How to Box Hackers Out of Your ID Card Access Control Systems

ID harvesting has made it necessary for security pros to add card encryption to their physical access control systems.

Most security professionals are not aware of one of the leading gateways for hackers to attack their cyber systems.

It’s through their own physical security systems, especially wired cameras or contactless card access control systems.

Let’s consider the latter. When a 125kHz proximity card is powered up by getting in “proximity” of a reader, it immediately begins to transmit a fixed binary code number.

As a result, it’s also possible to use a device that will stealthily power up the card from a distance to read and record its internal data. An attacker can then easily use the card’s information to let unauthorized people in.

Adding to the problem is that Wiegand, the industry standard over-the-air protocol commonly used to communicate credential data from a card to an electronic access reader, is no longer inherently secure due to its original obscure and nonstandard nature. Hence, ID harvesting has become one of the most lucrative hacking activities.

Yet now there is an even bigger problem. To get into IT and critical infrastructure operational technology (OT) systems, hackers simply use the card/reader protocol to enter a facility via the public access computer system (PACS), thereby accessing specific computers. Those computers then act as a gateway to the target’s internal Internet, be it the IT or OT system.

Thus, using the physical access control system, hackers steal sensitive data or program a computerized controller to raise the temperature of a blast furnace to unsafe levels.

One aspect of securing the card’s information is to make the internal numbers unusable; encryption must be applied. To read them, the system needs access to a secret key or password that provides decryption. Modern encryption algorithms play a vital role in assuring data security:

  • Authentication – the origin of a message.
  • Integrity – contents of a message have not been changed.
  • Nonrepudiation – the message sender cannot deny sending the message.

Here is how it works. The number is encrypted using an encryption algorithm and an encryption key. This generates cipher text that can only be viewed in its original form if decrypted with the correct key.

Hackers can gain access to facilities to steal data or cause other harm.

Today’s encryption algorithms are divided into two categories: symmetric and asymmetric.

Symmetric-key ciphers use the same key, or secret, for encrypting and decrypting a message or file. The most widely used symmetric-key cipher is the Advanced Encryption Standard (AES), which is used by the government to protect classified information.

Asymmetric cryptography uses two different but mathematically linked keys — one public and one private. The public key can be shared with everyone, whereas the private key must be kept secret. The RSA algorithm was first described in 1977 by MIT’s Ron Rivest, Adi Shamir and Leonard Adleman. It is the most widely used asymmetric algorithm.

Today, 13.56MHz smart cards are used to provide increased security compared to 125kHz proximity cards. One of the first terms stakeholders will discover in learning about smart cards is Mifare, a technology from NXP Semiconductors. Mifare enables two-way communications between the card and the reader.

Mifare Classic was an original version of the Mifare standard used in contactless cards. It stores the card number on one of its sectors, then encrypts the communication between the card and reader to theoretically make it impossible or, at least, very difficult to clone a card.

Next: 4 Steps That Will Land You New Security Customers

Unfortunately, a security flaw was discovered in the Mifare Classic standard which meant that, with the right knowledge and hardware, a card could still be cloned or another card in the series created.

The newest of the Mifare standards, Mifare DESFire EV1, includes a cryptographic module on the card itself to add an additional layer of encryption to the card/reader transaction. This is among the highest standard of card security currently available.

Mifare DESFire EV1 protection is therefore ideal for sales to providers wanting to use secure multiapplication smart cards in access management, public transportation schemes or closed-loop E-payment applications. They are fully compliable with the requirements for fast and highly secure data transmission, flexible memory organization and provide interoperability with existing infrastructures.


Bio: Scott Lindley is President of Fairpointe Data, a DORMA Group Company.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

Subscribe Today!

Get Our Newsletters