Proximity Access Readers: 125kHz or 13.56Mhz? Would you use 125kHz readers and cards or do you think 13.56Mhz is the best option for access control as far as credential security is concerned? What about biometrics?
A: Older technologies like 125kHz proximity, magnetic stripe, barcode and CSN (Card Serial Number) readers are best avoided. You also want a secure connection to the access control host, so avoid Wiegand, and clock and data. Encryption for card reading and for host communication is vital.
Typical 13.56Mhz frequency cards offer additional functions, as well as enhanced read range. Think seriously about the use of smart devices as a credential – many mobile devices have biometric authentication and users are clearly more comfortable authenticating themselves to a device they own rather than handing biometric markers over to others.
There are significant differences between 125kHz read-only prox and higher frequency technologies like 13.56mHz Mifare, which has a higher frequency and a smart processor and offers more security. When it comes to all important issues of cost, 125kHz prox to Mifare is not a huge jump in price, while Mifare to DESfire is a bigger jump for far higher levels of security and greater operational flexibility.
The prevalence of 125kHz proximity revolves around cost convenience and ignorance. For very little extra cost, you can get a much more secure solution. And you can go for slightly more security or much more, depending on budget.
The 125kHz proximity technology has been around since 1990 – it’s basically a physical RFID chip and when you present it to an EMI field the antenna inside is excited and responds with a signal that is identified by the reader. There’s a 26-bit format, which comprises of a site/facility code and the card number – site code from 0-255 and card number from 0-65500 – which is 16,702,000 possible permutations. It works well, but in the face of modern computing power, it’s a vulnerable technology.
Making matters worse, installers will often label a customer as Site 1 and then add; Card 1, Card 2, Card 3, Card 4, etc; so if there’s no deliberate attempt to increase the complexity of a customer’s numerical base, there are many duplications locally and globally.
Further, 125kHz prox is a read-only technology – there’s little or no encryption. There is certainly a place in the market for this low security technology but if you want a system that offers serious protection, then you’re best to move to higher frequency options.
When it comes to 13.56 mHz Mifare you are getting a smart card, so you can write data to the device. Even a 1Kb smart card will have with data spread over 16 sectors, each sector able to hold its own application and set of encryption keys. Worth noting is that fact that every Mifare card has its own unique identifier hard-stamped from the factory.
What happens with Mifare is that the identifier can either be read from the card, which is not great security, or you get that on-card serial number and, along with the key in the reader, you can encrypt it to lock up a card sector so card and the facility number are locked in a secure location. This gives an encrypted key that must be unlocked in order to discover the code.
Mifare Classic was hacked in 2008, so better providers go a step further in that that they combine the encrypted key with the card serial number and apply an algorithm – key diversification. What this means if that an attack does compromise a Mifare system, only one card is compromised. It’s a lot more flexible than traditional proximity technology, because you can use multiple applications, you can have a sector for base building, a sector for tenancy, a sector for biometrics, a sector for time and attendance, etc.
Most secure of all is DESfire, which, while it’s a type of Mifare card, is significantly different. A 4k DESfire card has 4 times the amount of data onboard so you’re not restricted in card layout to the 16 different fixed-size sectors. Instead you’re allowed up to 28 applications and they can vary in size. Any card can have 20 apps and any app can have 15 files inside, the benefit being a solution that is much more flexible and far more dynamic.
The other difference is that while the encryption algorithm for Mifare Classic has been compromised, DESfire using Triple DES/AES and has not been defeated, so it’s more secure. It’s the only completely secure RF technology, and is projected to remain secure until 2030, based on current technological trends. Central to the operation of DESfire access control credentials is the 3-path mutual authentication process.
The key difference between read-only prox and DESfire is that the latter waits for a card to enter the field, then sends a request saying “are you a DESfire card”, it says “yes, and here is my CSN”, then the reader asks for a key, the card references the key using a random number, the reader decrypts and sends the de-encrypted number back with another number that’s been encrypted.
The card then responds and says “yes, you decrypted that properly”, and delivers a decryption of the second number. Once all the handshaking is done, the reader can access the card data and the door can be opened. There’s more data, so it’s a longer read process (80 milliseconds), and a reduced read range, but the result is far higher security
As well as higher security prox cards, the latest biometric readers are something else to seriously consider. There’s a new generation of fingerprint and face recognition readers coming through, and given they eliminate the ongoing cost of managing huge card libraries, they are well worth considering. We especially like Morpho Wave technology from Idemia pictured top.
More from SEN here.