From: c0ncept (c0ncept@sbcglobal.net)
Date: Fri May 14 2004 - 12:34:16 EDT
Does anybody have any links to specs for RFID
implementations; I would imagine they would have to be
somewhat standarized to enable interoperation of RFID
tags and readers from seperate vendors. It would be
intresting to know how big the RFID value namespace
is, as well as the feasability of reading RFID tags
from a distance using high-gain antennas. The majority
of the documentation I am familiar with is from
manufacturing industry journals that tend to give a
higher-level 'decision-maker' oriented overview,
rather than the gory technical details.
Regards,
c0ncept
--- c3rb3r <c3rb3r@sympatico.ca> wrote:
> There are already in-use security applications for
> RFID,
> for instance HID is selling access
> keys/cards/readers/programmers to
> identify enployees and control access to
> buildings/offices.
> it would be interresting to see how easy it is to
> duplicate an existing
> key and thus to impersonate an employee, one for
> instance may
> stand near the door with a reader in the pocket and
> harvests keys, then
> later duplicates keys at home with a programmer.
> I have seen no pocket readers so far but would it be
> such a pain for an
> electronic enthusiast to build one ? also programmer
> and keys are
> inexpensive and quite accessible for the public.
> i don 't see any reference either to encryption in
> HID products
> documentations, just different data formats needed
> to be compliant
> with several card models.
> This looks rather like data encoding than data
> encryption.
> I m aware of many buildings around there already
> using this vendor
> techno so i 'm wondering if such a replay attack is
> realistic ?
> If so it is a very serious issue, has anybody
> already some experience in
> this area ?
> cheers
> Gregory
>
> some references:
> foxpro key:
>
http://www.hidcorp.com/products/proximityproducts/proxkey2.html
>
> programmer:
>
http://www.hidcorp.com/products/proximityproducts/proxprogrammer.html
>
>
>
> >
> >
>
>
>
------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention
> this ad and get $545 off
> any course! All of our class sizes are guaranteed to
> be 10 students or less
> to facilitate one-on-one interaction with one of our
> expert instructors.
> Attend a course taught by an expert instructor with
> years of in-the-field
> pen testing experience in our state of the art
> hacking lab. Master the skills
> of an Ethical Hacker to better assess the security
> of your organization.
> Visit us at:
>
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
-------------------------------------------------------------------------------
>
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:54 EDT