You are here: HomeTopstories OverviewManagement › Security in RFID-based Personnel Identification

Security in RFID-based Personnel Identification

Hacked RFID Read Procedure – How Safe Is Safe?

May. 17, 2010

It is well known that every security method has its limits and that the effort required to crack a security pass or a transponder in an RF-based (Radio Frequency) identification system in most cases bears no relation to the potential gain. The first section of this two-part article provides tips on what to look for in the choice, introduction and security of RFID-based ID systems and what influencing factors there are. The second part will cover new developments and their resistance to hacking attempts.

The abbreviation RFID stands for „Radio Frequency Identification". The data and the power are transmitted via a high frequency magnetic field. For this, coils are built into the so-called ident carrier surface (as antennae) that are connected to a microchip. RFID systems use different frequency ranges, from long wave up to microwaves, that have a bearing on the reading distance. A further distinguishing feature lies in the memory type that is used. The fundamental difference here is between read only and read/write systems. As the RFID chip is extremely small and flat, it can be integrated without a problem into so-called transponders that come in various shapes and sizes. Key fobs are preferred for access control and time recording applications as they are more robust. But identity cards are used as soon as one wants to do more with the medium (pictures, inscriptions, multiple-use visitor badges etc.). Active transponders have their own power source (battery) and are mostly used to cover large distances whereas passive transponders are supplied with power through the reading device.

Keep It Simple
Proximity systems with passive transponders are usually used for access control, staff time recording and canteen data collection where the ID card is brought close to the reader. Read-only and unprogrammed ID cards can be sufficient for the most simple identification jobs with a low security requirement. The basic data of the chip consists of a unique serial or ID number as multiple bytes. Because of this simplicity, the area of the chip can be kept very small, which results in low power consumption and also low manufacturing costs.

The useable recognition distances are relatively long thanks to the low power consumption compared to intelligent systems with a large memory. The read and write systems provide more options for applications and better security because of their additional encryption capabilities. A contactless read/write card can also be used for fuel tanking data and canteen billing, e.g. to deduct amounts at vending machines. There is a reduction in reading range because more energy is required for data reading and alteration. The memory capacities vary between 16bytes up to currently 8kbytes.

Close at Hand
The advantage of a contactless chip card lies in its simple usage and that there are no problems through dirt or wearing of contacts. Nowadays there are numerous types of contactless chip cards and the RF standard defines how the transponder and the reader communicate with each other. This has a big effect on the communication distance. As already mentioned, the reading distance is dependent upon the frequency, the RFID chip, type of transponder (card or key fob) and the respective memory capacity of the ID device. For example, a Hitag reader at 125 kHz and small memory has a larger communication distance compared to the higher frequency of 13.56 MHz used by the LEGIC advant reader with larger memory. There are also differences in communication distance within frequency bands, regardless of the ID device type and size of the antenna. A small key fob (mini antenna) for example has a shorter reader distance than an ID card with the same reader antenna size.

The Long and the Short of It
There are currently three different standards that define different reading ranges. Here it is important to note that these are theoretical maximum values that have not been attained in practice.

  • ISO/IEC 10536 close coupling, CCC for a range of c. 1 cm. In these systems, the ID device is inserted into the reader or laid on it. Close Coupling systems work at a frequency under 10 MHz and are seldom used for access control or time recording.

  • ISO/IEC 14443 proximity coupling, PICC for a range of c. 10 cm. Reader versions: e.g. Legic advant, Mifare Classic, Mifare Desfire EV1, Iclass, Applications: e.g. time recording, ePass, ticketing, cash card, Characteristics: short communication distance, larger memory, higher transmission speed

  • ISO/IEC 15693 vicinity coupling, VICC for a range of up to c. 1m. Reader versions: e.g. Legic advant, i-code; Applications: e.g. logistics, goods tracking, sport time recording; characteristics: longer communications distance, smaller memory, lower transmission speed

These standards describe the physical and data characteristics of the transmission paths between a reader and the ID device. The first standard was for the 'Close Coupling Cards' that originate from the time when the available microprocessors had relatively high power consumption so that energy transmission over a longer read distance was not possible. Installations behind stainless steel or aluminum are not advisable, and also other materials can reduce the read range or even prevent it altogether.

Related Articles :

Keywords : Hacking PCS Personnel Identification Radio Frequency Identification RFID

Email requestCompany Homepage

PCS Systemtechnik GmbH
Pfälzer-Wald-Str. 36
81539 München

Tel: +49-89/68004-253

RSS Newsletter

Vote now from June 5 until August 21: 

See what next print issue of GIT SECURITY will cover...

In cooperation with Seetec, GIT SECURITY tests IP cameras in the test laboratory of the SeeTec Hardware Competence Center