In this project, I will focus security part of an RFID door system. RFID makes life easier when surrounding ecosystem is suitable for it. I can go for running as card can open the door and I can pay for the spring water while returning with my phone's NFC. No need to carry wallet and keys. However, when system is not designed properly, there may be some room for malicious usage.
In the school, I want to access computer room but it was protected by RFID enabled door. I have registered my ID card but there were some issues. I dunno the exact reason but my card is not working for the door. Though, it works for other doors and contactless payment. I think the door system has some issues. The technician has enabled my bus card for the temporary access. I was amazed by the solution (security!!!). There shouldn't be much security. I have some RFID tags with lots of dust so I decided to see if I create a card to access the computer room.
I will try to clone the card I have. If a card only transmits some numbers like only ID, it should be easy. I will try and see If there are some precautions or not. If I can achieve that I will look for a solution to mitigate it (encryption, server checks, and other things I will figure out on the way).
Warning: cloning a card is not legal and there may be some punishment. I am testing this on a place where I am allowed to do so.
Update:12/12/2022
My bus card, also the card opening the door, is working on 13.56MHz MIFARE card. When I read the card I can see its user ID (UID) and data fields. As school use random card for the access, I assume they only use the UID for authorisation. However, UID of RFID card is easily available to anyone. There are also user UID programable (not all of them) RFID cards. When you know the UID then there is no barriers to access.
If you have an Arduino board and RFID module like RC522, there is existing library from miguelbalboa that will change UID. So, it is too easy if you know the ID. My card ID is E4 2E 7B C5 so I just need to write ID of my key fob that value. The only change from the example code is as follow:
/* Set your new UID here! */
#define NEW_UID {0xE4, 0x2E, 0x7B, 0xC5}
With this simple change, I can clone the card. If my assumption the door only check the UID is correct, it should open the door.
Then I tested the key fob on the door and as you can see in the video below, it granted the access.
At the current form, it is very similar to keypad pin accessed door. If some one gets the pin or UID of card, the security is broken. How can we improve the security? There are a few things to improve current system without changing the system.
First the gate should have some countermeasures. If there is too many unauthorised access attempts, the door can slow down the processing. This will prevent the brute force attacks. There can be also sound alarm to signal surrounding or a better way to inform security to check the suspicious activity.
The second way is to have some cryptographic techniques. For example we can have challenge-response implementation. The server(the gate in here) will send a random number to the card(or key fob), then the card will generate a response to that random number with its private key. The issue here is storing and distributing the key securely. The key can be stored in MCU which have some protection mechanism. This method requires two-way communication.
