Keep safe from token cloning in access control systems

This article is brought to you by Retail Technology Review: Keep safe from token cloning in access control systems.

Cloning of tokens used in access control systems is a serious issue faced by many retailers. With token cloning technology easily available to anyone and third party tokens being cheap, duplicating a token can be done within a few seconds with the right equipment. However, Dave Hughes, Global Product Manager at Stanley Security Products, explains that this is not the full story.

Access control systems provide the essential services of authorisation, identification authentication, access approval and accountability. Electronic credentials are stored in the memory of a card or token and, theoretically, it is possible to create a process to clone any of them. Technologies used for storing data in tokens are usually based in open standard hardware which is easy to duplicate. This is not always the case however, as the key word here is 'theoretically'. It is however important to remember that when it comes to access control there are various levels of security available.

There are several reasons why people clone tokens and cards. Sometimes it is with criminal intent but most times it is done to simply obtain duplicates in case of loss and to avoid paying official fees for replacement devices. This puts retailers and individuals at risk as tokens end up in the wrong hands, making it difficult to control usage patterns.

Differences Between Mechanical and Electronic Access Control

One question that crops up in response to this is whether it might be better to use mechanical locks and keys in place of electronic access control readers and RFID tags to avoid the whole issue of token cloning altogether.

Whilst key based locks remain by far the most popular door security, key's can also be copied and locks are vulnerable to picking. Cloning a token is generally a more complex process requiring a device to read and reproduce the RFID signal in a blank token.

But the question really isn't the right one to be asking in the first place. The starting point should be what level of security you require and what do you need from the system. Where a higher degree of security is needed, electronic solutions are a better fit. What's more, they provide the retailer with a wide range of added benefits.

Top of this list is convenience. With electronic access, you have access to every door you need to without carrying an array of keys. Furthermore, when a contractor or visitor needs access, a specific door can be opened remotely. You can also instantly revoke access from a remote point.

An additional benefit of electronic access control is complete history logging. This can be an invaluable tool when investigating theft.

Selecting an Appropriate Level of Security

Depending on the level of security needed manufacturers offer different types of access control solutions. If token cloning is a cause for concern in your organisation then a higher security system that features an AES-128bit certification might be the best solution.

AES is the first publicly accessible and open cipher approved by the US National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module.

The AES-128 encryption is one of the most secure and the only known attack to successfully break it requires about 38 trillion terabytes of data, which is more than all the data stored on all the computers on the planet!

AES-128 bit encryption is available from manufacturers such as STANLEY Security Products with affordable readers that can be easily installed on top of a legacy system to upgrade it to a smart system. Smart readers such as the Oneprox GS3 HF range used in conjunction with smart credentials offer a highly secure access control solution suitable for retail environments.

Many times manufacturers struggle to keep up with cloning techniques however they can incorporate processes and systems to ensure that electronic credentials remain safe and secure. If security or unauthorised entry is of concern speak to an installer or manufacturer to learn more about smart readers.