Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
NACCU Technology Research Committee
Barton Lawyer, John Bonass, Greg Jonason, Ben Anderson, Jay Kohn
2018 Committee Members
• Rozie AmosUniversity of Calgary
• Ben AndersonTapingo
• John BonassVillanova University
• Myron EstersonTowson University
• Greg JonasonUniversity of Houston
• Jay KohnStanford University (Chair)
• Barton LawyerDuke University
• Dawn ThomasNACCU Staff Liaison
• Deric WaiteQuinnipiac University
• Richard WynnGeorgia Southern University (Board Liaison)
What we focused on
• Card Program Highlights
Available online at NACCU
• Georgia Southern University (+ video)• University of Calgary (+ video)• Towson University (+ video)• Cuyahoga Community College• Duke University• Coming soon – University of Alberta
What we focused on
Speedy Benchmark SurveysAvailable online at NACCU
• Operating Budgets: The Buying Power of NACCU members• Campus Card Office Online Accessibility• IT Support for the Campus Card Program• Preferred Names• Online Photo Submission• What would be of value to the NACCU Community?
• One question at a time preferred, no more than two• Able to ask series of questions to develop an idea
Credential Vulnerabilities
NACCU listserve discussion: Card copying and secure credentials
Publically available technologies and services for cloning, spoofing, and forging student ID cards
Discussion of secure credential technologiesSeos (Bluetooth/NFC), EV1/Desfire (NFC), and Mobile
Case Study‘Phantom’ Key Card Investigation
Credential Vulnerabilities – Magnetic Stripe
Credential Vulnerabilities – 125kHz Prox
Credential Vulnerabilities – Legacy iCLASS
Credential Vulnerabilities – MIFARE
Credential Vulnerabilities – Kickstarter Chameleon
Credential Vulnerabilities – Cloning Services
Credential Vulnerabilities – Cloning Kiosks
Common Mistakes on ‘Secure’ Credentials
• Reading insecure, unauthenticated Card Serial Number• Poor Key Management or Standard/Default keys • Unencrypted data payload• Credential number marked on the card• Open, untracked credential format• Reader configuration supporting secure credentials alongside legacy• Unencrypted communication from reader to panel
Secure Credentials
Seos
Desfire/EV1
Mobile
Discussion Questions
• What suggestions do you have for better interaction with the team?
• What suggestions do you have for the coming year?
THANK YOU!