In the world of contactless technology, people are no longer just asking if a product works; they need to know that it’s safe. Smart locks for company lockers have become extremely popular for the way they boost productivity and save companies time, effort, and money in locker management. But are these smart lock systems safe and secure?
In a word, yes. While there are many contactless chip manufacturers today, our locks only use technology built by reputable, market-leading security firms. Most notable are MIFARE and HID, creators of the chips commonly used in bank cards.
To put your mind at ease, we’ll quickly run through the merits of several prominent contactless systems and their security.
eLocker Proprietary Format
Here at eLocker, we have designed our own proprietary system using MIFARE technology. Essentially we can use a ‘sector’ on any RFID (contactless) card to integrate with existing MIFARE systems and load our own information – all provided we have full permission from the owner.
If not, we can use RFID badge holders which allow an access card to sit inside the holder, with the eLocker RFID tag sitting below the card. This is a low-cost option with no need for special development.
MIFARE Classic is one of the world’s leading contactless smart cards. The security systems present in a MIFARE Classic card are based on proprietary encryption called ‘CRYPTO1’. Basically, what this process does is use over-the-air encryption in addition to 3-pass mutual authentication, each based on 48-bit keys, to protect the data encrypted on the card.
But what does that actually mean?
Each card has two 48-bit keys, and therefore 2^48 (or 281 trillion) possible combinations. Through a ‘brute force’ hacking attack (where each possible combination is attempted, rapidly, in succession) it would take an estimated 178,000 years to crack the security. Even using expensive specialist equipment to reverse engineer the card’s IC would be time-consuming, and would likely result in a damaged, unusable card.
MIFARE cards can be hacked, but not quickly, and not by anyone but an absolute specialist with highest-grade equipment. While your smart locker access is less crucial than, say, your bank cards (which will use even stronger security) it is reassuring to know that you are still being offered quality security against hacks or theft.
Unlike MIFARE, whose technology we can access to build out our own proprietary security system, HID’s system is totally isolated. However, it is possible to partner with them – they control a huge proportion of the RFID access control market and their security is second to none.
While their system is considerably more expensive than MIFARE, HID’s system is extremely secure and is used by most technology giants and corporations for whom contactless security is of any importance. For companies of this size and value, compromising on security is simply not an option.
Using HID has the added benefit of supporting multiple contactless features at once, like building access, lockers, and any other systems in place at your work.
We are able to integrate HID security with eLocker by adding a ‘secure element’ in our proprietary system, as per the diagram below.
CSN – A Security Red Light
Whether you use MIFARE, HID, or some other proprietary format, there is a good level of security and encryption protecting access to your information or property. However, there are some card readers which only read card information which is not protected by any security. Let us explain.
Every contactless card in the world has its own unique Card Serial Number, or CSN, which is a simple identifier, used to help readers distinguish between different cards in its field. It is almost synonymous with a house number: it helps you find the house, but to get inside, you need a key.
MIFARE and HID readers require complex, secure keys to allow you access – CSN readers do not. They simply read the personal identifier (which is never protected) in order to promote themselves as a ‘universal’ reader. It’s an attractive selling point, but these readers offer zero protection to users or their property, and should be avoid at all costs.
So, there you have it. As long as you stick to a secure format (such as MIFARE or HID) and avoid ‘universal’ CSN readers, your smart locks will be perfectly safe and secure. If you have any questions about the security of eLocker specifically, contact our team and we’ll talk you through them.