Cyber Security of Proximity Credentials

Encrypted Proximity Card Numbers

Proximity cards are a key element of the cyber security of the access control system. The EM 125 kHz standard cards are the most popular group of proximity credentials. Such cards are not cyber-secure in any way and can be copied by using readily available equipment or by persons providing such services. 13.56 MHz MIFARE® cards are the second group of commonly used access credentials. This group includes many types of identifiers that differ in the technology of data storage on the card. Access control systems can read from the MIFARE® card the serial number (CSN) or a number programmed in the card memory (SSN). The CSN is unencrypted and may be duplicated. The SSN is encrypted with an individually set password, which makes it copy-protected.

    With regard to MIFARE® cards, please note that:
  • Using a MIFARE® card's CSN (Chip Serial Number) does not provide any protection against card cloning. This applies to all types of MIFARE® cards
  • Using the SSN (Secure Sector Number) of the MIFARE® card requires the use of readers that support the encrypted sectors of the proximity card
  • Most of the MIFARE® readers available on the market do not offer support for encrypted card sectors and can only read the non-encrypted serial number of the card (CSN)
  • All MIFARE® readers from Roger support the encrypted MIFARE® card number (SSN)
  • Using the card's SSN requires proper configuration of the readers used in the access control system
  • So far, there are no known methods of breaking the security of MIFARE® DESFire® and MIFARE Plus® cards working in SL3 mode

To ensure the highest level of security for proximity cards in the access control system, it is recommended to use MFC-4 (MIFARE® DESFire®) or MFC-7 (MIFARE Plus®) cards.

about security aspects in the RACS 5 access control system.

Secure Credentials Read Encrypted MIFARE Transponder Numbers (SSN)