The First Rule, Encrypt -- Security Today

The First Rule, Encrypt

When implementing a card-based system, protect yourself

By Scott Lindley
Aug 01, 2017

It used to be that the most important aspect of implementing an electronic access control system was the simple control of who went where when. Today, the requirements of these sophisticated systems go beyond. Indeed, one of the security challenges frequently heard surrounds denying hackers, cyber-punks and associated bad actors from using the access system as a gateway to an organization’s sensitive IT network.

As an RFID access card gets close to its reader, it begins to wirelessly transmit its binary code. If using 125KHz proximity, then the wireless protocol is typically Wiegand, an older technology that can no longer provide the security needed today. In a worst case scenario, hackers could simply lift that fixed Wiegand clear text, retransmit it to the card reader and, from there, physically enter the facility and thereby the network, allowing these characters free rein to target the IT system.

In fact, the Federal Trade Commission (FTC) has been apprised of so many cyber attacks, and the threat these hacks pose, that it is now holding companies responsible for not implementing good cybersecurity practices. Data encryption is part of good practice and is, indeed, an opportunity for the security industry.

3 Major Elements to Encryption

Authentication. This verifies that someone is who they say they are. Credentials are compared to those on file in a database. When matched, the user is granted access. (“Yes, badge #1234 is in our database. Go ahead.”) Settings are defined by an administrator. For example, in a high security facility, the administrator may demand multifactor authentication, using a card plus PIN.

Integrity. This assures that digital information is uncorrupted and only accessed or modified by those authorized. (“Nobody has messed with this number.”) Data must not be changed in transit or altered by an unauthorized person or program. If data gets corrupted, then redundancies restore the affected data to its original state.

Non-repudiation. This means that users cannot deny the authenticity of their signature on a document or the sending of a message that they originated. (“Nice try but we know that YOU did this.”) A digital signature not only ensures that a message or document has been electronically signed by the person but also ensures that a person cannot later deny they furnished it.

Here is How Encryption Works

Encryption consists of both an algorithm and a key. Once a number is encrypted, the system needs to have a key to decrypt the resultant cyphertext into its original form. There are two varieties of algorithms— private (symmetric) and public (asymmetric).

Private key encryption uses the same key for both encryption and decryption. Be aware—if the key is lost or intercepted, messages may be compromised. Public key infrastructure (PKI) uses two different but mathematically linked keys. One key is private and the other is public.

With PKI, either key can be used for encryption or decryption. When one key is used to encrypt, the other is used to decrypt. The public portion of the key is easily obtained for all users. However, only the receiving party has access to the decryption key allowing messages to be read. Systems may use private encryption to encrypt data transmissions but use public encryption to encrypt and exchange the secret key.

Using one or both these algorithms, access credential communications may be encrypted. Many modern cards support cryptography. Look for terms such as 3DES, AES (which the government uses to protect classified information), TEA and RSA.

Adding Encryption into an Access Control System

If concerned with hacking, consider more secure 13.56 MHz smart cards over 125 KHz proximity cards. Look for the term “Mifare,” a technology from NXP Semiconductors. The newest Mifare standard, DESFire EV1, includes a cryptographic module on the card, adding an additional layer of encryption to the card/reader transaction. DESFire EV1 protection is especially important for customers wanting to use secure multi-application cards for access management, public transportation or closed-loop e-payment.

Another valuable option is Valid ID, an anti-tamper feature for contactless smartcard readers, cards and tags. Embedded, it adds yet an additional layer of authentication and integrity assurance to traditional Mifare smartcards. Valid ID helps verify that sensitive access data programmed to a card or tag is indeed genuine and not counterfeit.

Encrypted Cards and Readers Inhibit Hackers

Whether you need to guard against state sponsored terrorists or the neighborhood teen from hacking the electronic access control systems that you implement, security today starts with encryption. But, that’s just a beginning. To take steps that will further hinder hackers, ask for your manufacturer’s Cybersecurity Vulnerability Checklist.

This article originally appeared in the August 2017 issue of Security Today.

NAPCO Promotes Peter Lowenstein to Head Napco Access
01/16/2025
i-PRO Shares Key Predictions for the Physical Security Market in 2025
01/14/2025
Snap One Adds New Luma 4K Hybrid Surveillance Cameras to X20 Portfolio
01/14/2025
Per Mar Security Services Acquires Accu-Com Security Solutions
01/14/2025
RapidFire Safety & Security Acquires Kane Fire Protection
01/13/2025
Mission 500 Announces Leadership Updates and New Board of Directors Roles for 2025
01/13/2025
SEC Partners with SCIP to Expand Focus on Private-Sector Intelligence
01/13/2025
Napco Access Pro’s Continental Enterprise Security Management Platform, GSA Certified, FIPS 201 Approved
01/07/2025

Featured

Keynote Speakers Announced for ISC West 2025

ISC West, hosted in collaboration with premier sponsor the Security Industry Association (SIA), unveiled its 2025 Keynote Series. Featuring a powerhouse lineup of experts in cybersecurity, retail security, and leadership, each keynote will offer invaluable insights into the challenges and opportunities transforming the field of security. Read Now
- Industry Events
- ISC West
Study: Video Doorbells Have a 71% Service Attach Rate

Parks Associates recently announced a new white paper, Consumer IoT Product Development: Managing Costs, Optimizing Revenues, which provides companies with a business-planning blueprint to evaluate how a consumer IoT solution will perform across its lifetime. Subscription services, such as video storage and professional monitoring, can be critical for covering ongoing cloud and support costs Read Now
- Residential Security
- Dealers and Integrators
Michigan City Fights Retail Crime With AI-Powered Video Surveillance, 911 Camera Sharing

To combat persistent retail crime and deliver peace of mind to workers in the bustling North Leroy Street business district, the City of Fenton Police Department has deployed a new AI-powered video surveillance system with camera-sharing technology to accelerate response time during retail heists or other emergencies. Read Now
- Artificial Intelligence
TSA Intercepts 6,678 Firearms at Airport Security Checkpoints in 2024

During 2024, the Transportation Security Administration (TSA) intercepted a total of 6,678 firearms at airport security checkpoints, preventing them from getting into the secure areas of the airport and onboard aircraft. Approximately 94% of these firearms were loaded. This total is a minor decrease from the 6,737 firearms stopped in 2023. Throughout 2024, TSA managed its “Prepare, Pack, Declare” public awareness campaign to explain the steps for safely traveling with a firearm. Read Now
- Airport Security

Webinars

Salient Systems, Hanwha Vision (formerly Hanwha Techwin), AtlasIED, Safety Technology International Inc., Omnilert, System Surveyor

Building a Unified Approach to School Safety
The Center for Safe and Resilient Schools and Workplaces

Precovery in Action: Proactive Strategies to Promote School Safety and Mass Violence Prevention
Hanwha Vision (formerly Hanwha Techwin), NAPCO Security Technologies, Inc.

Getting Control of your Access

Whitepapers

Salient Systems

A Model for Community Security
Genetec

State of Physical Security 2025
Winsted Corporation

Sit/Stand Consoles: Helping Increase Productivity

New Products

Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3