Security in access control systems using RFID

Abstract

The subject of this bachelor thesis is security in access control systems using RFID. The amount of RFID systems is increasing and RFID is being used in more and more areas. Further, more ciphers and security systems are broken which makes it easier for individuals to obtain the materials and the knowledge needed to attack RFID systems. The requirements and scales of the systems has increased and the security has in many cases not been able to keep up with this development. The work was conducted as a case study where three di erent systems were examined, for each system several tests were devised to nd and exploit weaknesses in ciphers and implementations. A number of commonly used varieties of RFID were tested, including Mifare Classic and EM4100/EM4200. The tests cover several di erent attack scenarios, for example copying tags, spoo ng tags and destroying tags. Based on the results of the case study, we discuss the security problems identi ed and propose a number of possible solutions, both regarding the usage of already existing systems and considerations when purchasing and installing a new system. Unfortunately, due to the sensitive nature of this study, some information about the speci c cases can not be disclosed. In general, RFID as it is used in access control systems today is not secure, but improvements can be made and implementations which are considered cryptographically secure do exist.