Prox vs. iClass Explained

By: Brian Rhodes, Published on Jul 12, 2013

The differences between 'contactless' proximity credential formats are significant, yet the details are not well understood. Most access designers and users are familiar with 'Prox', but replacing them with 'iClass' has no real benefit... or does it? In this note, we contrast Prox versus iClass formats, and examine the key differences between both. Should you upgrade you Prox system to iClass? We answer that question in this report.

Key Pros and Cons

The key advantages of Prox cards are: 

  • Low Cost: The huge number of (persistent) Prox users contribute to lower prices compared to iClass.
  • "Good Enough" Security: While vulnerable to "snooping", that risk is uncommonly exploited and most users are comfortable with Prox's "security through obscurity".

By contrast, the key advantages of iClass are:

  • Encrypted Security: Unlike Prox, iClass uses a two or three factor encryption of card data, and only a iClass reader can decode the string, meaning it is nearly a 'snoop-proof' credential.
  • More Capacity: iClass features more bits, and subsequently more storage, than Prox. There is enough room in an iClass card to store user information for a number of different systems aside from only EAC

Prox is (still) King

Despite heavy marketing of iClass as 'next generation proximity', the majority of all access control platforms worldwide still use 'Prox II' format credentials. In a recent IPVMU Access Fundamentals discussion, ~75% of attendees explained they use, design, or install EAC systems that use 125 kHz Prox credentials. While many designers and end users are aware of other 'contactless' credential options, many are unclear of the functional differences between the two and simply continue to use the Prox format they are familiar with.

Similarities

A good part of iClass's slow uptake is a result of how closely it resembles Prox technology to the end user and casual eye. Both formats are 'contactless' credentials typically used by waving a card, fob, or token in close proximity to an reader. In this section, we look at the two aspects that are common between either formats:

  • Data Format
  • Read Range

Data Format: A Prox card and an iCLASS card 'look' identical to an access control system. While the data written to the credential is formatted differently on the card, the reader pushes the same Wiegand or clock and data format to the access control head end. 

Read Range: From a technical perspective, iClass carries further distances than Prox, however in reality the ranges are very close to same. Because so many 'contactless' credentials are passively powered by the reader, the cards must be close to the reader in order to work. This requirement limits data read ranges are typically between 0.25" - 6.0", however distances between 18.0" - 24.0" are possible with active (battery powered) credentials. 

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Differences

However, despite the similar use pattern to end-users, there are many technical differences between the formats including:  

  • Frequency
  • Encryption
  • Readers
  • Cost

Frequency: The single biggest difference between the two credentials is transmissive radio frequency, where Prox is a low frequency 125 kHz and iClass is high frequency at 13.56 MHz. The higher frequency offers faster transmission speeds and greater bandwidth, more 'bits' of information are able to be exchanged between card and reader in a nominally quicker period of time.

With contactless credentials, a lower RF band constrains performance. 125 kHz is roughly 100X lower in frequency than 13.56 MHz, and the tolerance to wait for a credential to scan at a lock door is seconds. Anything longer results in a high level of impatience by users, so Prox credentials are limited in the data volume of information they exchange. As a result, the maximum number of bits for Prox is  typically 64 and commonly 26 bits, well beneath the 128 bit, 256 bit or greater encryptions afforded by the iClass category.

The higher frequency also occupies a less 'noisy' radio band. In some environments, especially industrial, sources like VFDs can generate sufficient interference to prevent 125 kHz readers from being reliable. Higher frequency iClass typically resolve these problems. 

Encryption: With the improvements in bandwidth and speed, iClass offers encryption against 'man-in-the-middle' attacks brought about by snooping unencrypted 125 kHz credentials. HID offers this explanation in their iClass product catalog:

"The communication between an iClass reader and card is encrypted using an algorithm. The transaction between the card and reader cannot be “sniffed” and replayed to a reader. The encryption protocol uses unique 64-bit card serial numbers and mutual card and reader authentication. (or, keys only known to the card/reader)"

A simplified overview between the two formats is shown below. With Prox, all transmission is unencrypted. However, with iClass, all transmission is encrypted and only can be decrypted in the reader once a specific 'key' is shared by the credential: 

Also, this image from a hacker's conference shows the 'handshaking' between iClass credential and reader:

The comparison between "keys" (part of the "signature" in the chart above) is a process not possible with Prox. iClass therefore attempts to mitigate the 'snooping risk' although several sources claim to have exploited iClass using modified snooping methods.

Readers: The readers must match the frequency of the credential; in other words, iClass cards cannot be read on Prox readers and vice versa. A user cannot simply migrate from Prox to iClass credentials without also replacing every reader. The cost of an iClass reader is generally more expensive that an Prox reader, the average price being about 15% higher.

However, the power and data utilities are the same for both formats, and switchovers typically are a quick process of installing the iClass reader in the same place as the removed Prox. All the reader form factors for Prox are available in iClass versions, and therefore changes can even be 'bolthole-to-bolthole' matches.

Certain readers are designed to handle both frequencies simultaneously. No only does this potentially simplify designs and inventory, but allows credential migrations to happen over time - rather than forcing everyone to be issued a new card at once, the normal attrition process of card reissue when expired can be followed.

Cost: Despite a lower credential manufacturing cost than Prox, iClass typically costs more. Because of the frequency difference, 125 kHz credentials need more wire coil loops than 13.56 MHz to achieve the right resonance level. iClass credentials use less expensive components than Prox, and despite higher prices, the cost of manufacture is lower. In previous years, HID offered pricing for either formats at near the same prices, although in recent years iClass is typically priced higher.   The chart below lists typical internet pricing of standard parts: 

Average Component Cost Comparison

          Prox II         iClass
 Cards          $2.75         $4.75
 Readers      $110.00     $135.00

Should I Upgrade?

Many answer the question of "Prox or iClass?" simply, and stick with the less expensive and familiar Prox format. Undoubtedly, millions of electronic access control systems use the format every day with satisfactory result, despite claims of being a security risk. The persistence of Prox, aside from its widespread market share, is due to the relative satisfaction with its use.

However, if Prox is the stubborn 'status quo', then iClass has true operational advantages not possible otherwise. For high-security deployments, or where there might be a high volume of other identity details carried in the credential (for logical or multi-system use) the higher bit capacity and encryption level of iClass is ideal.

 

 

 

5 reports cite this report:

Designing Access Control Guide on Jan 30, 2019
Designing an access control solution requires decisions on 8 fundamental questions. This in-depth guide helps you understand the options and...
Contactless Access Credentials Guide on Oct 29, 2018
Contactless credentials are the most common component used in an access control system and while many look alike externally, important differences...
Hack Your Access Control With This $30 HID 125kHz Card Copier on May 01, 2017
You might have heard the stories or seen the YouTube videos of random people hacking electronic access control systems. The tools that claim to do...
Axis Releases Access Credentials - Insecure But Convenient on Nov 02, 2016
Axis continues to build out their own end-to-end 'solution'. The company recently announced a series of credential cards, but instead of a...
Average Access Control Job Size 2014 on Jun 30, 2014
Unique IPVM statistics reveal what is the average access control job size, how size varies across integrators, what brands they typically use for...
Comments (9) : Members only. Login. or Join.

Related Reports

HID Releases Lower-Cost Signo Readers on Mar 06, 2020
HID Global is releasing a new line of readers called Signo they claim read farther, are mobile-ready, and automatically adjust for better reads on...
Critiquing Carnegie's AI Surveillance Paper on Sep 25, 2019
The Carnegie Endowment has issued an ambitious paper on the Global Expansion of AI Surveillance. While its aim is applaudable, the paper has...
Smart CODEC Usage Statistics 2019 on Jun 03, 2019
Smart codecs are now nearly a standard feature in IP cameras, but our statistics show integrator adoption has not increased at the same rate. In...
Cable Strapping For IP Camera Networks on Jan 02, 2019
Many say using zip-ties is asking for problems. And BICSI prohibits them. But many video surveillance integrators use them regularly. What should...
Facit Cloak Identity GDPR Redaction Software Tested on Nov 28, 2018
The fear of GDPR fines for releasing personal information has increased interest in video redaction software. One of these entrants is the...
$800 Axis Thermal Camera Examined on Jan 02, 2018
Axis is releasing two of the lowest cost thermal IP cameras ever. But will low cost be enough to spur adoption? In this note, we examine the 2 new...
QoS for Video Surveillance on Dec 29, 2017
Along with VLANs, QoS is one of the most misunderstood topics in IP surveillance networks. Many purported "experts" claim it is required in any and...
Axis: Use QR Codes Instead of Access Cards on Sep 12, 2017
Innovation in access may be hard to find, but Axis recently suggested an idea for credentials few have considered. Rather than using plastic cards,...
Manufacturer Sales People Are Very Important - Statistics on Jun 26, 2017
IPVM's integrator statistics show what sales people say regularly: Sales people are very important. From 150 integrator responses: While...
Anixter CEO Admits Price Deflation and Non-Exclusive Integrator Sales on Apr 26, 2017
Anixter's CEO has admitted to (1) price deflation impacting IP camera sales and (2) not always being 'exclusive' with security integrators. In...

Most Recent Industry Reports

Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing campaign using NBCUniversal's assets was not allowed. Hikvision mass...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...