HID’s PACS Security Guidelines executive brief details best practices for ensuring readers remain resilient to tampering and attacks.
Unlike controllers, which are typically installed within a secured server room, door readers are typically wall-mounted and visible to people travelling throughout a facility, or externally, such as at carpark barrier gates or perimeter doors, making them relatively vulnerable to anyone looking to gain unauthorised access.
Given the critical job of the reader in reading user-credential data and communicating the data to a controller, it pays to ensure that best practices are followed to protect the reader from compromise.
In turn, it pays to get up to speed on these best practices via HID’s PACS Security Guidelines, Covering topics such as protecting against downgrade attacks, preventing unauthorised physical access to readers, and securing reader/controller communication, this handy resource has got your readers covered.
“Downgrade attacks take advantage of a system’s backward compatibility to force it into less secure modes of operation. This allows attackers to intercept and decrypt sensitive data.”
Migration mode mindfulness
Many HID products, such as HID iCLASS SE, multiCLASS SE and Signo readers, can operate in migration mode, which is a mode that permits the use of multiple credential technologies, allowing modern credentials to be phased into existing legacy deployments – users continue using their current credentials while also being able to use new, more secure credential.
By avoiding the need to reprogram new credentials into the controller for each user, HID migration mode allows an existing access control system to be gradually upgraded from legacy credentials to modern credentials without any disruption to existing operations.
While migration mode delivers smoother upgrades, it should be used with care. Once the upgrade phase is complete, legacy credentials should be disabled via HID Reader Manager.
Also, given that some HID readers come with migration mode enabled by default, if the facility is not upgrading to newer credential types and backwards compatibility is not required, HID recommends ordering readers in the Seos profile configuration.
Seos profile readers are preconfigured to only support HID’s higher security credentials. They do not permit migration mode to be enabled.
Leaving readers in migration mode or allowing unused legacy credentials makes PACS vulnerable to what is typically referred to as a ‘downgrade attack’ (also referred to as a ‘bidding-down attack’ or ‘version rollback attack’).
Downgrade attacks take advantage of a system’s backward compatibility to force it into less secure modes of operation. This allows attackers to intercept and decrypt sensitive data.
Monitor tamper alarms
Access control reader tampering involves unauthorised modification or manipulation of the reader to bypass security measures and gain access. This can be done through various methods, including physical tampering, software exploits, or capturing and retransmitting card data
Logically, the Guidelines recommend that readers have tamper alarms enabled and that PACS software has monitoring enabled, so that security personnel can be notified immediately when a reader is removed from the wall. Readers should also be placed in areas covered by video surveillance, allowing investigation of alarms.
Steps to prevent unauthorised physical access to readers should also include preventing access to reader power wiring.
“Controllers and IO modules that support supervised circuits or line state monitoring such as open circuit, shorted, grounded and foreign voltage, should be configured to use these tamper detection mechanisms,” states the Guidelines.
“These monitoring controls offer additional protection to detect physical tampering with wired infrastructure, especially man-in-the-middle type attacks at the communications layers.”
Protect reader/controller communication
HID Signo, iCLASS SE, and multiCLASS SE readers support legacy Wiegand transmission (unencrypted, unmonitored) and Open Supervised Device Protocol (OSDP). Importantly, OSDP v2.2 allows the implementation of AES-128 encryption and bi-directional communication between readers and door controllers.
Where default OSDP secure channel keys are used, however, it may be possible for an attacker to intercept reader/controller communication to obtain sensitive credential data, emulate credential presentation without knowing credential keys, or perform denial of service attacks or tamper with readers without detection. HID recommends that these secure channel keys be periodically rotated, adequately enforced and managed.
HID also recommends HID Reader Manager – rather than configuration cards – for configuring and updating HID readers. Use of configuration cards should be ceased and they should be destroyed so that sensitive information cannot be retrieved from them.
“Customers should also update reader firmware regularly to receive the latest features, fixes and security improvements,” states the Guidelines.
“Over the coming year, HID will be releasing additional tools to simplify and scale this process. Until then, HID recommends customers monitor reader firmware release notifications and install the updates whenever feasible.”
Click here to find out more and to view HID’s PACS Security Guidelines.
Be the first to comment