Overview

Access control systems are widely deployed in buildings across the globe to secure physical access and restrict unauthorized entry. Many of those solutions are using NFC technologies such as ISO14443 or ISO15693. There are plenty of solutions which are usually not publicly documented, and some of them have been publicly broken despite the lack of documentation. However, some solutions don’t appear to have the same level of scrutinity.

Objective

The goal of this Master’s thesis is to conduct an in-depth security assessment of a specific solution with the aim of:

• Understanding the internal working and mode of operation of the system
• Documenting the communication protocols and encryption mechanisms involved
• Exploring potential vulnerabilities in the implementation.

Methodology and ressources

To support this research, the student will have access to a fully equipped laboratory environment, including:

• Official readers, applications and tags
• NFC development and analysis tools (e.g. Proxmark3 and others) These tools will allow for effective reverse engineering, monitoring and testing

Expected outcome

• A detailed understanding and documentation of the protocol
• Contribution to existing NFC analysis tools
• Identification of possible issues or attack vectors