WOT Fire & Security Group Innovations Team have recently been focusing their research on access control and card technologies. The primary goal of this research was to analyse the differences between these technologies, to ensure we are providing the most secure access control solution to our clients.
The findings were extremely interesting, the topics explored include:
- Proximity Cards
- MIFARE Cards
- Wiegand Protocol
- OSDP Protocol
- Mobile Credentials
- Access Control Card Cloning
- The Future Of Secure Access Control
- Conclusion – Our recommendations
Proximity cards are a low frequency (125KHz) card type with no encryption, these are used for simple access and solely hold a user and site ID for authentication. These cards are embedded with a microchip which is provided to the reader, allowing the reader to identify the unique code that will enable the user access to an area of the building.
The reading process of proximity cards is enabled by radio frequency fields which provide just enough energy within the card to allow it to provide the unique code to the reader.
MIFARE cards were the upgrade to proximity cards, with many different versions available. Due to the RFID chip being very small, it can be embedded within cards, wristbands, fobs, phones and a number of other devices.
They are high frequency cards (13.56MHz), using encryption keys to keep information safe by using the Crypto 1 algorithm and offering a higher card ID number capacity. MIFARE DESFire cards contain a full microprocessor, along with much more robust security features and use 3DES and AES hardware cryptographic engines for securing transmission data. These cards are fully NFC (Near Field Communication) capable.
In conjunction with having the correct access control card technology, it is also essential that the correct wiring is in place from a reader to its controller. The Wiegand protocol is a simple two-wire interface, this provided a simple and reliable choice for many years in access control but lacks the security for todays’ systems, having only 28 bits to work with. When using Wiegand, you are restricted to a limitation of 152m distance between a reader and controller. It works one way in sending a signal only from a reader to a controller and with access to the cabling, it can create the vulnerability of a replay attack.
The OSDP Protocol (Open Supervised Device Protocol) is a communication standard that implements the first secure connection method with high-end AES-128 encryption. This tackles the challenge of providing a secure and reliable access control system. OSDP supports two-way communication between the reader and controller and can do so at a maximum distance of 1200m. To add further security precautions, the wiring is monitored to protect against threats of various attacks.
Mobile credentials for access control is a probable direction that organisations will take in place of traditional ID cards. This is clear because smartphones already have three authentication parameters making it a plausible option. With smartphone authentication the devices use RFID tag, PIN and biometrics. Built-in multi-factor verification demonstrates how smartphones are being favourable in the future of access control.
Access Control Card Cloning
Access control card cloning is a security flaw which can lead to unauthorised access and can create serious vulnerabilities. With the lack of encryption on Proximity cards, they are easily cloned using equipment worth no more than £10. Whilst this is old news for hackers, there are still many within the security community who have not taken this vulnerability seriously. With tutorials readily available online and cloning equipment available from the likes of Amazon and eBay, it is easier than ever to clone proximity cards.
MIFARE Classic cards, which are still widely in use, are also susceptible to being cloned. MIFARE’s NFC capabilities make it possible to clone cards using a smartphone and free smartphone applications. This in fact makes MIFARE Classic cards just as vulnerable than Proximity cards when it comes to cloning. With no more than a minute’s physical access to a card, a copy can be made and saved. This can then be used in the future and distributed to any number of blank MIFARE Classic cards.
The Future Of Secure Access Control
Today’s technologies intimate that either NFC or Bluetooth readers will be used in place of traditional card readers. NFC is now widely used in smartphones but not all phones use this technology (iPhone 5s and earlier), so this would need to be considered when users have an incompatible smartphone. Bluetooth in this regard is the better choice for reliability. NFC uses less power but creates a restriction whereby the smartphone device needs to be much closer to the reader, just like a proximity card. This prevents the smartphone from being unknowingly read because of the short-read range.
Bluetooth readers can provide various read ranges and can be set to require a close tap just like an NFC reader. Bluetooth readers can have a read range from an inch to 15 feet. An NFC reader, like most readers, must be mounted on the unsecure side of a door. A major benefit of Bluetooth readers is their ability to be mounted on the secure side of a door because of their longer read range. This advantage helps to prevent the risk of tampering. However, for the system to work, the Bluetooth device must be connected to the internet. Overall it would seem that Bluetooth is the future of access control, as it is both a flexible and secure solution.
In summary, our findings are that current access control systems should consist of OSDP wiring and MIFARE DESFire readers and cards, these provide the most secure solutions available. Proximity, MIFARE Ultralight and MIFARE Classic cards should be used with caution as they are all at risk of being cloned for unauthorised access. In the future Bluetooth should also be explored further, as it may be the upcoming technology of choice for an efficient access control system.