Hello, my name is Andrey and I am an employee of one of the largest management companies in the country. It would seem that an employee on HabrΓ© can tell? Exploit yourself the buildings that the developer has built and nothing interesting, but this is not so.
The management company has one important and responsible function in the role of building a house - this is the development of technical specifications for construction. It is the management company that puts forward the requirements that the finished, built ACS system will meet.
In this article, I would like to cover the topic of creating technical conditions within the framework of which a house is being built with an ACS system that uses Mifare Plus security level SL3 technology with sector encryption with a security key that neither the developer, nor the contractor, nor the subcontractor knows.
And one of the global ones is not at all obvious at first glance - how to prevent leakage of the encryption code chosen for encryption of Mifare Plus cards within the hierarchy of builders, contractors, vendors and other responsible persons working with the ACS system at home at the stage from the beginning of its construction to operation in the post-warranty period.
The main technologies of contactless cards today:
- EM Marine (StandProx, ANGstrem, SlimProx, MiniTag) 125 kHz
- Mifare by NXP (Classic, Plus, UltraLight, DESfire) (Mifare 1k, 4k) 13,56 MHz
- HID manufacturer HID Corporation(ProxCard II, ISOProx-II, ProxKey II) 125 kHz
- iCLASS and iCLASS SE (manufactured by HID Corporation) 13,56 MHz
- Indala (Motorola), Nedap, Farpointe, Kantech, UHF (860-960 MHz)
A lot has changed since Em-Marine was used in ACS systems, and we recently switched from the Mifare Classic SL1 format to the Mifare Plus SL3 encryption format.
Mifare Plus SL3 uses private sector encryption with a secret 16-byte key in AES format. For these purposes, the Mifare Plus chip type is used.
The switch was made due to known vulnerabilities in the SL1 encryption format. Namely:
The cryptography of the card is well researched. We found a vulnerability in the implementation of the pseudo-random number generator (PRNG) of the map and a vulnerability in the CRYPTO1 algorithm. In practice, these vulnerabilities are used in the following attacks:
- Dark side - the attack exploits a PRNG vulnerability. Works on MIFARE Classic cards up to EV1 generation (in EV1, the PRNG vulnerability has already been fixed). To attack, you only need a map, you do not need to know the keys.
- Nested - The attack exploits the CRYPTO1 vulnerability. The attack is made on secondary authorizations, so for the attack you need to know one valid card key. In practice, for the zero sector, standard keys are often used for MAD operation - they start with it. Works for any cards on CRYPTO1 (MIFARE Classic and its emulations). The attack is demonstrated in the article about the Vulnerability of the Plantain card
- Listening attack - The attack exploits the CRYPTO1 vulnerability. To attack, you need to eavesdrop on the primary authorization between the reader and the card. This requires special equipment. Works for any cards based on CRYPTO1 (MIFARE Classic and its emulations.
So: encryption of cards at the factory is the first moment where the code is used, the second side is the reader. And we no longer trust the reader manufacturers with the encryption code, simply because they are not interested in it.
Each manufacturer has tools for entering the code into the reader. But it is at this moment that the problem of preventing code leakage to third parties in the face of contractors and subcontractors of the construction of the ACS system appears. Enter the code in person?
There are difficulties here, since the geography of operated houses is represented in various regions of Russia, far beyond the Moscow Region.
And all these houses are built according to a single standard, on absolutely the same equipment.
By analyzing the Mifare card reader market, I was not able to find a large number of companies working with modern standards that provide card copy protection.
Today, most hardware manufacturers work in UID read mode, which can be copied by any modern cell phone with NFC.
Some manufacturers support a more modern SL1 security system, which was already compromised back in 2008.
And only a few manufacturers demonstrate the best technological solutions in terms of price-quality ratio for working with Mifare technology in SL3 mode, which makes it impossible to copy a card and create its clone.
The key advantage of SL3 in this story is the impossibility of copying keys. Such technology does not exist today.
I will separately talk about the risks of using card copying with a circulation of more than 200 copies.
- Risks on the part of the tenants - trusting the βmasterβ to make a copy of the key, the dump of the tenantβs key gets into his database, and the βmasterβ gets the opportunity to walk to the entrance, and even use the parking lot or parking space of the tenant.
- Commercial risks: if the retail price of the card is 300 rubles, the loss of the market for the sale of additional cards is not a small loss. Even if a "Master" for copying keys appears on one LCD, the company's losses can amount to hundreds of thousands and millions of rubles.
- Last but not least, aesthetic properties: absolutely all copies are made on low-quality discs. I think many of you are familiar with the quality of the original.
In conclusion, I want to say that only a deep analysis of the equipment market and competitors allows you to create modern and secure ACS systems that meet the requirements of 2019, because it is the ACS system in an apartment building that is the only low-current system that a resident encounters several times a day.
Source: habr.com