Access Control Encryption 101

June 12, 2017
How to stop the hacking of card-based physical security systems

Never before was cybersecurity so prevalent than at April’s ISC West expo; and once that topic was introduced, the subject of encryption was not far behind. Protecting your customers from hackers is imperative, and anti-hacking encryption schemes should be a mandatory tool to thwart them.

In general, most integrators understand what encryption does but may find it somewhat difficult to describe. If you are in that class, read on.

Using encryption, information or electronic data – such as the number on an ID badge – can be converted into a code called ciphertext, which cannot normally be translated except by those who have the key. Encryption techniques should be used within access control systems to protect the confidentiality of data that is stored on your customers’ computer systems or transmitted over the Internet or other computer networks.

Why Encryption Has Become Important

When the topic of hacking used to be discussed, the concern of integrators was to simply stop unauthorized people from cloning card information; however, as was highlighted at ISC West, one of the leading gateways for hackers to attack customers’ enterprise IT systems is through their physical security systems – especially their contactless card access control systems.             

Think about it. When a 125 KHz proximity card gets powered-up by getting in “proximity” of a reader, it immediately begins to transmit its fixed binary code number; however, Wiegand – the industry standard over-the-air protocol commonly used to communicate credential data from a card to an electronic access reader – is no longer inherently secure due to its original obscure and non-standard nature.

Thus, to penetrate enterprise IT systems, hackers simply use the fixed binary to enter the systems and access specific computers. Then, those computers act as gateways to reach the targeted data. By using the physical access control system, hackers can potentially steal sensitive data. This actually happened to Austrian hotel Romantik Seehotel Jaegerwirth – according to news reports, the hotel was hit by a ransomware attack in January, in which hackers took over the access control system on guest rooms, reportedly preventing the hotels from issuing keycards or re-keying the room locks themselves. The hotel was forced to pay ransom in Bitcoin to regain control of the system (see www.nytimes.com/2017/01/30/world/europe/hotel-austria-bitcoin-ransom.html for more).

If that is not enough reason to encrypt data, the Federal Trade Commission (FTC) recently decided it will hold the businesses community responsible for failing to implement good cybersecurity practices and is now filing lawsuits against those that do not.

The Building Blocks

There are three major elements to access control system encryption:

  1. Authentication: Determining whether someone is, in fact, who they say they are. Credentials are compared to those on file in a database. If the credentials match, the process is completed and the user is granted access. Privileges and preferences granted for the authorized account depend on the user’s permissions, which are either stored locally or on the authentication server.    The settings are defined by an administrator. For example, multifactor authentication, using a card plus keypad, has become commonplace for system logins and transactions within higher security environments.
  2. Integrity: This ensures that digital information is uncorrupted and can only be accessed or modified by those authorized to do so. To maintain integrity, data must not be changed in transit; therefore, steps must be taken to ensure that data cannot be altered by an unauthorized person or program. Should data become corrupted, backups or redundancies must be available to restore the affected data to its correct state.  Measures must also be taken to control the physical environment of networked terminals and servers because data consistency, accuracy and trustworthiness can also be threatened by environmental hazards such as heat, dust or electrical problems. Transmission media (such as cables and connectors) should also be protected to ensure that they cannot be tapped; and hardware and storage media must be protected from power surges, electrostatic discharges and magnetism.
  3. Non-repudiation: This declares that a user cannot deny the authenticity of their signature on a document or the sending of a message that they originated. A digital signature – a mathematical technique used to validate the authenticity and integrity of a message, software or digital document – is used not only to ensure that a message or document has been electronically signed by the person, but also to ensure that a person cannot later deny that they furnished it, since a digital signature can only be created by one person.

How Access Control Encryption Works

A number is encrypted using an algorithm and a key, which generates ciphertext that can only be viewed in its original form if decrypted with the correct key. Today’s encryption algorithms are divided into two categories: symmetric (private) and asymmetric (public).

Most cryptographic processes use symmetric encryption to encrypt data transmissions but use asymmetric encryption to encrypt and exchange the secret key. Symmetric encryption, or private key encryption, uses the same private key for both encryption and decryption. The risk here is that if either party loses the key or the key is intercepted, the system is broken and messages cannot be exchanged securely.

Asymmetric cryptography, also known as public key infrastructure (PKI), uses two different but mathematically linked keys – one key is private and the other is public. Either key can be used for encryption or decryption depending on the desired operation. When one key is used to encrypt, the related key can be used to decrypt. The public portion of the key can be made available for other users to easily obtain; however, only the receiving party has access to the decryption key that enables messages to be read.

Using one or both of these keys, access cards may be authenticated to readers and to the back-end system. Many modern cards support symmetric cryptography such as 3DES or AES, which is used by the government to protect classified information, or TEA (tiny encryption algorithm), noted for its high speed of transaction. Some higher-grade cards support asymmetric cryptography such as RSA. Where asymmetric encryption is used, no valuable master keys need to be stored in the door controller, which makes the resulting design and maintenance less complex.

Adding Encryption to an Access Control System

Integrators should consider 13.56 MHz smart cards to increase security over 125 KHz proximity cards. One of the first terms you will discover in learning about smart cards is “Mifare,” a technology from NXP Semiconductors.

The newest of the Mifare standards, DESFire EV1, includes a cryptographic module on the card itself to add an additional layer of encryption to the card/reader transaction. This is amongst the highest standard of card security currently available. DESFire EV1 protection is therefore ideal for sales to customers wanting to use secure multi-application smart cards in access management, public transportation schemes or closed-loop e-payment applications.

Valid ID is a relatively new anti-tamper feature available with contactless smartcard readers, cards and tags. Embedded, it adds yet an additional layer of authentication assurance to traditional Mifare smartcards. Valid ID enables a smartcard reader help verify that the sensitive access control data programmed to a card or tag is indeed genuine and not counterfeit.

Scott Lindley ([email protected]) is president of Farpointe Data and a 25-year veteran of the contactless card access control industry. Request more info about the company at www.securityinfowatch.com/10215927