SPACER

Secure Physical Access Control Enhanced Reader

Implementation of physical access control systems (PACS) assumes the realization of unambiguous identification of each user of the system. One of the most widespread methods of users’ identification is application of personal contactless cards. The contactless reader reads out the unique identifier of a card/user from a card in a distance of several centimeters, and through the interconnection link transmits it into the PACS controller, which "decides" about the access of the user into the controlled area on the basis of the authorization matrix. Therefore, security of the system is basically defined by the protection level of the protocol of interchanging between a card and a reader from threats of card fake/emulation.

Thus, the absolute majority of PACS installed in the territory of CIS today, either does not support cryptographic protection (i.e. store and transmit the card identifier in the insecure way), or uses the "proprietary" cryptographic algorithms with the limited key length (usually 48-96 bits). The «closeness» of the algorithm means that its structure is the confidential information of corespondent vendor, and the algorithm has not passed an independent audit of security (for example: Mifare Crypto1, EM Crypto, My-D Crypto). Thus, as a rule, easy-to-implement stream cipher is used, and its firmness is based on "privacy" of the conversion, therefore, after its re-engineering, the task of the key retrieval moves from cryptanalytic field to engineering one. Another widespread weakness of popular PACS using cryptography cards (for example, MIFARE Standard) is non-transparency or total absence of keys handling subsystem. The private keys of cards and readers are often defined directly by the manufacturer; therefore, the security structure of the customer should assume the policy of absolute trust to the manufacturer.

The upcoming trend of development of the modern PACS is the application of the contactless smart cards supporting approved cryptography with known strength level (for example, Triple-DES or AES).

The MIFARE DESFire EV1 cards supporting cryptographic algorithms TripleDES (168 bit key) and AES (128 bit key) possess the greatest protection index among the low-end contactless cards. Besides, these cards have a flexible file system and supporting of the mechanism of "transactions" that allows to create safe applications of micro payments on their basis. The MIFARE Ultralight C cards having lower price and supporting the TripleDES algorithm with a key length of 112 bits are also of interest.

Microcrypt Technologies Ltd. offers own solution for cryptographic protection of contactless cards for monitoring and access control systems. Our solution includes system of the contactless intellectual readers supporting MIFARE DESFire and MIFARE Ultralight C cards, and also the auxiliary software which ensures flexible handling of PACS key system and audit of appropriate processes. The main advantages of our solution are:

Creation of key system is carried out by a Customer directly;
Generation, storage and application of working keys is fulfilled in the reader only (keys do not fall outside the reader in the clear);
Support up to 12 independent secure areas with independent key system in each area;
Common card - common safe-conduct for all secure areas;
Possibility of "transparent" integration into the existing or re-created PACS from different manufacturers.

All stated advantages of SPACER allows to eliminate the aforesaid problems, common for traditional solutions on the basis of RFID, and to create fully-featured system of security on the basis of a wide range of existing PACS.

The main functional specifications of the system:

Possibility of flexible handling of key system;
3DES and AES algorithms of enciphering are supported;
Protocol of interchanging with a card is cryptoprotected;
Keys of each card are unique;
Two-factor authentication: card + PIN-code of the owner (option);
Independent key system for each access area;
Possibility of independent change of keys in different access areas;
Change of working keys of readers by means of "transport" cards;
Joint operation of old and new keys during upgrade of key system;
Backup of working keys;
Independent administration of each access area;
Sharing and monitoring of authorities of PACS operators;
Distribution of authorities of auxiliary readers at the stage of their initialization;
Support of widespread communications protocols with PACS controllers;
Possibility of stage-by-stage transition to cryptographic cards in operating PACS.

SPACER system hardware is developed on Smart-RF Platform platform and includes three types of readers:

«Executive» - It is intended for authentication of a card and transmission of its code to PACS controller. It supports the import mechanisms of the area working keys. It can be initialized only for one access area.
«Master» - It is intended for backup storage of the working keys and performance of the service functions: creation of the user's cards, their initialization by keys of access area, export of working keys to transport cards. It can support up to 12 access areas simultaneously. It can fulfill functions of the Executive reader.
«Root» - It is intended for generation of master keys of access areas and creation of transport cards. It is the functional enhancement of the Master reader. Only one Root reader should be used in each access area!

"Executive" readers are fulfilled in a housing for wall mounting, "Root" and "Master" readers are the service readers and are made for desktop usage.

The service reader allows fulfilling of the configuration (limitation) of its functionality at a stage of the primary initialization executed by the Customer. Thanks to this, the organizational-technological separation of staff's authorities using these readers is possible. The separation of the following authorities is available at configuration level:

generation of working keys;
export of working keys to other readers;
initialization of new user's cards;
upgrade of access keys to area on a user's card;
reading and verification of user's cards.

Besides, each reader allows to divide authorities of operators by authorization on the basis of PIN-code (password). For this purpose it is possible to define two PIN-codes: «Administrator» and «Security Officer» at the stage of primary initialization of the reader. The functional separation of authorities is fulfilled as follows:

«Administrator»: configuration of readers and handling of working keys;
«Security Officer»: issuing and handling of cards;
«Operator» (without authorization): operation in a monitoring mode.

Except readers the system includes the software for OS Windows 2000/XP/2003/2008/Vista, intended for customization of the system, handling of the readers and fine integration with indirect ACS software. The system software functions include:

Logging of all processes in the system;
Initialization of all readers by the Customer's parameters;
Creation and registration of user's cards;
Creation and registration of "transport" (service) cards;
Invalidation (erasing) of cards;
Handling of access areas on the users' cards;
Handling of generation/export/import of working keys on the service readers;
Reading and verification of cards.

The system software includes the range of applications realizing the main functional roles:

Database for accounting of all SPACER management actions (MS SQL 2005);
Manager of readers;
Manager of user's cards;
Manager of working keys;
User cards validator (demonstration).

And also tools of integration with indirect developers of PACS software:

Scripts and stored procedures for creation of DB of necessary structure;
Libraries of direct handling of readers (managed and unmanaged versions);
Library of business transactions flow (handling of the reader and DB support);
Library of business transactions flow with user interface support.

We were guided by two principles while creating our system: support of uncompromising security and simplicity of service.

SPACER

Presentations