It is a generally accepted principle that an access control system works well if it prevents unauthorised persons from entering the building or control zone. As easy as it sounds, the basic principle is that authorised staff have a device (e.g. a smartphone app, access card or watch, etc.) that they use to authenticate themselves at the appropriate location. However, we also need to think about protecting these devices, as the number one security vulnerability is unauthorised people copying them.
Fortunately, today this no longer works by stealing it, plugging it into a machine and then smuggling it back once you have the copy, as we have seen in some exciting action movies. Today, various technical solutions are used to try to capture the transmitted signal during communication between devices and then break its encryption. This is good news because there are increasingly sophisticated solutions to defend against this method. For example, the technologies we use to prevent the identity from being copied. We have a number of ways to do this, such as double-checking for mobile phone IDs or encrypting the card properly, for which Anteus has its own solution, but we also use the globally recognised MIFARE DESFire ID, one of the best.
But how can you prevent data from being stolen?
The most common method, which can be abused without any special knowledge, is to simply use a special reader to read your ID and copy it. This is usually unnoticed by the victim, because these scanners work in the same approximate way as the wall reader, so it is enough to get within a few centimetres of, for example, the card in the bag. The latter is the easiest and most common form of misuse, because such copying devices can be obtained by anyone from web shops. This is why it is important not to choose the simplest identification technology and to protect the identification in some way against easy copying. Fortunately, secure identifiers are now readily available at reasonable prices, but encryption must also be taken into account, so it is advisable to consult a professional before choosing a technology.
With more specific knowledge, a common method that hackers try is to detect the wireless interface between RFID readers and transmitters and read the data from the ID. In simple terms, it's like trying to listen in on the radio to the exchanges of taxi drivers or police - if you could find the wavelength, you could hear what they were talking about. Here, too, you're tapping into the connection between the two devices.
Another method is to connect to the communication between the RFID readers and the server that stores the data and get the data that way.
To prevent these from becoming a problem, two things need to be built in: one is to use security keys in the communication between the readers and the readers. The other is to encrypt the traffic between the reader and the server. Together, these defeat both methods of hacking, protecting user data along the entire path.
As far as mobile identification is concerned, the technology has evolved at an astonishing rate in recent years, providing complex options for potential security. In addition to the ability to use encryption and wireless connectivity (e.g. BLE, NFC, etc.), the device security toolbox itself has become extremely advanced. For example, biometric fingerprint authentication is almost standard, the use of facial recognition for login is an essential option, as is GPS-based location tracking. These features greatly enhance security.
Our company Anteus is also continuously researching and developing how best to introduce mobile identification into an existing access control system.
Anteus offers
Once a smartphone compatible MaxReader reader is deployed, an application is installed to create a secure ID and can be used in the access control system. No separate cloud service or parallel system is required to manage mobile credentials. Instead, you can store them with your traditional user credentials. This keeps credential management simple and convenient for you.
Improve the security of your access control system with Anteus
- There is no doubt that mobile phones are part of our everyday lives, always at hand because we use them for so many functions. Surveys show that it is therefore more secure than a passcard, is almost never forgotten at home and rarely misplaced, and its biometric security solutions offer many advantages. These are strong arguments for including mobile identification in your access control system.
- But if you do choose to use cards, watches or other tokens for access control, make sure you use secure, non-duplicable IDs.
- Check the connection between readers, controllers and server. Make sure that encryption is secured, that there are no hidden loopholes in the system, i.e. that the system comes from a trusted source.
- Let us review your existing access control system and suggest improvements - contact us!
