How Secure is Your Smart Cards? | Info Base | Benefits of a Borer Access Control Solution

Why Borer

Benefits of a Borer Solution

All-in-One Intelligent Card Reader

Locker/Cabinet Management

Reduce Your Carbon Footprint

Energy Efficient Green System

Energy & Price Comparison

Clean Design

How Secure is Your Smart Card?

How Secure is Your Smart Card?

The cards security community are aware of the added security afforded by contact less smart cards but are generally unaware of the potential weakness in the level of security provided by most card readers including many Mifare, Legic and smart card versions.

Virtually all-current Mifare card access solutions employ a combined antenna with associated electronics termed a card reader, which is connected via a signal cable to a separate controller. The encrypted Mifare card data is detected by the antenna and the required information read from it and decrypted into legible data by the reader, after which it is sent to the door access controller over signal cable using a security industry standard “Wiegand” interface and a published open format “Wiegand” protocol.

Physical connection between reader head and controller. Vunerable to attack.

The logic of providing a very secure interface between card and reader head while maintaining an insecure connection between reader head and controller is questionable, since it is relatively easy, on the unprotected electrical interface, to intercept the unprotected Wiegand data stream or inject false data into the data stream.

Indeed most Wiegand style card readers lack a simple tamper sensor so that attempts to compromise or remove the reader head will go undetected. This compromises the high level of security built around the smart card and card reading technology. Hence, it is self evident that data read from a secure and encrypted smart card, such as a MiFare or Desfire, when passed across an unprotected Wiegand interface is open to skimming and manipulation.

Borer has eliminated this compromise to security by combining the functions of antenna, card reader decoder and controller into a single integrated card reader and controller. All information is exchanged at the logical data level where it can be encoded and if required encrypted. This eliminates the need to pass secure data across an insecure electrical interface. Consequently, data from the card to the central database is secure and safeguarded from attack.

In the past, proximity readers have been simply devices with no special configuration requirements. However, before a smart cards can be read the smart card readers must be configured with card specific information such as the address of the sector to be read together with its’ associated encryption keys.

With most smart card readers, a configuration change is done on site at the card reader head, by power resetting the reader before presenting a reader configuration card. This introduces a security risk as well as increasing the time taken to change encryption keys, especially over geographically diverse locations. A benefit of the Borer integrated card reader and controller is that it allows the user to configure the reader controller over the network. Hence, configuration changes can be simply, securely and quickly introduced.

Logical connection. Resistant to attack as data is encoded and can be encrypted.

In an access control application, the combined Mifare card reader controller is located on the unsecured side of the door to prevent the door unlock signal being tampered with. For added security, the reader controller can be logically associated with an IO device, which controls the operation of the door, located on the secure side.

This can be a second card reader controller, providing in and out control, or an IO unit whose purpose is to monitor and control the door lock. Communications between the card reader controller on the unsecured side of the door and the IO controller on the secured side is across the Controller Area Network (CAN) data link. This solution maintains both signal and data integrity.

Definitions:

Wiegand is a two wire electrical interface, first employed in the 1970’s, designed to enable a card reader made by one manufacturer pass data read from a card to a controller produced by a different manufacturer.

It consists of two wires called “Data-0” and “Data-1”. A short pulse on the “Data-0” represents a binary “0” while a pulse of the “Data-1” represents a binary “1”. The picture below is a graphical representation of a Wiegand data stream for the binary value "01101". Each dip in the line represents a change from 5V to 0V, thus communicating the bit value.

Sample Wiegand data stream

Wiegand data format is represented by the total bit count and the distribution of data fields on a card. The figure below illustrates theThis Wiegand format consists of a parity bit, 8-bit facility code, 16-bit user ID, and parity bit, for a total of 26 (1+8+16+1=26) bits.

With this basic understanding of how to translate the information in the 26-bit Wiegand format, you can apply a similar convention to decode the data in any other data format passed over a Wiegand interface. Once you know the distribution of the data fields, you can extract the facility code and user ID fields.

Signals are electrical pulses or levels passed along cables (e.g. digital signals connecting the reader head to the controller or analogue signals from the controller to the lock and the door open sensor).

Data is the exchange of digitally encoded information between devices (e.g. the card and the central access control data base via the reader controller and connecting network).

A Smart Card is typically a "credit card" sized form factor with a small-embedded microprocessor chip, which can be programmed to perform tasks and store information. There are different types of smart cards: memory cards, processor cards, electronic purse cards, security cards, and Java Cards.

For further information on any our products or an info pack, please use the Contact Form or call on 0845 155 9623