Skip navigation
Please use this identifier to cite or link to this item:
Title: Investigating Building Security on Princeton University Campus
Authors: He, Stephanie
Advisors: Felten, Edward
Department: Computer Science
Class Year: 2015
Abstract: On Princeton's campus, proxes are responsible for building access, dining hall swipes and more. They are present everywhere, yet little is known about the cards themselves and security risks attached with them. This paper explores the security vulnerabilities of the prox cards themselves as well as Princeton's system when deactivating lost ones, loaning out temporary ones and reissuing new ones to students. We have seen that HID iCLASS prox cards have signi cant vulnerabilities that previous researchers have uncovered. The attacks themselves are neither expensive nor timely to execute; rather, the main obstacle is thetechnical hardware and soft- ware understanding necessary to recreate the previous academic work. Princeton's approach to loaning, reissuing and disabling prox cards was uncovered through online research, email correspondences and in-person interviews. The current system leaves many security vulnerabilities that are simple for Princeton students to exploit, al- though these vulnerabilities also allow exibility so students can quickly recover from issues like losing a card. Lastly, some Princeton buildings have interesting behaviors due to safety regulations and other considerations. There are signi cant security holes and issues in the existing HID iCLASS smart cards, how Princeton handles the circulations of proxes, and security in certain on- campus buildings. In some cases, these vulnerabilities occur as a trade-off because of certain health and safety regulations or to allow students to be able to get access back to their room. ii
Extent: 49 pages
Type of Material: Princeton University Senior Theses
Language: en_US
Appears in Collections:Computer Science, 1988-2020

Files in This Item:
File SizeFormat 
PUTheses2015-He_Stephanie.pdf442.25 kBAdobe PDF    Request a copy

Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.