While it is not a secret, it is surprising how many end-users are unaware of the security risks their facilities are open to if legacy 125khz proximity card technologies are the foundation of the access control system. There is a vulnerability that these prox cards could be cloned or hacked. The ubiquitous proximity card is based on technology that has been around since the mid-1970s and has proven its worth as the backbone of most access control systems. But in today’s rapidly changing risk landscape, low-frequency cards fail to rise to the protection levels required to meet evolving security challenges. Many users admit that convenience and function were far more important design considerations than security for many early prox users.
Today, bad actors looking to clone a 125khz prox card need look no further than their local drugstore, or other outlets such as Safeway, Bed Bath and Beyond and Kroger, which may have self-service proximity card replicators usually housed in a kiosk much like a key-cutting machine. And for less than $25, even Amazon is offering prox cloning machines for dropship. In a matter of seconds, a cloning device could duplicate a staff or vendor ID that would be indistinguishable from the original credential to the physical access control system providing “authorized” access to unauthorized people.
The potential risk to a company is compounded by the fact that the business might never realize the event occurred. Most companies seldom track their system’s “access granted” activity, even though these activity reports could monitor and document potential security breaches.
Prox Migration Enhances the Platform
It is no mystery why proximity access control card technology has stood the test of time. There are millions of durable and cost-efficient readers and cards deployed around the world, and the read range is conducive to many applications. Prox also checks boxes for convenience and architectural aesthetics. In a corporate setting, readers can be mounted behind most non-metallic substrates like drywall and glass. The “non-contact” technology of proximity allows users to keep their credentials in a purse or wallet as they access an entrance.
Being able to maintain the basic concept of proximity access control has been a motivating factor in many end-users’ drive to migrate away from the vulnerabilities of low-frequency technology to more secure Smart Card solutions. Card and reader manufacturers like HID Global, Farpointe Data and Schlage, who work with Sielox’s layered software platforms to create high-end access control solutions, have been a leading force in this prox migration. But it is critical that these manufacturers collaborate with systems integrators and consultants to help end-users develop their migration plans.
Users must be cognizant that while high-frequency credentials are viable security upgrades, not all high-frequency credentials are created equal. A recent HID whitepaper states that a “legacy high-frequency credential lacking the nested encryption of credentials is vulnerable to attack. By leveraging strong authentication technologies an organization reduces the risk of attack to their internal systems by removing the reliance on only one factor that could potentially be compromised, without the check of an additional factor to complete the transaction.”
Industry Standards Help Security
The security industry is also helping grease the rails for a smooth migration to systems that are less vulnerable and more compatible. A newly released access control communications standard from the Security Industry Association (SIA), is designed to improve system interoperability and expand support for higher security smart card applications. Version 2.2 of the SIA Open Supervised Device Protocol (OSDP), features updates that allow for an enhanced file transfer method that can transfer large data sets for firmware updates or graphics from an access control unit to a reader. It also includes clearer instructions for the implementation of SecureChannel to facilitate encrypted communications and updated messages for handling smartcard applications within the protocol.
Already in use by many leading manufacturers, the SIA OSDP standard is recommended for access control installations that require advanced security or will be used in government and other higher-security settings. Using OSDP standards, the migration to higher security systems options for users and integrators will be easier and more uniform. Employing OSDP enables communication among different manufacturers’ devices, which helps with legacy issues. And OSDP not only provides a concise set of commonly used commands and responses, but it also eliminates guesswork, since encryption and authentication are predefined.
Sielox is working in conjunction with its technology partners to ensure migration is a seamless process for any project. It is featuring an OSDP-compliant Cypress Connector implementation solution that can help convert and integrate legacy Wiegand panels. There are newly released HID Signo readers that are highly versatile, support myriad credentials and are OSDP ready. The reader also offers extremely secure storage of cryptographic keys on certified secure element hardware, plus a new surface detection feature that allows the reader to automatically recalibrate and optimize read range performance.
Farpointe Data and Schlage also offer an array of OSDP compliant readers for a variety of applications and price points.
Planning for Your Migration
Planning for your access control migration can only begin when your assessment is completed. The larger the project, the more detailed planning will be required. Once you have completed your facility’s device inventory of legacy readers, credentials and control hardware, and your team has done its due diligence with a cardholder/access-group peer review, the technology roadmap can begin.
The technology transition will almost certainly have budget parameters that require the project to deploy in phases. And of course, given today’s supply chain and chip shortage issues, a good project leader will account for proper lead time.
Understanding your current system’s liabilities and planning accordingly can make even the most daunting migration project track smoothly.