An analysis of the HID® Indala and Seos™ protocols

Abstract

This thesis aims to give a more detailed and comprehensive overview of the two most used door access control technologies in the University of Tartu buildings: Indala and Seos™, than what is currently publicly available. The wireless communication protocols, memory layout, and how they hold up to common RFID card vulnerabilities were studied to analyse these technologies. Additionally, a Java card applet was developed to assist further research into Seos™ and other high-frequency cards. The research identified that both technologies use very different methods for card authentication, have contrasting memory layouts and operate on two distinct frequencies. One significant finding was that Indala cards are susceptible to cloning and replay attacks. Additionally, it was found that the average Levenshtein distance of the 13 Indala 224-bit UIDs collected for research was 12 nibbles. Another important finding was that the RNG used in a Seos™ card might be weak. In an experiment comparing a large number of UIDs generated both by using the card and the Python Numpy library, the Seos™ dataset exhibited a statistically unlikely amount of UID collisions.