NIST Disallows 3DES Encryption, Impact On Physical Access Control And Video Surveillance
Starting this year, NIST is disallowing 3DES encryption, which was broadly adopted in the 2000s and is still used in some physical access control and video surveillance offerings.
Based on IPVM research, we examine how DES/3DES encryption plays a role in PACS and video surveillance plus why NIST disallows its use.
For more on physical access control encryption methods, see Symmetric vs. Asymmetric Encryption for Physical Access Control.
Executive *******
******** **** ****** ******* ***********, **** as ***'* ****** ****** *** ***'* MIFARE *******, *** ********** **** *** been ******* *** **** * ******, with ************* ************ ********* ** *********** with **** ********** (******* ***, ****** Ultralight *, ***.). *******, *** ** its ******** ***************, *** **** *** officially ********** **** ********** ** ******* applications ***** ******* ****. **** *********** underlines * ******* ***** **** ***/**** to **** ****** ********** *********.
**** **** ********** *** *** *** symmetric ********** *** *********** *** ********* use ** ********** ********** ** ******* access ******* (*.*., ***), ************* **** transition ***** ****** ******* *********** ** AES-compatible ************, **** ** **** *** DESFire ***. **** **** ****** **** federal ******** ********* *** *********** ****** control ******* ******* ******** *******. ************* should ******** ******* ******** ***/**** *********** with ***-***** ********* ** ******** ******** risks *** ****** **** ******** ********** standards.
Vulnerabilities ** *** / ****
*** (**** ********** ********) *** *** successor, **** (****** **** ********** ********), have ***** *************** **** ********** ***** security. ***, **** *** **-*** *** size, *** ***** *************** ** *****-***** ******* ** ****, ***** ********** ************* ***** ***** break *** ********** ****** * *** days. ** * ********, **** *** developed ** ******* ******** ** *********** tripling *** *** ******.
*******, **** *** *** ***** ******** the *********** **********. ** ** *********** to****-**-***-****** *******, * ************* ********* **** ******* the ********* ******** ** **** ** 112 ****, *** ***** ******* ******** standards. ************, **** ******** ** * block ****** ********* **** * **-*** block ****, ***** ** ********** ***** by ****** ********* *** ********** ** certain ***** ** ************* ******* **** the******* *************.
***/**** **** **** **** ** ****** various ************, **** ******** ****** ******* credentials ** ***. ***** ***** *** for ****** ********** ** ********** ** favor ** ******** ************ **** ** AES, ***** ********** ********** *** ***** widely **** *** ******** ****** *******.
NIST ********* ***/****
**** *** ********** *** *** ** DES *** **** ********** ************* ** ***** ************ ******** ******. NIST's ******** ** ***** ** *** inherent ********** ** ***** ********** *******, including ***** ************** ** *****-***** *******, meet-in-the-middle *******, *** ***** ************* ***************. Specifically, *** ***** *** *** ***** sizes (**-***) ** *** *** **** no ****** ******* ******** ******** ******* modern ************* ************ *** ****** *************.
**** ***** ********** ******** ******* ********** standards ** ******** **** ********. ************* that *** ******** **** ***** ********** methods **** *************** **** ***** **** to ******** ********, ************ *****, *** potential ********** ** ********* *********** (************ ********* ******** *************, ** *** And ******* ****** *** ***,*** *****. ******** *** ********/******* ** *** is ******* *** *********** ****** ****** control.
Increased **** **** ******* *********
******* ********* ******* ******** *** **** complexity ** ******** ***** ********** *******, making ******* **** ******* ***** ***** methods *********** ** *******. **** **** quantum ********* **** ******** ***** ********** methods, ********* *** ***** ********** **** as *** ********** ********** ********* *** (see********* **. ********** ********** *** ******** Access *******).
**** ********** **** *****-***** ******* *********, when *********, **** ******** *** ******** of ****-******** ****** *** **********. ** particular, ****-******** ******* ********* *******, *** agreement ***** ** *** ***, *** key ********* *** *** ********* ***** RSA *** **** ** ** ******** with ****** *******-********* (** “****- *******”) counterparts.
3DES ********** *** ***** ************
***** **** *** **** ** *** 1.0 *** *.*, **** ***** ************ companies *** *** *.* ** ***** in ***** ******* ************, *********** *** use ** **** *** **** **********. IPVM ************* ******* ********* ** ************** **** *** *.*/*.* ********.
Encryption ** ****** *********** *******
***** ***-********* **** **** ***** ** not *** *** ********** (*** ** **** **** **** ******** Prox / ****** ***********), ********** ****** ******-*** ****-*********/*** ***** like ****** ****** *** ****** ******* are *******, ****** **** ** ********** as ****.
****** ****** *********** **** **** ******* for **** * ******, **** *********** detailing *** *** *************** ********* ****** its **********. ** ****, ***** ********** ******* ** ****** ************* ******* *** ********** ******* ** recover ******* **** (*****, ********, ***.) due ** *************** ****** *** ********** process.
*********** ****** (********) *********** *** ******* DES,*** **** ****** ********* ~**% ** *********** *** "******."*** **** *** ********* ********** **** *** ****** ** credentials; *******, *** "**-*** *********** ****" used *** ********** ******** *** *** of **** **********.
***** ****** ******* **** ******* **********, this *** **** **** *******, ******** vulnerabilities ** ****** ****** *** ***** based ** *** **** ****** * credential (************ "********" / ****** ******* ************* Examined).
Manufacturers ***** ********* **** ***********
** ******** ** *** "********" *************, Dormakaba **************** ****** ********** ************ **** **** ********** ********* ***, ***** **** **** ********* ********** choices (***, ****, ***).
***** *** ***** **** ** *** credentials ** "******," ********* ****** **, with ***"*****, ********* *******" *** "****** ********* Attacks,"*** ********* ** **** ****** *********** with ***/**** **********.
Users ****** ****** *********** **** ***
***** ****** ****** *********** **** *** encryption, **** ** **** ** ******* EV3, ** ******* ***** ******* **** current *** ****** ***************. **** ********* block ****, *** ********* *** **** complexity ** *****-***** *******, ****** ******* more ******.
Practical **** *** *********
*******, **** **** **** ** **** since ********* ********** ***** ********* ******** buying *** *********** *** ***** *** readers ** ****, ***** **** **** organizations ***** ****** ********.
*****,
* ***'* ***** ** ** ***** that ******. ********* ********* **** ********* risk ******** *** ***** *** ***** benefits ** ****** ******* **** **** that *****.
*** * ******** ***** **** ******* is *** ****** **** ***** ***** make *****, **** * **** ** a **** ***** ****** ****** ** them ******** ****** ********** (** *** cabinets, ******* ** ******** *** ** keys ** ****** ** ***** ** someone ***** ***** ***). *** ***** customers *** *********** ******* ** ****** to ********* **** *** ** *** is ****** *** ***** *** **** of *** ******** *** ********** ********.
** *** ***** ****, ***** ******* the ********* **** **** * **** need *** ******** *** ******* ** SEOS, *** ** *** *** ** the **** ** *** ***** *** generally ***** ***** *** ****.
** ** ******* ** ** **** that **** ** ********* **** ***** secure ************, *** ** *** **** time *** ******* ****** ** ******* getting ****** ** **** *** ****-** compliance *** **** *** *** ** PIV *****, ***** *** ******** **** years *** ** *** ***** ***** after *** ******* ** */**, ** of *** *** ********** ***** ***** to **** ******* **** *** *** of *** *** *****. ****, *** manufacturers **** ** **** ** ** our *** *******, *** **** ********* much ****** ***** **************** ******* ***** readers ***/** *******. ******* *** **** how **** ** ** ***** **** our *******, ** ** ** **** our ************** ** ********* ****** ************ into *** ******** **********. *****-**, *****-***, SP800-171 *** **** ****** ***** ***** these ******* *** ***'* **** ** eye ** *** ******** ******* ********* since **** **** ****** * **** to ******* ******** ** **** *** those ********.
**** ** **** *** **** **** our ******** *******, *** **** *** is ****** ** *******; ** **** to ** *****.
**'* * ****** ******** - **** the ******** **** ******** *** ******** or ******** *** *******? ******** ***** money, *** ** **** ******* (**** slightly ****).