Investigating Building Security on Princeton University Campus

Abstract

On Princeton's campus, proxes are responsible for building access, dining hall swipes and more. They are present everywhere, yet little is known about the cards themselves and security risks attached with them. This paper explores the security vulnerabilities of the prox cards themselves as well as Princeton's system when deactivating lost ones, loaning out temporary ones and reissuing new ones to students. We have seen that HID iCLASS prox cards have signi cant vulnerabilities that previous researchers have uncovered. The attacks themselves are neither expensive nor timely to execute; rather, the main obstacle is thetechnical hardware and soft- ware understanding necessary to recreate the previous academic work. Princeton's approach to loaning, reissuing and disabling prox cards was uncovered through online research, email correspondences and in-person interviews. The current system leaves many security vulnerabilities that are simple for Princeton students to exploit, al- though these vulnerabilities also allow exibility so students can quickly recover from issues like losing a card. Lastly, some Princeton buildings have interesting behaviors due to safety regulations and other considerations. There are signi cant security holes and issues in the existing HID iCLASS smart cards, how Princeton handles the circulations of proxes, and security in certain on- campus buildings. In some cases, these vulnerabilities occur as a trade-off because of certain health and safety regulations or to allow students to be able to get access back to their room. ii