Introduction to Proximity Cards
- Hacking Projects involving proximity cards
- Informative Resources
This article is intended for basic familiarization on Proximity identification cards.
Proximity cards are one of the more popular ways to lock buildings from undesired guests while avoiding dealing with physical keys. Just stuff the card in your wallet and swipe it against a proximity card reader pad, which beeps cheerfully, flashes a green light and the door opens. Or it politely rejects you by beeping and flashing a stern red light. Or if you are like a few of my friends it blinks a light , and beeps in a cheerful manor and either lets you in or it doesn't. But securing buildings isn't the only thing that proximity technology is used for. Proximity technology is used in: Pay cards, transit cards, key cards, RFID tags and more.
A Proximity Card is a small credit card sized passive electronic device which Is typically used for physical access control. Simple cards return a code when activated, more complex cards are basically a wireless smart card which issues an encrypted challenge response along with stored personal information.
So here's an explanation on how a proximity card works:
The card itself consists of a physical plastic card which contains a special wire with a coil and an IC. This is similar in concept to a smart card except instead of electrode pads the wire and coil take care of communication. What happens is that when the card is passed in the general proximity of a reader (roughly 1 to 3 inches usually) the reader transmits a signal which is intercepted by the special circuit in the card which then reacts and passes and reflects back a changed signal back to the reader. The reader then transmits the results back to a central control computer which either accepts or rejects the transaction and allows or denies entry (Westhues 2008)(Wikipedia 2008).
This process is called the Wiegand Effect. The special wire is made out of a mixture of cobalt, iron and Vandium, and is also known as Vicalloy. This is then cold-worked into a wire known as a Wiegand Wire. The wire reacts to a magnetic field by causing a small burst of power which is detected by a coil wrapped around the wire. This burst of power is called a Barkhausen jump or Barkhausen Effect. (Wikipedia 2008)
Simple RFI cards are configured with a id number, part of this number is a company id, the other part is a unique number. Each person is given a uniquely numbered card which the card transmits when it encounters a carrier field from a card reader. If the user tries the card at another company, the card will transmit its code but will be rejected because the card has a different company code (wikipedia, 2008).
ISO 14443 specifies that this signal exchanged may contain data which can be cryptographically signed. For instance US Department of defense badges are smart cards which contain information about that person along with cryptographic keys for authentication and encryption and decryption of data (Wikipedia 2008).
There are other standards like ISO 15693 which is the Vicinity card standard. It is functionally similar however uses a different wireless handshaking process with different radio frequencies.
3. Hacking projects involving Proximity cards
Eliot Phillips on Hack-a-day posted an article by Jonathan Westhues which detailed how to build a proximity card reader/spoofer (Westhues, 2008). Multiple Metropolitan transportation cards have gone to a proximity card to increase efficiency. Once again this is using a form of wireless smart-card. The most recent of these methods was slated to be discussed at Defcon in 2008. However the group was sued by the transit authority before they could do so. The MiFare hack allowed for cloning of pay cards(Anderson, Ryan and Alessandro, 2008).
The Olin College Prox Card team designed a USB 1.0 proximity card reader capable of reading 125 khz proximity cards and reading the response information.
This device used a pc micro-controller to read and relay the Proximity card information to a computer as a USB device (Olin College Prox Card Team, 2004).
Proximity cards are the entry method of choice, it allows keys to be given out in mass, combined with a computerized building entry system keys can be activated or de-activated with a minimum amount of physical effort. They cards themselves are convenient to the user because they can walk up to a door and either hold the card with in 3 inches of the pad and the door will open as opposed to fishing through a large key chain.
Because the old style proximity card systems rely on a static analog signal for identification, the basic installations have a serious flaw which makes the system as effective as an old style physical lock. The new standards including cryptographic handshaking are much more effective for security. Though as the MiFare hack demonstrates that even newer system are not immune to issues caused by improper design and implementation.
5. Informative Resources
Anderson , Zack, Ryan , RJ and Chiesa , Alessandro. "The Anatomy of a Subway Hack." Presentation Materials from Defcon 16 (2008). www.defcon.org
The Olin College USB prox card team. (Accessed Sept 2008) "The USB Proximity Card Reader." (2004)
Westhues, Jonathan. (Accessed Sept 2008) "Proximity Cards"
Wikipedia. (Accessed Sept 2008) "Wiegand Effect."
Wikipedia. (Accessed Sept 2008) "Access Badge"
Wikipedia. (Accessed Sept 2008) "ISO/IEC 14443."