NACCU Technology Research Committee...NACCU Technology Research Committee Barton Lawyer, John Bonass, Greg Jonason, Ben Anderson, Jay Kohn 2018 Committee Members • Rozie Amos University

NACCU Technology Research Committee

Barton Lawyer, John Bonass, Greg Jonason, Ben Anderson, Jay Kohn

2018 Committee Members

• Rozie AmosUniversity of Calgary

• Ben AndersonTapingo

• John BonassVillanova University

• Myron EstersonTowson University

• Greg JonasonUniversity of Houston

• Jay KohnStanford University (Chair)

• Barton LawyerDuke University

• Dawn ThomasNACCU Staff Liaison

• Deric WaiteQuinnipiac University

• Richard WynnGeorgia Southern University (Board Liaison)

What we focused on

• Card Program Highlights

Available online at NACCU

• Georgia Southern University (+ video)• University of Calgary (+ video)• Towson University (+ video)• Cuyahoga Community College• Duke University• Coming soon – University of Alberta

https://naccu.org/page/tech_research?&hhsearchterms=%22program+and+highlight%22#campushighlight

https://naccu.org/resource/resmgr/images/highlight-campuscardprogram_.pdf

https://naccu.org/resource/resmgr/files/techreports/highlight-ucalgary.pdf

https://naccu.org/resource/resmgr/files/techreports/highlight-towson_u_.pdf

https://naccu.org/page/tech_research?&hhsearchterms=%22program+and+highlight%22#cuyahoga

https://naccu.org/resource/resmgr/files/techreports/highlight-cardprogram-dukeun.pdf

What we focused on

Speedy Benchmark SurveysAvailable online at NACCU

• Operating Budgets: The Buying Power of NACCU members• Campus Card Office Online Accessibility• IT Support for the Campus Card Program• Preferred Names• Online Photo Submission• What would be of value to the NACCU Community?

• One question at a time preferred, no more than two• Able to ask series of questions to develop an idea

https://naccu.org/page/tech_research?&hhsearchterms=%22program+and+highlight%22#speedy

https://naccu.org/news/367457/NACCU-Speedy-Benchmark-Operating-Budgets.htm

https://naccu.org/news/401444/NACCU-Speedy-Benchmark-Report-Campus-card-office-online-accessibility.htm

https://naccu.org/news/430862/NACCU-Speedy-Benchmark-IT-Support-for-the-Campus-Card-Program.htm

https://naccu.org/news/430865/-NACCU-Speedy-Benchmark-Preferred-Names.htm

https://naccu.org/news/439907/NACCU-Speedy-Benchmark-Online-Photo-Submission.htm

Credential Vulnerabilities

NACCU listserve discussion: Card copying and secure credentials

Publically available technologies and services for cloning, spoofing, and forging student ID cards

Discussion of secure credential technologiesSeos (Bluetooth/NFC), EV1/Desfire (NFC), and Mobile

Case Study‘Phantom’ Key Card Investigation

Credential Vulnerabilities – Magnetic Stripe

Credential Vulnerabilities – 125kHz Prox

Credential Vulnerabilities – Legacy iCLASS

Credential Vulnerabilities – MIFARE

Credential Vulnerabilities – Kickstarter Chameleon

Credential Vulnerabilities – Cloning Services

Credential Vulnerabilities – Cloning Kiosks

Common Mistakes on ‘Secure’ Credentials

• Reading insecure, unauthenticated Card Serial Number• Poor Key Management or Standard/Default keys • Unencrypted data payload• Credential number marked on the card• Open, untracked credential format• Reader configuration supporting secure credentials alongside legacy• Unencrypted communication from reader to panel

Secure Credentials

Seos

Desfire/EV1

Mobile

Discussion Questions

• What suggestions do you have for better interaction with the team?

• What suggestions do you have for the coming year?

THANK YOU!

Documents

NACCU Technology Research Committee...NACCU Technology Research Committee Barton Lawyer, John Bonass, Greg Jonason, Ben Anderson, Jay Kohn 2018 Committee Members • Rozie Amos University