I can see in the logs that people sometimes come to this site with interesting searches. A recent interesting search was “Hack NFC Door Locks”. Well, since there is interest in the subject, why not? Let’s talk about NFC, contactless smart card and RFID door locks, shall we not?
The actual technology used for the wireless door lock does not really matter all that much. Except, perhaps, when RFID is used because it only can support the simplest read-only schemes. But all in due time. What matters really is how the wireless technology is used. As it is usual in security, the technology could be used to create a fairly secure system or quite the same technology could be used to create a system that looks like a Swiss cheese to an attacker. The devil is in the details.
The simplest way to use any wireless technology to open a lock is to receive some kind of an identifier from the device, compare it to the stored database and take the security decision based on that. All of the RFID, contactless smart cards, and NFC send out a unique identifier when they connect to the reader. That identifier is used in many systems to actually take the security decision and, for example, open the door. The problem with this scheme is, of course, that there is no authentication at all. The identification phase is there but the authentication phase is absent. This is quite similar to asking a user name but not requiring a password.
Sounds silly but there are many systems that actually work like that. They rely on the assumption that copying a smart card is hard. Well, copying a smart card is reasonably hard compared to typing in a password although can be done fairly easily too but that is not the question. An attacker does not need to copy a smart card. The only thing that has to be done is to listen to the wireless communication with a good antenna from around the corner, record it and then play it back.
Another common alternative is to store a unique identifier into the smart card (or NFC device) and then request the card to send back that identifier. This makes for a longer conversation between the reader and the card compared to the case above and depending on the protocol the attacker may need to do more work. However, since the communication is not encrypted, it can be reverse-engineered easily and the attacker can still listen to the conversation, record all the required pieces of data and then communicate with the reader using his computer and an antennae.
Contactless smart cards and NFC devices have an option to use authenticated and encrypted communication. That is what typically used by the transport fare and banking systems. Those are hard to break. I spent countless hours analyzing and hardening those systems and I know that if it is implemented correctly an attacker will be as likely to break it as any other well implemented system using strong encryption – not very.
Of course, there still can be mistakes in the protocol, leaks that allow to guess some properties and secret material, special hardware attacks… but it is easier to attack the banking terminals with skimming devices than smart cards with hardware attacks. And door locks are more likely to implement the simplest of schemes than anything else…
Cory C.2013-04-10 19:12 /
How about an NFC/Smart Card style application that makes use of a One-Time-Password in a counter sign sort of scheme? The 'key' device has a table of passwords. When it is used on the 'lock', the identifier is passed to identify the device. Then the 'lock' device sends an id to the key. The 'key' device consults it's table of one time passwords, and transmits the password that matchs the id the lock gave. The lock device then verifies this against an identical copy of the user's table to make the security decision. Even if this is unencrypted, that would be hard to break without first copying the key device's password table. If the algorithm is smart enough, each key can only be used once and thus snooping the return value would be worthless. You could further hash the key against some value related to the identifier such that no two users will ever produce an identical password. Obviously, encryption makes this scheme even more painful, but at that point is this maybe over kill? You could also make this stronger by switching to a single one-time-pass scheme that is set by scanning an interior lock (encryption would be required here, obviously) and cleared upon entry, and/or by encrypting the table of passwords on the 'key' device against a user-entered passphrase, much like how a lot of password services work or passphrases on rsa keys function. Run key app, insert phrase/draw pattern/pic the correct image, tap to pad, done.