXP DocStore to NXP.com, detailing the process, benefits, and how to access secure files and manage access rights.
Preview NXP Power Management Solutions for E/E Vehicle Architecture
Explore NXP's advanced power management solutions for Electric/Electronic (E/E) vehicle architectures, covering compute, zonal, and edge applications. Discover how NXP's semiconductors enable sustainable, safe, and simplified automotive power.
Preview NXP RM00286: HSE_B Firmware Reference Manual for S32K3xx Devices
NXP's RM00286 HSE_B Firmware Reference Manual details the HSE subsystem for S32K3xx automotive MCUs. Covers system architecture, security features, cryptographic accelerators, and usage for developers.
Preview Secure JTAG for i.MX RT1170: Implementation and Authentication
This document details the Secure JTAG feature on the NXP i.MX RT1170 MCU, explaining its security modes, eFuse configurations, and the challenge-response authentication mechanism for secure debugging.