All security professionals need to be aware of RFID cloning vulnerabilities present in common door access control systems, and how to protect against them.
Some of the most widely used RFID access cards simply do not include any capability to prevent them from being read (and hence copied) inappropriately, and other common card-types have flawed security features that also allow them to be cloned using low-cost, hand-held card-copying kits.
It is possible, although rather impractical, to protect these cards with shielded cases that require the card to be extracted each time they need to be presented to a door access reader. There is also a risk from spoof-cards (purchased online without needing an original to copy), that will be read by standard door access readers.
Unfortunately, having cards and readers that are based on up-to-date secure RFID technology standards doesn’t automatically guarantee greater security; providers of physical access control systems often don’t make customers aware of the options available for configuring cards and readers, preferring to control that for their own benefit (simplifying deployment and maintaining card supply revenues).
To prevent card-cloning and spoofing, organisations need to make sure they are actually using the features that allow all their cards to be uniquely and securely encoded, so that cards can’t be read by any other readers, and their readers are configured to recognise only correctly encoded cards.
To secure RFID access controls, organisations ultimately need to have control over the encryption keys that are used to encode their access cards and configure their readers. Organisations don’t share their IT-admin passwords with third parties – so why should they be reliant on any number of individuals in a supply chain for access cards to protect their RFID encryption keys?
Key-ID Encoder is a cost-effective and easy-to-use solution for secure RFID card encoding. The Key-ID software makes it straightforward to create unique encryption keys, which are stored securely, and used to encode any RFID credentials that use NXP’s standard DESFire EV1 or EV2 chips.
Cards and fobs can be sourced freely and then encoded using the Key-ID kit, which includes a desktop reader/writer that connects via USB to any suitable Windows PC running the software. The reader/writer supplied also supports the use of a SAM (secure access module) to safeguard encryption keys. Enrolment of newly encoded cards into an access control system can be automated with the help of an additional software utility available from the same company.
Key-ID Encoder has been developed by Dot Origin Ltd, who specialise in identity, security and proximity solutions, using established security principles and based on industry standards.
For more information, visit www.key-id.com/encoder or call Dot Origin on +44 (0)1428 685 861.