Create an Account
username: password:
 
  MemeStreams Logo

Proximity Cards
search
Home Agent Weblogs Social Network Post Help About

k
Picture of k
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

k's topics
Arts
  Literature
   Fiction
   Non-Fiction
   Sci-Fi/Fantasy Literature
  Movies
  Music
   Pop
   Electronic Music
   Rap & Hip Hop
   Indie Rock
   Jazz
   Punk
   Vocalist
  Photography
  TV
Business
  Tech Industry
  Management
  Markets & Investing
Games
  Video Games
   PC Video Games
Health and Wellness
  Fitness
  Medicine
  Nutrition
  Weight Loss
Home and Garden
  Cooking
  Holidays
  Parenting
Miscellaneous
  Humor
Current Events
  War on Terrorism
  Elections
Recreation
  Cars and Trucks
  Martial Arts
  Camping and Hiking
  Travel
Local Information
  United States
   Atlanta
Science
  Astronomy
  Biology
  Chemistry
  Environment
  Geology
  History
  Math
  Medicine
  Nano Tech
  Physics
Society
  Activism
  Crime
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
  Relationships
  Religion
Sports
  Football
  Skiing & Snowboarding
Technology
  Biotechnology
  Computers
   Computer Security
   Cyber-Culture
   PC Hardware
   Human Computer Interaction
   Knowledge Management
   Computer Networking
   Computing Platforms
    Macintosh
    Linux
    Microsoft Windows
   Software Development
    Open Source Development
    Perl Programming
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Proximity Cards
Topic: Computer Security 4:50 pm EST, Feb 27, 2007

This is rather magical, considering that the tag is credit card-thin and contains no battery. The trick is the same as for RFID tags. The reader constantly transmits a rather strong carrier; the tag derives its power and clock from this carrier, kind of like a crystal radio. The tag changes how much carrier it reflects back at the reader—loosely, it makes the circuit across its antenna more like a short or more like an open—to transmit its code. The reader and the tag both have antenna coils tuned to the carrier frequency; they work like a loosely-coupled resonant transformer.

I'm not sure this is a correct assumption in all cases. Certainly there are many passive cards (perhaps most of them?) which utilize the induced current from the sensor to drive the action of the card.

I believe, however, that there are also active cards, with an internal battery, which work by receiving an activation signal from the reader, thus causing them to transmit their ID. Crucially, the range of that transmission wouldn't be related to the power of the reader's signal, because it's generated internally. You could trigger the card to send it's ID from arbitrarily (as powerful as you could make the signal) far away, but the card's never going to transmit with enough power to be read at that same distance.

The one semi-sensible thing the HID representative said was that a cloning attack would be far more difficult for such active cards. Not impossible, just difficult. You really would have to get the cloning sensor within a couple of inches, perhaps less.

I know for a fact that I've had cards which contain batteries and when they fail, the reader does nothing... not denial, not error, nothing. This indicates to me that the card itself controls the power and therefore the range of the signal carrying the ID code.

That being said, if such a cloning attack is so hard, why is it so dangerous to release schematics for a cloner? It's paradoxical for the company to say simultaneously that the attack is almost impossible to execute and that it's a dangerous and irresponsible thing to discuss.

The truth is at the crossroads of all these things. For some cards, this is a danger, for others, much less so. Regardless, customers of these systems will get nervous and it'll cost the vendors time and money, possibly a lot of it. Ergo, no matter how real the threat is, the vendors will shut it down so as to save the implicit loss of customer trust. They should rely on their customers to listen to them when they say, "Yes, this was demonstrated, it's not a threat against X, Y and Z product lines because of A, B, C reasons and product line Q is being phased out for precisely these reasons." Twisting the legal system to derail security research is wrong.

Proximity Cards

Thread [2] - Reply


  
 
Powered By Industrial Memetics		RSS2.0