SMART CARDS
The How and Why Companies switch from proximity to smartcard systems
By Tom Piston
Richard Zerbib has worked for 10 years for Shaw Systems & Integration, an electrical contracting service out of Southfield, MI. Now a systems sales engineer for the wired or wireless structured ca- bling, life safety, security and card access, audio/ visual solutions and communications systems integrator, Zerbib has been on the front lines of seeing how important systems secu- rity has become a main concern of his customers.
ACCESS SYSTEMS
In this time, Zerbib has found more customers worrying about the security of their proximity-based card access systems. As he explains it, RFID devices are typically used as contactless prox- imity or smart card identification in tracking and access control systems. These systems operate on the assumption that the token is in close proximity to the reader. This proximity, or nearness, is due to the physical limitations of the communication channel.
However, current RFID devices, particularly those operating at 125 kHz, are not suitable for secure identification. Proximity cre- dentials that operate at 125 kHz are vulnerable to cloning. Creden- tial holders have easy access to devices that make copies of their cards at retail stores or by purchasing an inexpensive card cloner on-line. This would allow copies to be given to unauthorized indi- viduals who could then gain entry using that employee’s identity.
As these facts have become better known, there has been a drive by security directors to overcome these shortcomings by moving to more secure, encrypted card technology like that of- fered by NXP Semiconductors MIFARE DESFire EV2 based RFID credentials.
A Shaw Systems & Integration customer, a leading financial planning company who has been running 500 Farpointe Data proximity readers on the front end of their access system from provider Galaxy Control Systems showcased the problem. Once the company learned about the improved security features of a contactless smartcard system, and its added encryption, while preserving the convenience of a contactless operation, they were ready to upgrade. Learning that the Farpointe smartcard solution could handle the same “ins and outs” plus support secure usage of the company’s copiers and printers just like their present proximity system, they were ready to move on. Then, once they discovered that there was an easy upgrade path, the decision was confirmed.
PROXIMITY READERS
Zerbib suggested that their best alternative would be a total re- placement of all proximity readers and credentials to the faster, more secure smartcard technology rather than intermittingly in- stalling the new system. “By doing it all at once,” Zerbib said, “we could remove the possibility that the vulnerable, 125 kHz proxim- ity cards would continue to have to be ordered. Working with Farpointe Data, we engineered a solution that would remove not only all of the proximity credentials, it would also eliminate the possibility that proximity credentials could ever be used again.”
As a result, the group decided to deploy Farpointe’s smart- card technology which is based on the MIFARE DESFire EV2 platform to offer a globally accepted, secure and versatile access control solution. DESFire EV2 credentials employ 128-bit AES encryption, and at the time of the installation, represented the most sophisticated and secure contactless smart cards available.
Farpointe’s Delta readers read DESFire credentials and are easily installed in place of the original proximity readers. This would give the customer the freedom to target different applica- tions with the same exact cards throughout.
Reviewing the program planning, the group soon realized that it would take Shaw weeks to replace 500 plus readers, leading to a revision of the proposal. They, instead, decided to first re- credential all customer employees with dual frequency cards that combined both 125 kHz proximity and 13.56 MHz contactless DESFireEV2 smartcard technologies.
Five thousand cards were ordered and all employees were soon issued these new credentials. Once this was done, Shaw began re- placing the proximity readers with the Delta contactless smart- card readers. Since the credentials were 125 kHz and 13.56 MHz, they would continue to function on the older proximity readers and the new smartcard readers as they were being installed.
This meant that once all of the readers were replaced, the cus-
28
JANUARY/FEBRUARY 2021 | SECURITY TODAY