Abstract
As smart cards have become increasingly prevalent in electronic access control systems, this paper investigates an implementation at a national institution, which uses a smart card with publicly known weaknesses. The main outcome is a set of recommendations which can be used for securing electronic access control systems against the discovered flaws of this work: The implementation did not
follow guidelines from the manufacturer of the cards, the content of the restricted sector was printed onto each card, and in-house services with inherent security flaws were built around the cards, but not maintained. These flaws meant that the civil registration number of any employee at the institution could be revealed. Additionally, the flaws allowed for changing the PIN code of any card in the system.
follow guidelines from the manufacturer of the cards, the content of the restricted sector was printed onto each card, and in-house services with inherent security flaws were built around the cards, but not maintained. These flaws meant that the civil registration number of any employee at the institution could be revealed. Additionally, the flaws allowed for changing the PIN code of any card in the system.
Originalsprog | Engelsk |
---|---|
Titel | 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) |
Antal sider | 3 |
Forlag | IEEE |
Publikationsdato | 14 jul. 2020 |
Artikelnummer | 9139617 |
ISBN (Trykt) | 978-1-7281-6691-9 |
ISBN (Elektronisk) | 978-1-7281-6690-2 |
DOI | |
Status | Udgivet - 14 jul. 2020 |
Begivenhed | 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) - Dublin, Irland Varighed: 15 jun. 2020 → 19 jun. 2020 |
Konference
Konference | 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) |
---|---|
Land/Område | Irland |
By | Dublin |
Periode | 15/06/2020 → 19/06/2020 |
Navn | International Conference on Cyber Situational Awareness, Data Analytics and Assessment Proceedings. (cyberSA) |
---|