This article was published in September 6, 2020 Issue of RFID Journal SECURITY CONSIDERATIONS FOR EMBEDDED SYSTEM RFID READERS

By Kiran Vasishta, ELATEC, Inc.

This article is the third in a series on considerations for embedded system RFID readers for embedded engineers, solution architects and product managers.

In recent years, multinational corporations such as Cathay Pacific, Facebook, Uber and numerous others have been heavily fined due to security and data protection violations. This period has seen data protection laws increase as more and more information is gathered and shared online. As such, it becomes crucial to account for security capabilities when choosing an embedded device that touches potentially sensitive data. RFID readers very much belong to the ecosystem and any database or cloud server. While accounting wherein personal or user identification data is for security across a system is needed it is more transmitted either to a host system such as a PC or to important to consider the application or use case an endpoint such as a Human Machine Interface (HMI). that is in question. One should carefully evaluate the A passive RFID transponder, soft credential such as a consequences of any security breaches and if there is mobile phone app using BLE/NFC or smart cards and any sensitive information being exchanged from the other contact-based credentials all can carry sensitive RFID media to the host. As an example, the simple data or personal information. In the case of smart card choice of RFID media may directly lead to a compromise or contact-based credentials, the storage of personal in your intended application’s security. There are information such as name, address or date of birth is numerous references on security vulnerabilities related more prevalent compared to contactless credential to Low Frequency (125KHz) contactless transponder where an identification number may be used. types. The references focus on using interceptors In general, security as a concept is always related to to access unprotected static card information. The the entire system that includes RFID media (contact/ adversaries may then clone this credential that may be contactless credentials), RFID reader, the host system used for triggering action such as granting access to a facility or unlocking a computer. Some references also As mentioned previously, the overall security depends on highlight vulnerabilities in the Wiegand interface about every component of the system that includes the RFID intercepting the data signals to capture card value. reader. This article will mainly focus on some of the basic Therefore, some older RFID transponders and security considerations that need to be accounted for communication interfaces that may be based on the when choosing an RFID reader but also whether or not aforementioned technology or have been subject to your application requires these abilities. Some of the key vulnerability hacks are now considered fundamentally security considerations are as follows: compromised.

THE CONSIDERATIONS ARE:

1. DOES YOUR APPLICATION REQUIRE In a typical scenario, the card reader behaves as a ENCRYPTION CAPABILITIES? IF SO, DOES medium to facilitate data collection and transfer between the contactless or contact-based transponder and the THE READER HAVE THE CAPABILITY host system. The host system can either be an endpoint TO EXECUTE CRYPTOGRAPHIC that locally validates the credential presented to it or ALGORITHMS? it can be a microcontroller that sends data over the network to the cloud or a database for validation and In every application where RFID technologies are involved authentication. As mentioned previously, assessing there is a need to first assess whether encryption is whether the need for encryption is between the RFID required and if so, determine the exact channel where media and the reader or from the reader to the host is this needs to be enforced. It could be that the host important. If the former, the appropriate credentials are interface requires the exchange of encrypted data or the required. Depending on this factor you may then consider air interface needs to transfer protected data. Once the choosing an appropriate RFID reader. requirements are established, one may then evaluate the There are use cases wherein personal information strength of this security. such as name, address, date of birth or biometric data Furthermore, many types of contactless transponders can be stored within the credential, eg: smart cards can store data within their memory segments and or passports as credentials. Therefore, encrypting the encrypt or lock these segments with cryptographic exchange of such data both between the credential and keys. An apt card reader is one that can not only decrypt the reader as well as the reader and the host becomes the memory segments and access the data but also critical. Moreover, encryption algorithm engines such as provides an easy means for the end-user to carry out this AES, DES, 3DES, or the capability to implement custom operation. In many instances, the end-users have their algorithms, need to be present on the card reader as this own customized cryptographic keys for their credentials enables ease of integration. In cases where smartcards and are unwilling to share these keys with the card or contact-based credentials are used, the host system reader provider. Therefore, having the capability to load typically drives the communication in its entirety. So, the custom keys by someone other than the card reader card reader must also have: manufacturer becomes essential. This can be facilitated in + Software capabilities such as Personal Computer multiple ways, such as implementing high-level APIs and Smart Card (PCSC) or Chip Card Interface Device allowing the user to write applications for the card reader, (CCID) mode of communication. The availability of or it could be enabling the customer with a graphical user drivers to facilitate communication with the host also interface to enter keys used to access data sectors. enables easy software integration. 2. DO YOU REQUIRE ENCRYPTED DATA + Hardware support for communication standards EXCHANGE? IF SO, WHERE AND CAN such as ISO7816 and the presence of Secure Access Modules (SAM) slots and other contact-based THE CARD READER SUPPORT THIS? interfaces. 3. DOES YOUR APPLICATION REQUIRE stolen or the SAM modules being dismounted from the MUTUAL AUTHENTICATION WITH reader. The security considerations here do not indulge in these topics and appropriate precautions are to be put SECURE ACCESS MODULES (SAM) AND in place to improve the overall security of the system. RFID MEDIA? IF SO, DOES THE READER SUPPORT THIS? 4. DOES THE CARD READER HAVE

A Secure Access Module is a type of smart card that COMMUNICATION INTERFACES OTHER follows a contact-based communication standard to THAN WIEGAND SUCH AS RS485 OR interact with a card reader. These modules ensure RS232? the protection of security keys as well as facilitate cryptographic operations. Typically, SAMs are used to The Wiegand card as well as the Wiegand interface generate application keys based on a specific master for data transmission is a 40-year old technology that key or to generate session keys. They also enable secure originates from the Wiegand effect discovered by John messaging between the RFID media, the reader and the R. Wiegand in the early 1970s. While the Wiegand cards host system. are still in production, they have been largely replaced by newer and cheaper forms of access cards. However, Many contactless credentials hold memory segments/ these cards are still based on the Wiegand data applications that are encrypted with cryptographic keys. format that is susceptible to interception as the data These keys are often stored in SAMs and supplied to are available in plain text. Also, the Wiegand interface card reader manufacturers. This not only ensures the introduced in the 1980s remains prevalent across the security of the keys but adds a step in the authentication logical access as well as the physical access control process. The card reader in this case should first industry despite various security vulnerabilities. This perform authentication operations with the SAM technology no longer conforms to the current security and then carry out a series of cryptographic and bit standards. It is therefore important for integrators to manipulation operations between the contactless card choose a communication interface that can offer higher and the SAM. This can be further secured by adding a security from interception and support encrypted data key diversification step. The card reader must be able exchange. to support such a scenario both in the hardware as well as in the software. Many end-users require the 5. DO YOU REQUIRE TAMPER DETECTION card reader to natively support such a scenario and have the ability to provide high-level API’s to help in TECHNOLOGIES? IF SO, CAN THE their implementation. In addition to this, high-security READER MEET THIS REQUIREMENT? applications demand the transfer of data in an encrypted The need for tamper detection largely varies from format. One can ensure end-to-end encryption/security one application to another so it is more important with the help of SAMs. In such an architecture, the to consider whether this level of security is suitable reader facilitates mutual authentication with the RFID for your respective use case. As an example, card media and the SAM, thus transferring protected data readers attached to multi-function printers (MFPs) over a Radio-Link and also ensuring the security of for releasing print jobs in an enterprise environment encryption keys. The reader can also transfer data can be considered less critical since tampering with encrypted by the SAM to the host system maintaining a the reader can ultimately lead to the downtime of high level of security across the system. the printers but will not compromise the safety of Note that the safety of distributing SAMs as well as your documents. Typically, in such scenarios, the card administering the installation process within the reader reader works hand in hand with the MFP and a print should be treated as a separate issue and tackled management solution that ensures the release of accordingly. There is also an issue of the readers being print jobs. Therefore, if the card reader is sabotaged For more information contactour Application Specialistsatthelocationsbelow: Electronics andCommunications degreefromtheRNSInstituteofTechnology inBangalore,India. in ElectricalandComputerEngineering fromtheUniversityofCalifornia,Riverside, andaBachelorofEngineering, consultation andsupporttoOEMs,softwaredevelopers,integrators. KiranhasaMasterofSciencedegree technical customersupportfromthePalmCity, Floridaheadquarters.Heandthe teamoftechnicalspecialistsprovide Kiran Vasishta sensitive information. The needto encrypt configuration/ for filesdonotcarry these asimple reasonthat any firmwarethe tobethe configuration or encryption protected by keysencryption doesnotrequire this numbers fromanRFIDmedia or isn’t usingdata example, ifan card static end customer isreading might require based encryption on your usecase.For except software herethe updates or configuration case the processisquite similar of cardreaders,the security patches or appupgrades over network. the In updates asatsomepoint our phoneshave received We’re aware all of system software andapplication againstthreats. superior protection canbe that embedded directly cardreaderforon the market suchasmechanicaland tamperdetectors optical device.of the There areseveral technologiesinthe technologiescanimprovetamper detection security the exchanged cardreaderand the with eventually host, the involvedcredentials aswell isbeing datathat asthe Inconclusion,depending article. the application, on the considered separatelyandare scope outside the of this device. the associated with These topicsneedtobe towards device compromisingthe integrity data or the evaluate consequences the of any directed attempts Onemustthoroughly certainly needgreaterprotection. hand, high-security environments suchasdatacenters prevents release the of any information. Onthe other MFP the or tamperedwith, simply solution or the elatec.com 6. READER MEETTHISREQUIREMENT? THE CARDREADER?IFSO,CAN BE SECURELY SHAREDORLOADEDON CONFIGURATION ORFIRMWARE TO DO YOUREQUIRETHEREADER'S isaFieldApplicationEngineerforELATEC Incresponsibleforengineering, applications [email protected] + Puchheim, Germany EMEA 49 8955299610

americas-info@elatec. + Palm City, Florida,USA AMERICAS 1 7722102263

com

file. readerisnowsince the receivinganalready encrypted updateprocess sharingprocessbutalsothe secures the configuration the with offirmware updates. Thisnot only cardreadermanufacturers the with toloadnew readers customers toperform updatestothe existing readers or no longerposeasecurityriskandcanbesharedwith configurationthe firmware or iswill thefile encrypted, encrypted sinceitholdssensitive information. Ifthe configurationscenario the orfirmware mustalsobe havethese that holds aconfiguration keys. Insucha their existing cardreaders or new cardreadersmust credential keys.encrypted with This meansthat either should acustomerwishtomove toahigher security of aproprietarycorporateformat isconfidential, that or readercontainsanythe personalinformation or ispart firmware thatisbeingread thedata filesarisesif by OEM’s andsystemintegrators. accommodating futureadaptionswillprovetobetherightchoice for security featuresbutalsohasaflexiblesystemdesigncapable of In conclusion,choosinganRFIDproductthatnotonlyhastheabove correspondthat application. resulting tothe view butalso elucidates the exact securityrequirements not only helpscementthe end system’s overall security account for securityfeatures the needed. This process various securechannels, can only then one beginto concept,systemthe architecture, dataflow as as well requirementsand establish objectives. After developing should work subjectmatter with experts fieldand inthe thoroughly evaluate respective the application. They customer.the Any integratorfirstand foremost should requirement chosen needtobeappropriatethe of securityfeatures the but moreimportantly are that carry aforementionedout the securityconsiderations itis After all, can tochooseacardreader that essential [email protected] + Shenzhen, China ASIA 86 15817591668

[email protected] + Sydney, Australia AUSTRALIA 61 449692277 and

[email protected] + Tokyo, Japan JAPAN 81 355799276

© 2020 ELATEC Inc. – 9/2020. All names are registered trademarks of their respective owners.