Now that lock bumping is gaining in popularity, this is looking like a nice option to me.
“OVERVIEW
SecureLED is an optical access control device which replaces current RFID or Magnetic Strip technologies with a cryptographically secure, contact-less device which communicates over commodity Light Emitting Diodes (LEDs).
PROJECT SUMMARY
This project started with one central premise: current physical access control systems are insecure in fundamental ways. We sought a way to remedy this problem, and came accross recent work which demonstrated the potential of communicating over cheap commodity LEDs. We used these as the basis of our system, building on top of it devices which use a cryptographically secure challenge-response protocol to authenciate a user.
As such, we built both a reader and a small key device (which we had originally planned to implement on an ATTiny2313, but did not for reasons listed below). The reader outputs the industry-standard Weigand protocol, so it is interoperable with current systems. All in all, we believe that this solution presents a powerful alternative to current technology. ”
Permalink
Permalink
It would take quite a bit of time to verify they’d done the encryption protocol correctly. Based on my limited access to the ‘pay to read’ ‘international standards’ I think they’ve done well.
These cards have been around for a very long time, some are secure and some are not. I’d point at the one you can program your own OS into and the ISO specification.
http://en.wikipedia.org/wiki/MIFARE
http://en.wikipedia.org/wiki/ISO_14443
History
* 1994 — MIFARE Standard 1k contactless technology introduced.
* 1996 — First transport scheme in Seoul using MIFARE Standard 1k.
* 1997 — MIFARE PRO with Triple DES coprocessor introduced.
* 1999 — MIFARE PROX with PKI coprocessor introduced.
* 2001 — MIFARE UltraLight introduced.
* 2002 — MIFARE DESFire introduced, microprocessor based product.
* 2004 — MIFARE DESFire SAM introduced, secure infrastructure counterpart of MIFARE DESFire.
Permalink
Their solution is innovative, for sure. Pretty novel idea that has actually been done it other ways (using IR LED’s). But a replacement for smart cards it’s not. There are many forms of smart cards now that offer secure encrypted transactions. Virtually unbreakable.
Modern access control systems will need the storage capacity of a smart card to handle biometric and personal information as well as just a credential ID.
Many of the better systems are leaving the Weigand protocol, as well. It doesn’t offer bidirectional support and is a very unstructured and unsecure bitstream. Ripe for hacking, since you can bypass the card read altogether and easily send the data to the panel in raw weigand format.
If you want to see the cream of the crop, check out http://www.amagaccess.com . Been installing their systems for 13 years. If it’s good enough for the pentagon, it’s good enough for me! 😉
Permalink
I have been give an project to design and that project is to creat an ACCESS CONTROL SYSTEM that
uses a MAGNETIC STRIP READER and A DATABASE that stores all the valid cards and if the card is
valid gate must open. so I hoping to get help on how to go about doing it cause this project is
due by the 15 April 2008.
Permalink
Hi Themba,
This may get you on the right track
http://www.geocities.com/digitan000/Hardware/13/e13_page.html