Posts | Archive

RFID on Campus

Given my previous experience with the Mcard identification system at the University of Michigan, I was interested when I heard that RFID technology was being integrated into the Mcards. I will explore the Mcard RFID and other current uses of RFID on campus.

Mcard RFID

The Mcards distributed for the University of Michigan Health System (UMHS) contain RFID technology from HID Corp. HID's Prox is a proximity-based access control system utilizing identification tags and readers that operate on the 125 khz frequency. The tags, often embedded in PVC ID cards, are passive and become active when entering the RF field of a reader. The range of the reader can vary anywhere from 0.5 inches to 8 feet depending on the model and its power output.

Readers

The readers used across campus are Software House's RM card readers. The RM series is a flexible physical security solution as it offers keypad, magnetic strip, smart card, and multi-frequency RFID inputs. This allows for gradual migration if the University decides to rollout Prox beyond the UMHS facilities.

![reader.jpg](/static/blog/2007/01/reader.jpg)

Writers

The writers used to print and encode the Mcards are EDIsecure's XID590i. These card printers were recommended to the University by Beresford Company, a local ID supplier.

![writer.jpg](/static/blog/2007/01/writer.jpg)

Security

HID Prox tags contain a unique identification number (usually 26 or 37 bits), which is correlated by a controller to determine access privileges. This ID number normally consists of a facility code, site code, and card number. The controller compares these values to its allowed ranges and determines whether to allow or deny access.

Like most passive physical security devices such as keys, magnetic cards, and some RFID tags, Prox cards are vulnerable to simple cloning/replay attacks. By moving within RF range of a victim, it is possible to activate their tag and capture their identification number. This can be replayed to other readers or programmed onto another Prox card. More advanced RFID types such as iClass and MIFARE offer additional security mechanisms to prevent these replay attacks.

While attempting such an attack would be fun, it would not be worthwhile to test considering the necessary equipment to purchase. USB Prox readers, to capture the victim's ID, run about \$180 and ProxProgrammers, used to encode Prox cards, go for about \$1000 online. Orders of specifically encoded Prox cards are available online but most require bulk purchases with sequential IDs.

Whereabouts

The Whereabouts Project is another RFID-related project at the University of Michigan worth mentioning. Whereabouts is a research group in the EECS department utilizing RFID and 802.11 technologies to provide location-based services.

More information about Whereabouts is available at their website.

Copyright © 2018 - Jon Oberheide