Secure Credentials with Verkada MIFARE DESFire EV3

Cutting-edge technology is at the heart of the Verkada platform, shaping the products as well as the partnerships we forge with other technology companies. When it comes to our Access Control offering, we are constantly working to build a solution that is flexible and easy to use for our customers, while maintaining the highest security standards.

Physical keycards are a staple of many access control deployments, but traditional proximity cards can pose security risks. Verkada’s MIFARE DESFire EV3 cards, leveraging cutting-edge smart card technology developed by NXP Semiconductors, combine the convenience of physical access credentials with the high level of security that all organizations should expect. 

Below, we dive deeper into the security mechanisms of MIFARE DESFire EV3, explaining why it is a trusted choice for secure access control, and how Verkada has implemented the technology to secure our door readers.

Key Security Features of MIFARE DESFire EV3

As the latest addition to the DESFire family, it builds upon its predecessors with faster transaction speeds, greater flexibility, and - perhaps most importantly - enhanced security features, such as:

1. Advanced Cryptography

The EV3 supports AES-128 encryption, providing robust security against modern cryptographic attacks.The card also supports cryptographic diversity by enabling multi-application designs, each with its own security keys and settings.

2. Mutual Authentication

MIFARE DESFire EV3 employs mutual authentication between the card and reader. Both parties validate each other using cryptographic keys before any data exchange occurs. This ensures that only authorized devices can communicate with the card, reducing the risk of unauthorized access.

3. Secure Messaging

The EV3 supports secure messaging protocols to protect data integrity and confidentiality during communication. Secure messaging ensures that sensitive data is encrypted and authenticated to help prevent interception or tampering.

4. Enhanced Anti-Tampering Measures

MIFARE DESFire EV3 incorporates anti-tearing mechanisms, supporting data integrity even in scenarios where a transaction is interrupted. The card’s physical and electronic tamper-resistance measures protect against attacks aimed at extracting or modifying sensitive data.

How Verkada Manages Keys to Minimize Risk 

Verkada has adopted MIFARE DESFire EV3 in its access control solutions to provide leading security for modern enterprises. The implementation involves numerous cryptographic keys that are dynamically rotated, minimizing the risk of compromise. If a key is ever at risk, Verkada can quickly rotate the key to enable continued security.

Additionally, Verkada uses static keys to support integration with wireless lock partners like Assa Abloy and Allegion. These static keys, reserved for use with Assa Abloy and Allegion wireless locks, are shared with customers and partners who have deployed these locks in order to ensure compatibility of Verkada MIFARE DESFire EV3 credentials. These static keys for third-party wireless locks are separated from the rotating keys used for Verkada’s own readers, and are not shared outside of Verkada and our credential-manufacturing partners, thus strengthening overall system security.

Providing Secure, Reliable Access Control 

By combining AES-128 encryption, mutual authentication, and secure messaging, Verkada ensures access credentials are protected against cloning, interception, and unauthorized use. This robust approach highlights Verkada’s commitment to delivering secure and reliable access control systems for organizations around the world.

To learn more about our EV3 credentials, please consult our datasheet.