RFID locks: Why so long to come to the market?

[lp2u]

With a swipe of a hand one could let your lock read something like a ring on your finger to open the door. And one could change the passcode anytime as well. Is this technology expensive? Is it reliable? Imagine leaving your home and having all of this on a ring (not embedded in the skin) or perhaps in a pocket hidden. As soon as you're close the lock opens to: home, car, anywhere. Multiple people could be allowed access to the same lock. When at a bank no card would be necessary. One could enter a pin for extra security and this could apply to anywhere where security needs to be paramount, like your front door. The main thing is imagine a life without ID, keys, cards or even cash. That would be a very freeing lifestyle. As long as its not part of your body you would be free. Implant it under your skin and everything changes. If you value your privacy, pay with cash. Keys are a hassle and heavy. RFID is the way to go for locks I would think. Combine with a passcode and you have superb security that weighs nothing.

[lockr]

With a swipe of a hand one could let your lock read something like a ring on your finger to open the door. And one could change the passcode anytime as well. Is this technology expensive? Is it reliable? Imagine leaving your home and having all of this on a ring (not embedded in the skin) or perhaps in a pocket hidden. As soon as you're close the lock opens to: home, car, anywhere. Multiple people could be allowed access to the same lock. When at a bank no card would be necessary. One could enter a pin for extra security and this could apply to anywhere where security needs to be paramount, like your front door. The main thing is imagine a life without ID, keys, cards or even cash. That would be a very freeing lifestyle. As long as its not part of your body you would be free. Implant it under your skin and everything changes. If you value your privacy, pay with cash. Keys are a hassle and heavy. RFID is the way to go for locks I would think. Combine with a passcode and you have superb security that weighs nothing.

Ever heard the story of the fellow in Malaysia whose car required his fingerprint to start? Apparently it didn't stop the thieves that robbed him, and chopped off his finger and went on a joyride...

[ARF-GEF]

I think the story is true, but there are methods to stop that from happening. Some new(er) fingerprint readers look for the capillaries in the finger too.
It would be extremely hard to simulate normal blood-flow in a cut away finger for several reasons so with that addition cutaway fingers would be useless...

I don't think it would be a bad thing, although RFID cards do have a number of possible attacks, but so do keys. I personally would stick to keys, not just because I trust them more but because I like them more. I'm not sure about he price but with the scales so big it would definitely be very economic to manufacture.
A big danger what I see is remote cloning of RFID cards, but that can be remedied as far as I know.
Though I would definitely not want to have RFID ID cards. That's like saying goodbye to the tiny remnants of privacy we have nowadays. Imagine the state authorities reading you ID automatically on every corner and in every shop. Or even if it's just every 4th corner...
We had our share of dictatures here in eastern Europe so I have some insight into what a repressive and authoritative state can be like.

(For example my personal opinion is that people in a country I would not like to name ( ) are giving up a tad too much of their privacy, rights, freedom and democratic principles up for the now infinite fight against omnipresent terrorist hreat. Of course it's for own your safety. And for your own good. (See 1984 or history of the 20th century)

Disclaimer:
I don't want to start an argument! I respect everyone's country and nationality. America is a free democratic country and I do NOT want to hurt or disrespect the US in any way even the least bit! I have no animus feeling against the US at all. Very much the contrary!
I know you are all patriotic Americans and that is right so. My criticism has nothing to the with the US itself. Only with some of the policies of the congress and leading politicians and I think one is allowed to criticise politicians and their policies. After all that's what democracy is all about.
I do admire and love the democratic principles on which the US was founded and that's exactly what I see to be overcome with permanently induced fear and the measures that leads to.
I hope I did not hurt the feelings of anyone, I didn't mean to!

I finish here since I strongly think this post will be deleted by a mod (maybe if he could move it into the general chatter area instead?

[ARF-GEF]

So a separate more factual post about the keys so that if (when) my previous post gets edited/deleted.

Back to the discussion of lock:
I personally disagree with

Code: Select all

Keys are a hassle and heavy

with the strongest terms.

Keys for me are beautiful, fun, interesting and downright fascinating.
I love the keys and the locks especially the more sophisticated high security ones. That's why I'm here.
In my eyes a Protec, an EVVA MCS od 3ks, a Dom diamant and a medeco 3 is a work of art. Not to mention the Fichet F3D which has a key I enjoy even staring at.
Keys are not that heavy, I've measured a heavier one and it's 18 grams.


What's really obsolete is passwords. Computing capabilities evolve fast but we won't be able to remember necessary 12 digit mixed number-sig-letter passwords each different for every site and use.
And 12 digits isn't even that secure....




To sum it up:

Code: Select all

Keys are a hassle

Burn the HERETIC!!!
(Just joking of course!)

[ARF-GEF]

I mean to quote instead of click code... Sorry if it cause confusion.

[lockr]

What's really obsolete is passwords. Computing capabilities evolve fast but we won't be able to remember necessary 12 digit mixed number-sig-letter passwords each different for every site and use.
And 12 digits isn't even that secure....

No disrespect intended, but there seems to be a misconception that passwords are the lynchpin to the security of electromechanical locks. If the lock was designed or implemented poorly, this might be true, but generally speaking electromechanical locks are vastly more resistant to surreptitious opening than their purely mechanical counterparts, because they offer far more possible key combinations, and a more controlled validation of the presented key (eg: reactive security, alarm triggers, accounting).

A very basic example: A 6-pin mechanical lock with 9 depths offers (9^6) or 9x9x9x9x9x9 or 531,441 theoretical combinations. On the other hand, there are 18,446,744,073,709,551,616 possible combinations in a 64-bit (2^64) or 8-byte key. Considering that most cryptographic hashes run 1024, 2048, 4096-plus bits, the number of potential combinations becomes essentially unfathomable (eg, more than the number of atoms in the universe).

A password, on the other hand, is actually a fairly weak form of protection in the way it's typically used: word(s) and characters are hashed into a key using an algorithm. Often they can be exploited easily, for example, a dictionary attack, or even a key logger. An electromechanical lock, will (or should) not use passwords, but instead maintain the keys in a cryptographically secure form, and use a cryptographic key exchange to prevent an attacker from retrieving the cryptographic keys.

On the other hand, there are many factors that come into play when comparing pure mechanical to electromechanical locks. Mechanical locks are (usually) far cheaper, more readily available, more robust in harsh environments, and require less maintenance.

That being said: Although my background is in computer security and electronics, like you, I find mechanical locks far more interesting than their electronic counterparts. When Tom Swift Jr "beamed his electronic key" at some door I always felt a bit let-down that he hadn't invented some crazy cool mechanical lock instead. There's something wholesome and pure about the elegant simplicity (yes, i'll stand by that statement in any context!) of strictly mechanical locks!

[MBI]

(For example my personal opinion is that people in a country I would not like to name ( ) are giving up a tad too much of their privacy, rights, freedom and democratic principles up for the now infinite fight against omnipresent terrorist hreat. Of course it's for own your safety. And for your own good. (See 1984 or history of the 20th century)

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety. "

- Benjamin Franklin

[ARF-GEF]

I agree so much! Very wise words, the base of sustaining a democracy.
Should be written on more places in the capital of many countries (not excluding that unnamed one:) or as a matter of fact mine either ).

[bembel]

Sounds like a commercial.

[ARF-GEF]

[ARF-GEF]

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety. "

- Benjamin Franklin

Also be sure to check out the new type of surveillance drone we developed for homeland security and law enforcement use! Finds the terrorist in a haystack. (TM pending)"

[ARF-GEF]

(Still a joke, no offense intended! )

[Sinifar]

There are RFID locks out there - mainly Kaba E-plex and Alarm Lock for two. They use a fob or card for the "key" - usually a HID type as in a Prox card or fob.

Today, more locks are coming out which you can open from your smart phone.

There are remote set and opened access controls out for many years. (Kaba E-plex and Alarm Lock)

The only problem is, it is not available, due to cost, for the home owner. Well the smart phone locks maybe. Just this, like fob replacing keys in cars is somewhat the future.

The mechanical security of keys however will never go away. It is too well known and requires the exact key in most high security locks to open.

Sinifar

[GrzyWhop33]

Being an Electronics Engineer by trade. I see the RFID locks being less secure. With a mechanical lock, you have to be physically there to pick it and you may get seen. To attack an RFID, a portable device could be made to be set in the area to transmit through all of the possible combinations. Or a sensitive receiver can be made to intercept the RFID code transmitted with the actual "key", then programmed into a blank RFID "key". But the attacking of the RFID, devices can be small and portable and pretty much "set and forget" without arousing suspicion. But that's just my two cents.

[lockr]

Being an Electronics Engineer by trade. I see the RFID locks being less secure. With a mechanical lock, you have to be physically there to pick it and you may get seen. To attack an RFID, a portable device could be made to be set in the area to transmit through all of the possible combinations. Or a sensitive receiver can be made to intercept the RFID code transmitted with the actual "key", then programmed into a blank RFID "key". But the attacking of the RFID, devices can be small and portable and pretty much "set and forget" without arousing suspicion. But that's just my two cents.

The simplest way to prevent an attack such as this is just to stop accepting attempts and raise an alarm status after n failed keys. At least that's how this form of attack vector has been dealt with on computer systems for pretty much ever.