Apologies if this reply seems a little pedantic; your reply is mostly correct, but there are some large shortcuts.
MIFARE is not a card type, it's more a family of cards in the 13.56MHz space, produced by NXP.
There are multiple cards under the banner of Mifare, including:
- Mifare Classic 1/4k - UID + Storage space, with individual keys and crypto. Suffers/ed from multiple vulnerabilities. Used mainly in cheaper hotel access systems, gym cards, etc etc. Can be secure, if your security layer relies on strong crypto on card contents, as opposed to the crypto of the card itself. There are no counters in Mifare Classic.
- Ultralight / Ultralight-C / Ultralight EV1
These cards are low cost, reduced storage space, and are / were conceived specifically for the transport industry. They have 'one way' counters that can be used to deduct 'credits' - but these can't be re-written - so they fulfill the task of discardable tickets.
- Mifare DESFire 3DES / EV1 / EV2
The EV2 is the latest generation - ID + Storage + "Applications", with AES encryption. The 3DES was cracked with side-channel power analysis (like the items in this article) - but the EV2 has no practical attacks to this day.
Information aside, most transport systems do not store value on the cards, but allow for offline use by forcing sync the next time the card passes by an online system - IE, limited trust.
Thanks for the explanation! Regarding the storing value on the card, one notable deployment that does work like this is the London Oyster card. These were first rolled out in 2003, so getting a reliable internet connection everywhere they were used wasn't possible.
When you topped up online (I haven't lived in London for a few years, so don't know if it still works like that) you had to select which station your top up would be applied to, then overnight that station would download a list of topups, and apply it to your card when you touched in or out next. So at the time there was no real time connection to a centralised database.
MIFARE is not a card type, it's more a family of cards in the 13.56MHz space, produced by NXP.
There are multiple cards under the banner of Mifare, including:
- Mifare Classic 1/4k - UID + Storage space, with individual keys and crypto. Suffers/ed from multiple vulnerabilities. Used mainly in cheaper hotel access systems, gym cards, etc etc. Can be secure, if your security layer relies on strong crypto on card contents, as opposed to the crypto of the card itself. There are no counters in Mifare Classic.
- Ultralight / Ultralight-C / Ultralight EV1 These cards are low cost, reduced storage space, and are / were conceived specifically for the transport industry. They have 'one way' counters that can be used to deduct 'credits' - but these can't be re-written - so they fulfill the task of discardable tickets.
- Mifare DESFire 3DES / EV1 / EV2 The EV2 is the latest generation - ID + Storage + "Applications", with AES encryption. The 3DES was cracked with side-channel power analysis (like the items in this article) - but the EV2 has no practical attacks to this day.
Information aside, most transport systems do not store value on the cards, but allow for offline use by forcing sync the next time the card passes by an online system - IE, limited trust.