Implementation principle of physical access control system

This application note provides a new perspective on physical access control systems from an information technology (IT) perspective. This article compares various types of lock technologies (mechanical, magnetic card, contact, RFID) and evaluates the pros and cons of these locks. Locks that use challenge-response authentication overcome the limitations of traditional static data door locks. This article explains how challenge-response works and lists and compares the corresponding locks. This article also explains why challenge-response authentication is more secure than static data.

This application note discusses several different types of access control systems: mechanical, magnetic card, contact, and RFID. It discusses the importance of challenge-response authentication (challenge, encryption, and message authentication code or MAC) and the SHA-1 algorithm. Finally, it explains why challenge-response authentication is more secure.

Lock control device based on information technology (IT)

Strictly speaking, any key stores information like a ROM (read-only memory). The lock "reads" the data on the key, and if it matches the lock's rules, it is allowed to pass. The overall physical size of a mechanical key and the minimum size (e.g., unit increment) limit the code space that can be selected. For a given type of key, hundreds or thousands of keys can be manufactured without duplication, and the exact number depends on the type of key. Magnetic card keys can store information on a small ferromagnetic material. Magnetic cards can be divided into multiple parallel magnetic tracks, each of which can be written with more than 500 bits of data. Contact electronic token keys (such as iButton® devices, chip cards) store information on silicon chips. The number of bits that can be stored ranges from as low as 64 bits (DS1990A) to unlimited capacity. Contactless keys start with 26-bit models, and in fact there is no upper limit to the capacity of such keys. Magnetic card keys are very popular in hotel access control systems. Electronic token keys, whether contact or contactless, have become popular in employee badges.

Current situation and problems

Whether it is a mechanical lock or an electronic lock, the opening method is based on whether the static data meets the lock's own rules. With electronic locks, the data can be a simple serial number, a large amount of stored data (magnetic card or memory chip card, etc.), or a combination of the two. The less information a key carries, the more keys can be provided for a given lock.

Mechanical keys come in many different types and sizes¹. The "owner" of the lock has no way of protecting the key from unauthorized duplication. In addition, the lock can be opened maliciously using cheap tools². Due to the limited "code" space, such locks cannot guarantee the uniqueness of the key. Over time, the key structure slowly wears down, making it more difficult to open the lock.

While code space is not an issue for magnetic key cards, they can be easily copied² or erased. Magnetic cards also suffer from wear and tear issues.

ROM-based electronic keys can prevent cloning or copying. Contact keys² and RFID keys² use similar principles. In addition to the Wiegand protocol and its derivatives (26-bit or 36-bit) protocols, electronic keys have enough code space to ensure the uniqueness of each key code.

Next-Generation Security: Challenge-Response Authentication

Traditional electronic locks rely on static data, which is the key's access authorization. This immutable principle makes it very simple to clone the key. In fact, if the key can receive an uncertain data challenge from the lock and respond in a specific data format based on the received data, a higher level of encryption can be achieved. This process includes publicly readable data and hidden data known only to the key and lock.

This uncertain data sent by the lock to the key is technically called a random challenge, the hidden data is called a key, and the response is usually called a message authentication code or MAC. The message contains the challenge, publicly readable data, the key, and a constant (padding number). To verify the validity of the key, the lock calculates a MAC based on the same challenge, the data read from the key, the key, and the constant. If the MAC calculated by the lock matches the MAC of the key's response, the lock considers the key to be legitimate. Technically, this process is shown in Figure 1 and is called challenge-response authentication. If, in addition to the validity, the publicly readable data in the key matches the lock's standards, the lock is opened.

Figure 1. Challenge-response authentication data flow

In cryptography, an algorithm that generates a fixed-length MAC from a string of information is usually called a one-way hash algorithm. "One-way" means that it is usually difficult for the algorithm to output a large amount of information from a fixed-length MAC. When using an encryption algorithm, the length of the encrypted information is often proportional to the original information.

SHA-1 is a fully verified and internationally recognized one-way hash algorithm. The SHA-1 algorithm was developed by the National Institute of Standards and Technology (NIST) of the United States and has now become an international standard ISO/IEC 10118-3:2004. The mathematical formulas that the algorithm relies on have been made public on the NIST website. The differences between the SHA-1 algorithm and other algorithms are:

Irreversibility: The algorithm cannot reverse the input through the corresponding MAC.

Anti-collision: It is impossible for the algorithm to find another input message that can produce the same MAC.

High avalanche effect: Any change in the input will cause a large change in the MAC result.

For these reasons, and because the algorithm is globally validated, Maxim selected SHA-1 for challenge-response authentication.

Challenge-Response Authentication Key

Currently, there are many companies around the world that can mass-produce electronic locks, whether contact or contactless. Its main components are microcontrollers with built-in firmware (such as software programs) and memory, which is used to store keys (such as serial numbers or text strings) that can be accepted by the lock. Based on the design, the door lock should have all the resources to work with the challenge and response keys. All locks require firmware updates.

The DS1961S challenge-response iButton, with its built-in SHA-1 engine, was introduced in 2002. The contactless MAX66140 ISO 15693-compliant secure memory button was introduced in 2010. Although the communication interface and form factor are quite different, the two devices have many things in common, as shown in Table 1. Both support SHA-1 authentication, have 64-bit keys, and 1024 bits of user-programmable EEPROM. Keys can be loaded and calculated (this step does not require authentication), and write protection can be performed. Writing to the memory requires authentication, meaning that the device can only be written if the key is correct. As a new product, the MAX66140 uses a 5-byte challenge, as opposed to the 3-byte challenge used by the DS1961S. The MAX66140 also provides a memory write count, making tamper detection easier and expanding the device's application from access control to closed-loop electronic payment systems.

Table 1. DS1961S vs. MAX66140 Comparison *The MAX66140 is planned to be available with an ISO/IEC 14443 Type B interface equivalent key.

Highly secure challenge-response authentication

Building and maintaining a challenge-response authentication system requires a key programmer (i.e., an electronic device) and, depending on the system requirements, a key host. The key programmer must know the data conversion and encryption algorithms specified by the vendor to generate the required keys. If the system supports this feature, the key host can be used to update the ID numbers of known keys according to the list stored in the door lock. As with any security system, these physical layer tools must be strictly controlled to prevent unauthorized use.

Create a new key or copy a key

Authorized managers can use a key programmer to install a valid key in a blank key and write valid data to the memory (when duplicating a key, the data is directly copied from another key). In this way, a new key can be obtained. Depending on the firmware of the specific door lock, it may be necessary to use the key host to add a new key ID to the list of known keys in the lock. Hackers can add any key to a blank key and then store valid data in the open readable memory. However, it is almost impossible for the key obtained in this way to pass the challenge and response authentication because its key is invalid.

Changing access rights for a key

Using the key programmer, an authorized administrator can update the memory data to change the key permissions. Without knowing the secret key or having access to the proper device, a hacker cannot gain MAC write access and therefore cannot write to the key memory.

Scrap a key

Using a key programmer, the administrator can change the contents of the key memory, setting it to "factory default" or any other invalid state, but the key will remain unchanged. If a list of known keys is kept in the lock, it is recommended to delete the ID of the invalid key from the lock. The key key can be restored for later use. The hacker's approach is to establish the key through brute force.

Anti-cloning protection

Consider a situation where a hacker obtains a valid key with the help of an eavesdropping or recording device, and then repeatedly sends it to the door lock, analyzes the recorded data, obtains the challenge issued by the door lock, and the key generates the MAC. If the firmware is designed properly, the challenge should be a random number, making it impossible for the hacker to obtain all the combinations of challenge responses, and eventually give up this theft channel.

If the firmware is poorly designed and uses fixed challenges or randomly generates challenges from a very small template, this will give hackers an opportunity to exploit. The hacker can configure the key emulator with a valid key ID, memory data, and the challenge sent by the door lock and the corresponding authentication MAC read. If the hacker has saved a list of known keys, the simplest countermeasure is to delete the list in the door lock. Systems that do not use such a list are not without defense. To detect key emulators, the door lock can write a random number to an unused memory location inside the key. The emulator will also accept these write operations because it cannot recognize which MAC write operations are valid. The door lock then reads back the data that was just written together with the verification MAC of the read page. Because it cannot do this, the emulator cannot generate a valid MAC and the operation fails.

Key leakage protection

The 64-bit data used as the challenge and response authentication key can be loaded or calculated. The worst design is to write the same key to all the keys in the system. Once the key is leaked or discovered through repeated trials, the security line of the system will be destroyed. Therefore, the key for challenge and response authentication can calculate a new key based on the initial (current or loaded) key, partial key, memory page data, and device-specified constants. In this way, the key will not be exposed to the outside. Using the 64-bit ID of the key as a partial key, a dedicated key for the device can be generated. If the key of the key is leaked, only this key needs to be repaired without updating the entire system.

in conclusion

In some places where electronic locks or electronic access control are installed, the security of the system can be significantly improved by using a challenge-response authentication system. Challenge-response keys can use a contact interface or a wireless interface. The data in the challenge-response key is protected from unauthorized modification. The write count counter of the memory monitors tampering operations. A cloned challenge-response key cannot pass the authentication test, even if the data in the publicly readable memory is valid. Upgrading a challenge-response key is very simple, just set a new key or install new firmware in the lock or reader.