The management company has one important and responsible function in the role of building a house - is the development of technical specifications for construction. It is the Criminal Code that puts forward the requirements that a ready-made, built-in ACS system will meet.
In this article, I would like to expand on the topic of creating technical conditions within which a house with an access control system is built, which uses Mifare Plus technology of SL3 security level with sector encryption with a security key that neither the developer, nor the contractor, nor the subcontractor know.
And one of the global ones is completely not obvious at first glance - how to prevent the leak of the encryption code of the Mifare Plus cards selected for encryption within the hierarchy of builders, contractors, vendors and other responsible people working with the access control system at home from the beginning of its construction to operation in the post-warranty period.
The main contactless card technologies today:
- EM Marine (StandProx, ANGstrem, SlimProx, MiniTag) 125 kHz
- Mifare by NXP (Classic, Plus, UltraLight, DESfire) (Mifare 1k, 4k) 13.56 MHz
- HID manufacturer HID Corporation (ProxCard II, ISOProx-II, ProxKey II) 125 kHz
- iCLASS and iCLASS SE (manufacturer HID Corporation,) 13.56 MHz
- Indala (Motorolla), Nedap, Farpointe, Kantech, UHF (860-960 MHz)
Since the use of Em-Marine in access control systems, much has changed, and recently we switched from the Mifare Classic SL1 format to the Mifare Plus SL3 encryption format.
Mifare Plus SL3 uses private sector encryption with a secret 16-byte key in AES format. For these purposes, the type of chip Mifare Plus is used.
The transition was carried out due to the presence of known vulnerabilities in the SL1 encryption format. Namely:
Map cryptography is well researched. The vulnerability of the implementation of the pseudo random number generator (PRNG) card and the vulnerability of the CRYPTO1 algorithm are found. In practice, these vulnerabilities are used in the following attacks:
- Dark side - the attack exploits the PRCH vulnerability. Works on MIFARE Classic cards of generation up to EV1 (in EV1, the PRNG vulnerability has already been removed). For an attack you only need a map; you don’t need to know the keys.
- Nested - attack uses the vulnerability CRYPTO1. The attack is made on secondary authorizations, so for an attack you need to know one valid card key. In practice, for the zero sector, they often use standard keys for working with MAD - they start from it. Works for any cards on CRYPTO1 (MIFARE Classic and its emulation). The attack is demonstrated in an article on the vulnerability of the maple plantain.
- Attack by listening interchange - the attack uses the vulnerability CRYPTO1. To attack, you need to eavesdrop on the primary authorization between the reader and the card. This requires special equipment. Works for any cards on CRYPTO1 (MIFARE Classic and its emulation.
So: encryption of cards at this factory is the first moment where the code is used, the second side is the reader. And we do not trust the manufacturers of the reader the encryption code simply because they are not interested in it.
Each manufacturer has tools for entering the code into the reader. But it is at this moment that the problem of preventing code leakage to third parties in the person of contractors and subcontractors for the construction of an access control system appears. Enter the code in person?
There are difficulties, since the geography of operated houses is presented in various regions of Russia, far beyond the borders of Moscow Region.
And all these houses are being built according to a single standard, on absolutely uniform equipment.
By analyzing the market of Mifare card readers, I was not able to find a large number of companies that work with modern standards that provide protection against copying cards.
Today, most equipment manufacturers operate in UID reading mode, which can be copied by any modern NFC-enabled cell phone.
Some manufacturers support a more modern security system SL1, which was already compromised back in 2008.
And only some manufacturers demonstrate the best in terms of price / quality technological solutions for working with Mifare technology in SL3 mode which makes it impossible to copy a card and create its clone.
The key advantage of SL3 in this story is the inability to copy keys. Such technology does not exist today.
Separately, I will talk about the risks of using card copying with a circulation of more than 200,000 copies.
- Risks from the tenants - entrusting to make a copy of the key to the "master", the dump of the tenant's key gets into its database, and the "master" gets the opportunity to go into the stairwell, and use the parking lot or the tenant's parking place.
- Commercial risks: with a retail card cost of 300 rubles - the loss of the market for the sale of additional cards is not a small loss. Even if “Master” appears on one LCD to copy keys, company losses can amount to hundreds of thousands and millions of rubles.
- Last but not least aesthetic properties: absolutely all copies are produced on low-quality discs. I think the quality of the original is familiar to many of you.
In conclusion, I want to say that only an in-depth analysis of the equipment market and competitors allows you to create modern and safe access control systems that meet the requirements of 2019, because it is the access control system in an apartment building that is the only low-current system that a resident encounters several times a day.