Presenter Information

Nathan AldenFollow

Loading...

Media is loading
 

Faculty Mentor(s)

Bryson Payne

Campus

Dahlonega

Proposal Type

Poster

Subject Area

Computer Science

Location

Poster Session

Start Date

26-3-2021 12:00 PM

End Date

26-3-2021 1:00 PM

Description/Abstract

While badge cloning is an issue for magnetic cards, the fatal flaw is often the person holding the card who swipes without thinking. Student IDs act as a form of identification and serve many functions at the University of North Georgia. Students use their IDs when accessing their meal plan, Campus Cash, Dining Dollars, and even for authenticating at club events and resident halls. Faculty members also use their university IDs when accessing faculty-only areas in addition to the use of hard keys.

This paper contains an overview of magnetic stripe cards and their track formats, the information stored on each of the three tracks on the student ID, and which tracks of information within the card are required for use in varying scenarios. This goal is achieved by creating partial card clones and exploring the use of those card on the various systems which use them. This research also outlines the steps needed to carry out a badge cloning attack. The research process flow begins with the initial credential harvesting process using a standard card reader. Then, parsing and managing the stolen credentials using a database. Finally, ending the cloning process by writing the stolen credentials to a new blank card. Included in the research is a survey of the student body using the results to gauge the effectiveness of this proposed attack. Concluding this paper will be potential security recommendations to prevent and mitigate this attack.

Media Format

flash_audio

Share

COinS
 
Mar 26th, 12:00 PM Mar 26th, 1:00 PM

12. Mag Stripe Hacking: Exposing the Fatal Flaw with Student ID Cards

Poster Session

While badge cloning is an issue for magnetic cards, the fatal flaw is often the person holding the card who swipes without thinking. Student IDs act as a form of identification and serve many functions at the University of North Georgia. Students use their IDs when accessing their meal plan, Campus Cash, Dining Dollars, and even for authenticating at club events and resident halls. Faculty members also use their university IDs when accessing faculty-only areas in addition to the use of hard keys.

This paper contains an overview of magnetic stripe cards and their track formats, the information stored on each of the three tracks on the student ID, and which tracks of information within the card are required for use in varying scenarios. This goal is achieved by creating partial card clones and exploring the use of those card on the various systems which use them. This research also outlines the steps needed to carry out a badge cloning attack. The research process flow begins with the initial credential harvesting process using a standard card reader. Then, parsing and managing the stolen credentials using a database. Finally, ending the cloning process by writing the stolen credentials to a new blank card. Included in the research is a survey of the student body using the results to gauge the effectiveness of this proposed attack. Concluding this paper will be potential security recommendations to prevent and mitigate this attack.