by Scott Lindley
Radio frequency identification (RFID) devices are typically used as proximity or smartcard identification in tracking and access control systems. These systems operate on the assumption the token is in close proximity to the reader because of the communication channel’s physical limitations. However, current RFID devices are not suitable for secure identification. They can be subject to skimming, eavesdropping, and relay attacks. An attacker can fool the system by simply relaying the communication between the legitimate reader and token over a greater distance than intended. As these facts become better known, there has been a drive by security directors to overcome such shortcomings.
Wiegand is the industry-standard protocol commonly used to communicate credential data from a card reader to an electronic access controller. In the past, it was considered inherently secure due to its obscure and non-standard nature. No one would accept usernames and passwords being sent in the clear, and they should not accept vulnerable credential data. ID harvesting has become one of the most lucrative hacking activities. In these attacks a credential’s identifier is cloned or captured and retransmitted via a small electronic device to grant unauthorized access to an office or other facility. When selecting the doors hardware and electronic safety and security systems permitting access control in buildings, design professionals should be made aware of the larger issues.
Threats
In considering any security application, it is critical the building owner, facility manager, or tenant realistically assess the threat of a hack to the facilities. For example, if access control is merely a convenience over the alternative of a physical key there is a reduced risk the end user will be hacked. However, if the end user perceives an imminent threat to the facility due to the nature of work, product, or storage method, and the facility uses an access system as an element to the overall security system, they may be at a higher risk and should consider hacker mitigation methods.
Just as we have become aware of criminal skimmers altering ATM infrastructure, card holders should avoid presenting access control credentials to any readers that appear to have been tampered with. These same card holders should also be encouraged to quickly report any suspicions or access control system tampering—including instances involving either the access control readers or access credentials—to the facility’s security and management teams.
Skimming occurs when the attacker uses a special reader to access information on the victim’s RFID token without consent. The attacker has the ability to read stored information or to modify information by writing to the token. This means he or she can control when and where the attack is performed. In practice, the attacker’s main challenge is to increase the operational range by powering and communicating with the token over a greater distance, as the owner may become suspicious of somebody in his personal space.
An eavesdropping attack occurs when the attacker can recover the data sent during a transaction between a legitimate reader and a token. This requires the attack to be set up in the vicinity of a likely target. The attacker needs to capture the transmitted signals using suitable radio frequency equipment before recovering and storing the data of interest. The degree of success the attacker achieves depends on the resources available. An attacker with expensive, specialized RF measurement equipment will be able to eavesdrop from a further distance than one with an inexpensive, homemade system. Still, the attack is a viable threat either way.
RFID systems are also potentially vulnerable to an attacker relaying communication between the reader and a token. A successful relay attack lets an attacker temporarily possess a ‘clone’ of a token, thereby allowing access to the associated benefits. It is irrelevant whether the reader authenticates the token cryptographically, or encrypts the data, since the relay attack cannot be prevented by application layer security.
The equipment needed to perpetrate the above attacks can be quite inexpensive and is widely available.
Card-based access control system integrity
These threats mean single-factor verification no longer provides the access security that many campus access control systems require. Today, companies want multi-factor verification with what they ‘have’ (i.e. a card) plus what they ‘know’ (i.e. a personal identification number [PIN]). With a combination reader/keypad, access control manufacturers and their integrators can provide companies with a simple, reliable solution for shoring up their system, the combination card reader/keypad.
To enter, individuals present their proximity or smartcard, get a flash and a beep, and enter their PIN on the keypad. The electronic access control system then prompts a second beep on the reader and the individual is authorized to enter.
Another novel way to protect card-based systems is to provide a high-security handshake or code between the card, tag, and reader to help prevent credential duplication. This ensures readers only collect data from these specially coded credentials. In a sense, it is the electronic security equivalent of a mechanical key management system, where the company is the side one with the key. Such keys are only available through the contractor or the integrator chosen for the job. The integrator never provides another organization with the same key. In the RFID scenario, the readers will be able to scan cards or tags and will not be able to scan other cards or tags.
