Although Radio Frequency Identification (RFID) has replaced barcodes, security vulnerabilities pose a serious challenge to the global adoption of RFID technology. RFID tags, in particular, are vulnerable to basic cloning and counterfeiting attacks. Also in vehicle access control where RFID technology is deployed in a variety of products, it is important to address the problem of RFID tag cloning and to stay up to date with the security requirements. Nedap’s TRANSIT RFID solution has already been used for 25 years in vehicle identification applications, especially for high-security environments to identify vehicles and their drivers. In this article we would like to tell you more about possible security risks for TRANSIT RFID solutions and how we continuously meet the security requirements to prevent possible attacks.
TRANSIT RFID Technology for high-secured applications
Already 25 years ago, TRANSIT RFID technology was developed for the long-distance identification of vehicles and drivers. To this day, this has proven to be a proven technology when focusing on large, multi-lane sites with a high level of security. Nedap’s TRANSIT RFID reader provides automatic vehicle identification without the need for the driver to manually show a badge and can identify vehicles up to 10 meters at speeds of up to 200 km/h. The vehicle-based RFID tag is automatically identified as soon as it is within range of the reader. This is critical in highly secured applications with high traffic volumes, such as ground transportation operations at airports or access control in mining. In these applications, no mistakes are allowed. Therefore it’s very important to use the right technology to identify the right vehicle with the right driver.
Possible security risks of TRANSIT RFID for vehicle access control
When we look at the TRANSIT RFID readers and tags, security of the system is of highest priority. Naturally we want to prevent cloning or counterfeiting attacks from taking place. That is why we are continuously aware of the security risks that can arise and we do everything to ensure that we prevent these risks.
One of the security risks people often thought when talking about UHF or RFID technology is tag cloning. However, tag cloning is practically not possible with Nedap’s TRANSIT RFID system. This TRANSIT RFID system uses high-quality patented technology designed for secure vehicle access control. The transmitted data is fully enciphered to ensure a reliable and secure transfer which cannot be tampered with. Because we use our proprietary technique, which is fully protected, there is no risk of tag cloning for TRANSIT RFID.
Tag replay atttacks
If we look at possible tag attacks, the standard Nedap TRANSIT RFID tags and boosters use unidirectional communication from tag to reader. Theoretically this means that these are vulnerable to a replay attack: the tag information can be recorded and played back at a later moment in time. Because the Nedap TRANSIT uses proprietary 2.45 GHz backscatter technology this would require extensive technical knowledge and expensive equipment. This attack cannot be done with off-the-shelve products. Although the risk of a replay attack is very limited, it is important to securely protect against it. But how do we do this?
Nedap has found a proper state-of-the-art solution which ensures that a replay attack is no longer possible. This is implemented in the TRANSIT Ultimate secure mode tags. The Ultimate secure mode tags support an advanced encrypted secure authentication. The authentication is bi-directional and uses AES128-bit encryption. The keys are diversified per RFID tag and the keys are securely stored in a secure-element.
The Ultimate secure mode tags are backwards compatible with the standard Nedap TRANSIT tags, so they can be used on older generation TRANSIT readers or in combination with standard Nedap TRANSIT tags.
Nedap highly recommends using the Ultimate secure mode tags because of the highest possible security and the fact that a replay attack is not possible. With this we fully comply with the security requirements.
Nedap TRANSIT Ultimate RFID portfolio
Nedap offers a portfolio of TRANSIT Ultimate readers and tags that provide convenient yet high secure access control in various vehicle identification applications.
The below products support the Ultimate secure mode:
- TRANSIT Ultimate + Security Key Pack
- Window Tag Ultimate
- Smartcard Booster Ultimate
- LEGIC Booster Ultimate
Depending on your situation and needs, we can jointly determine which Ultimate secure mode tags are suitable for your security application. We would be happy to get in touch with you to discuss the possibilities.