In response to the TNO research, Nedap has reduced the delay times of its card readers even further, without having to make concessions to user-friendliness
By applying stricter delay times in all of its card readers, Nedap significantly reduces chances of possible relay attacks

NFC-enabled credit cards have received much attention because of their vulnerability to relay attacks. Widely used NXP DESFire EV1 cards use the same technology, and are vulnerable to relay attacks, which raised concern in the access control market. A relay attack fraudulently extends the distance between smart card and card reader enabling, for example, unauthorised access to buildings. Research carried out by the Dutch knowledge institute TNO has proved that Nedap’s security platform AEOS maximises resistance to relay attacks.

Applied stricter delay times

It has been known for some time that so-called proximity communication - as described in the ISO/IEC 14443 protocol - is vulnerable to relay attacks. It only requires two smartphones with built-in NFC technology to extend the distance between card and reader without restrictions. Extending this communication distance, however, creates a delay. By applying much stricter delay times in all of its card readers than is prescribed by the ISO/IEC 14443 protocol, Nedap significantly reduces the chances of possible relay attacks.

As in 2009, when Nedap was the first manufacturer to respond to the possible security risks of the Mifare Classic chip, Nedap has moved quickly to give its clients the best protection. In response to the TNO research, Nedap has reduced the delay times of its card readers even further, without having to make concessions to user-friendliness. Because AEOS can provide card readers with new firmware remotely, clients can now get better protection against relay attacks at the press of a button.

Proximity check

To prevent the chance of relay attacks, NXP applies a check between card and reader in its Mifare Plus X technology to determine whether the card is actually in the proximity of the reader. The successor of the much-used DESFire EV1-chip, the DESFire EV2-chip, is also expected to have this built-in proximity check. Until this card is launched, however, it is the responsibility of users to map out the security risks together with their suppliers. Manufacturers therefore face the task of developing solutions to minimise the risks.

Learn why leading casinos are upgrading to smarter, faster, and more compliant systems

Related videos

Insta DomainLink Secret™

Insta DomainLink Secret™
Wan 2.2-S2V demo video: Female singer

Wan 2.2-S2V demo video: Female singer
Dahua MultiVision Online Event - Look Wider, Protect Deeper

Dahua MultiVision Online Event - Look Wider, Protect Deeper

In case you missed it

What are emerging applications for physical security in transportation?
What are emerging applications for physical security in transportation?

Transportation systems need robust physical security to protect human life, to ensure economic stability, and to maintain national security. Because transportation involves moving...

Gallagher & Fortified enhance perimeter security solutions
Gallagher & Fortified enhance perimeter security solutions

Global security manufacturer - Gallagher Security is proud to announce a strategic partnership with Fortified Security, a pioneering perimeter systems integrator with over 30 years...

Genetec: Data sovereignty in physical security
Genetec: Data sovereignty in physical security

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more survei...

Featured white papers
One system, one card

One system, one card

Download
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Understanding AI-powered video analytics

Understanding AI-powered video analytics

Download
Enhancing physical access control using a self-service model

Enhancing physical access control using a self-service model

Download
How to implement a physical security strategy with privacy in mind

How to implement a physical security strategy with privacy in mind

Download
More corporate news
Axis Communications’ Academy celebrates 10th anniversary

Axis Communications’ Academy celebrates 10th anniversary
GJD to exhibit at Smart Security Technology (SST) expo in Amsterdam

GJD to exhibit at Smart Security Technology (SST) expo in Amsterdam
NSI approves companies to claim 20% discount on Tavcom Training programmes

NSI approves companies to claim 20% discount on Tavcom Training programmes
Featured products
Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera

Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera
Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control

Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)