3M Cogent, Inc.White Paper

a 3M Company

BeyondWiegand:

Access Control in the21st Century

In the first decade of the 21st century, physical security technology, like other technologies, has advanced at blinding speed. Physical access control, digital surveillance, building automation, and intrusion alarms now offer unprecedented features and capabilities in security.

In other words, if access control technology in the 20th century was about opening doors, it means something different in the 21st century. It means intelligent, secure, and scalable biometric readers and data networks as well as open software platforms that can accommodate any number of business applications and changes in standards.

But despite this, most 21st century access control systems are still wired into old technology.

To better understand this, take out your smart phone. You are holding in the palm of your hand more technology, more capabilities, more software, more memory, and more computing power than the guidance computers that sent Apollo 11 to the moon and back in 19711.

Contemporary access readers can boast the same level of technological sophistication. The modern access reader outpaces the average 1970’s access reader in much the same way as your smart phone surpasses the rotary phone.

However, the typical physical access reader, which is overflowing with impressive computing power, is still tethered to a technology – the Wiegand interface – that hasn’t changed since the Apollo 11 went to the moon.

security featuresUnprecedented

& capabilities

Why Wiegand?In 1970, John Wiegand invented a wire that could quickly switch its magnetic polarity when exposed to the magnetic information on wires embedded in a card and then accurately transmit this information electrically as a series of on and off signals through the wire to an electronic sensor.

In a Wiegand system, the “key” is not the card, but the binary number magnetically written on the card and transmitted through the Wiegand reader and wires as a series of 0’s and 1’s. Attached to the other end of the Wiegand reader was a control device, which could check the number against authorized numerical keys for that door.

In the 1970’s and 1980’s, this was the hottest technology in access control. However by the late 1980’s, Wiegand reader technology had been replaced by better and more secure proximity readers such as encrypted credentials, smart cards, Radio Frequency Identification (RFID), and biometrics; all of which crowded out the older Wiegand reader technology.

Yet the new technologies were still hard-wired into the old Wiegand communications rather than more sophisticated and secure data communications.

The reason for this is that the Wiegand wiring was already installed in most people’s walls and the majority of access readers still sent data upstream through the Wiegand interface. This is a mistake that has had economic impact in the security and usability of access control systems.

The Problem with WiegandWiegand is plain text. Wiegand data is not encrypted and follows a simple and well-known format, making it very easy to copy.

Wiegand is easily intercepted. Wiegand IDs read from a Wiegand connection can be easily reproduced and replayed.

Wiegand only uses one-way communication. Mutual authentication – a “cryptographic handshake” – never occurs between the reader and the access control system. As far as the control system is concerned, any Wiegand ID coming through the Wiegand wires must be from the reader.

In the most simplified sense, the technology of secure access control relies on one or more basic components:

• What you have – for instance, a key, a smart card, or a token.

• What you know – as when you use a password or Personal Identification Number.

• What you are – your unique biological characteristics that can be measured and compared, such as fingerprints, facial characteristics, or other biometric information.

Technological innovations in access security reader systems over the decades have been designed to lock down the security of these three access control components.

(continues on following page...)

1 The Apollo Guidance Computers (AGC), years ahead of their time, boasted 12K read-only memory, 1K RAM, clocked in at 1 MhZ, and could perform 11 instructions simultaneously. Needless to say, a $20 cellphone handily beats the AGC in computing power.

For example, the latest Personal Identification Verification (PIV) devices require the following:

• Users must present a card that has been issued after they have been checked against an FBI database search.

• Each card must include encrypted data about the user such as PIN, PKI certification, and biometric information.

• Users must present the card to the device, input a PIN, and present one or two live fingerprints.

• The reader must be able to verify the card, match the fingerprint, and verify access with a Certifying Authority.

These technologies make it nearly impossible for unauthorized people to hijack, copy, or use any combination of these components in order to gain access to controlled areas unless the readers are wired into a legacy Wiegand system.

When a smart card or biometric reader is wired to a Wiegand interface – as most of them are – then no matter what the input or how formidable the encryption, the reader will generate an open-format, unencrypted Wiegand ID from the match and send the old Wiegand ID to a controller.

In other words, at the credential level, the reader can function at the highest, most customizable, and most bullet-proof security level the technology permits. But once the reader starts communicating with the controller, the technology reverts to the most insecure, least adaptable, and most easily stolen and copied format possible. Wiegand Lives in a Gecko World

At the 2007 Defcon 15 Hacker Conference, a security hacker unveiled an easily and cheaply constructed device called the “Gecko.” This device required less than $10 worth of parts and 12 hours of labor. The Gecko was created and easily wired to the Wiegand through a card reader. Once connected, the device recorded the unencrypted identification data transmitted through the wires. Using a magnetic stripe “replay card,” the hacker then signaled the Gecko device to replay the recorded data back into the Wiegand wires so the controller erroneously opened the door2.

Over the years, the Gecko has gained a number of terrifying new capabilities. A newer version of the Gecko includes a flash chip that allows the device to record data from multiple access cards for future download. A Bluetooth-enabled Gecko allows the attacker to access and replay reader data through any

local Bluetooth device, thus compromising biometric devices that do not use access cards. A mobile phone enabled Gecko allows an attacker to control access systems from anywhere in the world through a cell phone or any other cellular device, such as a tablet computer.

With such simple advances, the Gecko has ushered in the possibility that stolen Wiegand IDs may be traded on the Internet black market in the same way as stolen credit card information.

2 Zac Franken, a DefCon staffer, created a hacking device named “Gecko” at the conference in 2007. His presentation exposed the vulnerability of electromagnetic coupling, also known as Wiegand, involving security access control systems. (http://www.wired.com/threatlevel/2007/08/open-sesame-acc/)

Alternatives to WiegandThe issues discussed above can be seen as the true cost of legacy Wiegand systems. The system turns all readers, no matter how intelligent, versatile, and secure, into “dumb” readers that are potentially no more secure than readers from forty years ago.

So what is the impact if we dispose of the legacy Wiegand wires? The more advanced data lines such as ethernet, intelligent readers and access control systems deploy technologies that are nearly impregnable to hacking or circumvention. This is detailed below:

:: Ethernet encryption

Using intricate algorithms, readers and other devices can encrypt the data they transmit through the network and render the transmission unintelligible to anything but the receiving device.

This means: a hacker cannot gain any meaningful information from the data transmitted by a reader over the Ethernet data line.

:: Challenge-response protocols

When a reader transmits data to a controller or other device, the reader can be authenticated through a challenge code – the

intelligent reader must provide a correct password for that challenge for the transmission to be accepted as valid.

This means: a hacker cannot replay data from some other device and fool the controller or system.

:: One Time Passcodes

A One-Time Passcode validates a transmission between readers and controllers, but for one and only one transaction. A new passcode is required for the next transmission or transaction – the old one is obsolete as soon as it is used.

This means: a hacker cannot record a passcode and replay it to fool a controller or other device in the access control system.

By being connected to more advanced data lines, intelligent readers also offer the promise of developing custom applications at the reader through software development kits (SDKs) and application programming interfaces (APIs). Therefore, integrators and customers can add, remove, replace, or modify a reader’s security functions without sacrificing the security of the system. Most importantly, the reader can adapt to evolving access control security standards and improvements in technology.

Beyond Wiegand In access control, the concepts of “intelligence” and “security” should apply to more than just readers and technologies so they encompass device connections and transmissions as well.

Connections between devices using Wiegand or similar connections, such as RS232, are simply unintelligent electrical connections. Data network connections, such as ethernet, are logical and intelligent connections. Thus, the same high level of security that is built into smart cards, biometrics, and access control readers can be logically configured into Ethernet transmissions as well.

Wiegand has been a standard in access control but it does not mean that this method should become a permanent speed bump on the access control landscape. Instead, the Wiegand method as the “standard” should devolve when customers realize the vulnerability of Wiegand, and Wiegand wires should be replaced with intelligent and secure data lines.

To begin this process, the catalyst must come from new, more advanced and intelligent readers that exploit the full security potential of ethernet data connections. An example of this next generation of versatile, intelligent readers is 3M Cogent’s “Make It Yours” (MiY) products, a complete line of sophisticated and customizable multi-factor biometric access control terminals.

Each 3M Cogent MiY reader provides the highest level of security and fully realizes the security capabilities of ethernet reader connections. The MiY reader communicates over TLS-encrypted Ethernet, has full PKI-compliant solutions, and uses the highest NIST-approved encryption standards. The data transmitted from the MiY reader is protected and secure.

These advances require an upgrade from the Wiegand standard. This means that accelerating technological improvements and evolving security requirements from the standard must be the only real change.

Security Systems Division 3M Cogent, Inc. 639 North Rosemead Boulevard Pasadena, CA 91107 U.S.A. 1-626-325-9600 www.cogentsystems.com biogateinfo@cogentsystems.com

Please recycle. Printed in the U.S.A. 3M is a trademark of 3M. Cogent logo is a trademark of 3M Cogent. © 3M Cogent, Inc. 2012 v.αx All rights reserved.

a 3M Company