Access control systems (ACS) today are an integral part of the security systems of almost any object - from a small office to a large enterprise or military facility. In today's troubled world, this is not just a tribute to fashion, but a real opportunity to reduce the level of threat of intrusion by outsiders on an object. After all, the consequences of such an infiltration can sometimes be catastrophic, not only for a specific object, but also for the whole world, if we are talking about, for example, a military base or a nuclear power plant ...
Yes, the words in the title are not a reservation - the security of any strategic object is not only its object, security, but also ours. If sabotage occurs at a large chemical enterprise several kilometers away from your home, the consequences can be very sad ... That is why the issue of protecting such an important component of security systems as access control systems for such facilities is not a private affair of the enterprise director or military commander parts. This is a nationwide task, no matter how pathetic it sounds. Although we will talk about a very small component of the access control system - about proximity identifiers.
Let's start "with a hanger"
As the theater begins with a hanger, so any company begins with a checkpoint. This is the milestone that any attacker must first overcome. Why storm a two-meter fence with barbed wire, and even equipped with various alarm systems, if you can just enter the company through a passageway designed for this purpose?
A modern checkpoint is a turnstile (belt, full-height - it is not essential for us), equipped with readers. Employees have plastic cards - electronic passes, with which they get access to the enterprise.
The janitor can additionally monitor the passage discipline, but his real participation in the implementation of the access control regime is not so significant, especially in an enterprise with a staff of several thousand people.
If you look a little further, we will see that the electronic pass on the territory of the enterprise is also used to access the internal buildings or premises, and sometimes to access computers ... In general, in a piece of plastic the size of 85x54 mm is, by and large, great strength.
What card do you have?
Almost all proximity cards used in ACS are of one of four types (or formats): these are EM Marin, HID, Motorola (Indala), operating at 125 kHz, and CheckPoint, operating at 13.56 MHz. You can find other options, but this is, frankly, already exotic.
All of these cards operate in continuous mode, that is, when they hit the reader’s field, they begin to transmit their serial number in a loop, which is used as an identifier for the cardholder. The modulation methods of the carrier, that is, the way the card code is transmitted back to the reader, for the cards in question are different. EM Marin and CheckPoint use the simplest amplitude modulation, HID uses two frequency subcarriers to transmit “zeroes” and “ones” of binary code, and Motorola uses subcarrier modulation equal to half the carrier frequency.
Maps of these formats are really good and reliable “keys” in work for almost all existing types of access control systems. The best proof of this is their wide distribution, and not only in Russia. In addition, these cards have a perfectly reasonable price, which in recent years has a steady downward trend. Today, buying such cards at retail for a dollar apiece is not a problem.
And if your site does not have a nuclear reactor, the most important state secrets are not stored, your choice is obvious.
But, you know, the object object is different. Where a special level of security is required, and proximity identifiers must have special security.
There is always a way out
A possible solution to the problem is intelligent (“smart”) cryptographic cards. True, they are still used more in transport (for example, in the subway or suburban trains of the Moscow Railway) than in security systems. The conservatism of the latter here turned out to be inappropriate.
So, at the expense of what smart cards provide a fundamentally new level of security? Due to the fact that they work in a dialogue mode with the reader, using the most advanced mechanisms of cryptographic protection in the process of mutual exchange of information. Even if such a card falls into your hands for a few days - there is no chance of "deciphering" it even in the laboratory. For example, when using keys with a length of 6 bytes (48 bits), as in maps like Mifare® Standard, the time required for complete busting of keys is about half a million years!
The cost of such cards is about two dollars. A lot, especially if you take into account their required quantity for, for example, the same plant of defense value. But once again I want to remind you that we are talking about particularly important objects, where security, by definition, cannot (and should not!) Be cheap.
How it works
Naturally, to work with secure cards require appropriate readers. They have already appeared on the market and are available to installers of security systems. Such readers operate at a frequency of 13.56 MHz in the dialogue mode with a card, and from the controllers side, the ACS has standardized interfaces (for example, Wiegand) and can be used in any serial systems. Cards are also a standard product, and purchasing them is not a problem.
What is additionally necessary for the full functioning of a secure access control system is a mechanism for changing access codes to the card, which should be implemented at the workplace of the system administrator for card personalization, and should also allow entering new keys into the readers. The scheme of "settings" of a protected access control system for a specific object is shown in the figure.
Personalization of access cards is carried out with the help of a desktop reader connected to a computer and a special software module that controls the operation of such a reader in the process of personalization. Since any access to the card is possible only with the use of a key, smart cards are supplied from the manufacturer with so-called “transport” keys that are known to all. In the process of personalization, identification information is entered into a specific area of the map, which can also be assigned by the system administrator. For the case of 26-bit Wiegand readers, this will be a three-byte number by which the user will be identified in the system database. After that, new access keys to the card are recorded in the card, which will be unique for this system and known only to its owner. Moreover, there may be two such keys: one for reading identification information from the protected sector, and the second for reprogramming the card, that is, for writing the identification number and changing the card access keys. The first key must “know” every reader of the system, and the second can be stored in a safe of a Swiss bank in a single copy.
Naturally, the card is arranged in such a way that the keys entered into it cannot be read after this in principle - this is ensured by the circuitry of the card's chip.
Readers also come with transport keys of cards, that is, only uninitialized cards can initially be read. To reprogram readers, the administrator creates a special master card with which new information is transferred to the reader in the reader's programming mode - the storage area for the identification code and the new access key. Such a mechanism assumes that in order to change the keys in the reader in the master card there must be information about the old key and the new one, otherwise the reader will not be reprogrammed. Having such a master card, the administrator can quickly reprogram a working system by passing through all the readers.
And one more note, for someone obvious. Since the mechanism of card personalization and reprogramming of readers is in the hands of the “master” of the system, the procedure for changing all access keys can be carried out with any necessary frequency, which is a mandatory requirement for some particularly important objects.
"Bonuses" of the system
The above-described protected rewritable cards, as a rule, have a fairly large amount of memory. There is a desire to use it to expand the capabilities of the system. Additional functionality is limited by the customer’s imagination and capabilities (that is, qualifications) of the integrator or system developer. From the obvious and already used "bonuses" we can mention the following:
• Storage in the free memory area of the fingerprint convolution card. In this case, biometric readers are installed on critical points of passage, which compare the cardholder’s real fingerprint with the image stored in the card. The solution is quite convenient, since you do not need to enter fingerprint data into each such reader. In addition, in the verification mode (verification of two samples), the system works much faster than in the identification mode, when matching is performed on the database.
• Use of the card in subsystems not directly related to security, for example, in local settlement systems (payment for meals in the dining room and other services).
• With a rewritable card, it becomes possible in principle to implement a global anti-passback (prohibiting double pass), but ... no one has yet released controllers that support this function.
Obviously, the maps in question will help ensure access not only to the territory or the premises, but also to information if the corresponding system is installed on computers.
The choice of maps for building secure access control systems today is quite wide. Of the most accessible, we mention the following:
• Mifare® Standard 1K. The most popular of the cards with cryptographic protection. The total amount of memory is one kilobyte, which is divided into 16 sectors with 4 blocks of 16 bytes in size. The original Philips company’s cryptographic algorithm is used.
• Mifare® Standard 4K. Similar to the device map 1K. The total memory capacity is four kilobytes, the first two of which repeat the structure of the kilobyte card, and the second half of the memory has a larger sector size.
• DESFire. Further development of Mifare® cards. The memory capacity is four kilobytes, while there is no hard memory structure. Instead, the map has a user-defined file structure (the number and size of files). Own cryptographic algorithm is replaced by standardized DES or Triple DES.
• Mifare® ProX. A card with a built-in microprocessor and the ability to load user applications into it. The reprogrammable memory is 4, 8 or 16 kilobytes. In various versions it has from one (DES / 3DES) to three hardware crypto processors. In addition to the contactless, it has an ISO 7816 contact interface. It is possible to work in the emulation mode of Mifare® Standard 1K / 4K cards.
• SmartMX. The most modern card developed for use both in banking applications, and in electronic documents entered all over the world. The main features are similar to the Mifare® ProX card, the reprogrammable memory is 36 or 72 kilobytes. The card can have up to three interfaces: contactless ISO 14443A, contact ISO 7816 and USB.
We don’t mention cards of other manufacturers for two reasons: firstly, Philips is the leading company in this market, and, secondly, Philips cards are most accessible and provided with good technical support (for system developers and integrators).
As proof, it remains to cite the last, as it seems to us, weighty argument: in the Pentagon security system today, DESFire cards are used. As they say, comments are superfluous ...