Access Control beyond Authentication

Nowadays, the Zero Trust model has become one of the standard security models. This paradigm stipulates as mandatory the protection of each endpoint, looking for providing security to all the network. To meet this end, it is necessary to guarantee the integrity of the access control systems. One possibility for bringing security to the different endpoints is continuous authentication, as an access control system. Continuous authentication is the set of technologies capable of determining if a user’s identity remains in time; whether he is the legitimate user (i.e., the only one who should know the secret credentials) or the identity has been impersonated by someone else after the authentication’s process was completed. Continuous authentication does not require the active participation of the user. Aiming to identify the different technologies involved in continuous authentication’s implementations, evaluation methods, and its use cases, this paper presents a systematic review that synthesizes the state of the art. This review is conducted to get a picture about which data sources could allow continuous authentication, in which systems it has been successfully implemented, and which are the most adequate ways to process the data. This review also identifies the defining dimensions of continuous authentication systems.

Download Full-text

Design of physical access control system with integrated wireless authentication

Yugra State University Bulletin ◽

10.17816/byusu20190223-28 ◽

2019 ◽

Vol 15 (2) ◽

pp. 23-28

Author(s):

Evgeny A. Godovnikov ◽

Anatoliy V. Shicelov ◽

Ruslan T. Usmanov

Keyword(s):

Control System ◽

Access Control ◽

System Design ◽

Control Systems ◽

User Identification ◽

Access Control System ◽

Physical Access

This article discusses the design of a physical access control system for an enterprise with various methods of authentication and user identification. A review of existing solutions in the design of physical access control systems was conducted. In the course of the work, a system design was proposed, and its components were described in detail.

Download Full-text

The impact of foreign markets globalization on the price and functionality of electronic access control systems

SHS Web of Conferences ◽

10.1051/shsconf/20219207009 ◽

2021 ◽

Vol 92 ◽

pp. 07009

Author(s):

Martin Boroš ◽

Filip Lenko ◽

Andrej Velas

Keyword(s):

Control System ◽

Access Control ◽

Control Systems ◽

Value Added ◽

European American ◽

Foreign Markets ◽

Access Control System ◽

Electronic Access ◽

The Impact

Research background: The research, which is the subject of the paper, is based on the global expansion of the use of electronic access control systems using biometric data for user verification. Due to the globalization of products from foreign markets to Slovakia, there is a competition between suppliers. The disadvantage is that organizations that are considering procuring an electronic access control system focus their attention only on its price. Globalization and global use have neglected the skills gap between European, American, and Asian markets. Purpose of the article: The paper will aim to point out, through a case study, the financial and functional differences of electronic access control systems. In the case study, a comparison of three different systems with the possibility of procurement on the European, American, and Asian markets will be performed on the building - administrative building. Methods: The article will mainly use methods such as the global method and the optimization model of the financial plan. As well as a case study, the cooperation of achieved results and analysis of possibilities of foreign markets. Findings & Value added: The results achieved by the paper will be globally usable in the conditions of European countries. These will be the conclusions of a case study that will point to the appropriateness of choosing an electronic access control system using biometric features in a standard office building. We can also consider the creation of a project budget usable for organizations as one of the added values.

Download Full-text

Blockchain based access control systems: State of the art and challenges

IEEE/WIC/ACM International Conference on Web Intelligence on - WI '19 ◽

10.1145/3350546.3352561 ◽

2019 ◽

Cited By ~ 4

Author(s):

Sara Rouhani ◽

Ralph Deters

Keyword(s):

Access Control ◽

Control Systems ◽

State Of The Art

Download Full-text

APPLICATION OF FACE RECOGNITION TECHNOLOGIES IN CONTROL AND ACCESS CONTROL SYSTEMS

CASPIAN JOURNAL Control and High Technologies ◽

10.21672/2074-1707.2021.53.1.083-090 ◽

2021 ◽

Vol 53 (1) ◽

pp. 83-90

Author(s):

ALEXANDER N. MARENKOV ◽

◽

VALENTINA YU. KUZNETSOVA ◽

TIMUR M. GELAGAEV ◽

◽

...

Keyword(s):

Computer Vision ◽

Control System ◽

Face Recognition ◽

Access Control ◽

Control Systems ◽

Protected Area ◽

Computer Vision Technology ◽

Access Control System ◽

Control And Management ◽

Classical Control

The article shows the relevance of the widespread use of computer vision technology on the example of face recognition as part of the access control and management system. The main methods that are used in the implementation of classical control systems and access control are considered. The scheme for the implementation of the access control with face recognition technology is described. The use of this technology makes it possible to increase the level of information security of enterprises and, as a result, reduce the possible financial damage from the implementation of attacks on their assets from illegitimate penetration into the protected area through the access control system using the passes of legal users.

Download Full-text

Business Driven User Role Assignment

International Journal of Information Security and Privacy ◽

10.4018/jisp.2013010104 ◽

2013 ◽

Vol 7 (1) ◽

pp. 45-62 ◽

Cited By ~ 1

Author(s):

Ousmane Amadou Dia ◽

Csilla Farkas

Keyword(s):

Access Control ◽

Control Systems ◽

Exception Handling ◽

Role Based Access Control ◽

The Novel ◽

Role Assignment ◽

Organizational Policies ◽

Legitimate User ◽

Role Based ◽

Organizational Needs

The authors propose a business-oriented approach to support accurate and dynamic user-role assignments for the Role Based Access Control (RBAC) model. Their model, called Business-Driven Role Based Access Control (BD-RBAC), is composed of three layers. The first layer extends the RBAC model with the concepts of business roles, system roles, credentials, and users’ capabilities. The second layer dynamically assigns users to business and system roles, and filters outdated (abnormal) user-role assignments. The third layer supports exception handling and partial authorization. The novel aspect of the work is the adaptation of RBAC-based access control systems to changes in organizational needs, while reducing the burden of security administration. To this end, the authors have developed (1) a series of algorithms to compute internal and external user-role assignments based on organizational policies, users’ requests and capabilities, (2) and shown that their outputs are permissible, i.e., a legitimate user is authorized to activate the role, complete, i.e., a legitimate user can activate the roles necessary to perform all the requested tasks, and minimal, i.e., a legitimate user does not receive any non-authorized or not-needed privileges.

Download Full-text

The Design of a Campus Access Control System Based on ARM

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.1039.433 ◽

2014 ◽

Vol 1039 ◽

pp. 433-437

Author(s):

Peng Wei Fei ◽

Gao Wei Zhan ◽

Jie Cong Nie ◽

Ying Zhong Tian

Keyword(s):

Control System ◽

Access Control ◽

Control Systems ◽

Can Bus ◽

Host Computer ◽

Top Down ◽

Rfid Reader ◽

Analysis Process ◽

Access Control System ◽

Design Ideas

Nowadays, with the in-depth development of networking, informatization and integration the access control system has become more and more popular and important in campus. Most access control systems were developed based on MCU with the characteristics of fixed functions and hardly to extend. A kind of campus intelligent access control system based on ARM is introduced in this paper. The overall structure of the system is as follow: the communication way between host computer and the access controller is TCP/IP protocol; using CAN-BUS for communication between access controller and RFID reader. In the design process, top-down design ideas has been adopted. From the overall structure to the local design, from the host computer to access controller and RFID reader, by means of functional analysis, process planning, hardware design and software programming, finally developed a campus intelligent access control system with excellent exhibitions on powerful, stability and scalability.

Download Full-text

On Detecting Relay Attacks on RFID Systems Using Qubits

Cryptography ◽

10.3390/cryptography4020014 ◽

2020 ◽

Vol 4 (2) ◽

pp. 14

Author(s):

Aysajan Abidin

Keyword(s):

Information Processing ◽

Quantum Information ◽

Access Control ◽

Control Systems ◽

Quantum Information Processing ◽

State Of The Art ◽

The State ◽

Rfid Technology ◽

Rfid Systems ◽

Communication Techniques

As RFID technology is being widely used in access control systems to identify and track both objects and people, relay attacks on RFID systems continue to pose serious threats to security. To mitigate relay attacks, distance bounding protocols can be used. Until recently, all distance bounding protocols were based on classical cryptography and communication techniques. In this paper, we take a closer look at a recently proposed protocol by Jannati and Ardeshir-Larijani [Quantum Information Processing 2016, 18] to detect relay attacks using qubits. We first observe that the protocol has a weakness which allows an adversary to mount a successful attack on the protocol. We then propose a countermeasure to restore security and compare the fixed protocol with the state of the art.

Download Full-text

Role Mining to Assist Authorization Governance

International Journal of Secure Software Engineering ◽

10.4018/jsse.2012100103 ◽

2012 ◽

Vol 3 (4) ◽

pp. 45-64 ◽

Cited By ~ 9

Author(s):

Safaà Hachana ◽

Nora Cuppens-Boulahia ◽

Frédéric Cuppens

Keyword(s):

Access Control ◽

Control Systems ◽

Research Area ◽

Role Mining ◽

Research Directions ◽

Main Research ◽

The Future ◽

Access Control System ◽

Definition Of ◽

Open Issues

The concept of role has revolutionized the access control systems by making them more efficient and by simplifying their management. Role mining is the discipline of automating the definition of roles in a given access control system. It is a vivid research area, which has attracted a growing interest in the last years. Research on role mining has produced several interesting contributions in this field, and has also raised several related issues toward leveraging them in actual enterprises. This paper is a comprehensive analysis of the main research directions around role mining and the future trends. The authors present the problem of role mining, the current achievements to solve it and the related open issues. With this objective, they define a complete and realistic business process for Role Mining, and the authors sequentially analyze the issues related to each step of the process by investigating the main contributions in the literature. They also point the unhandled issues and we highlight the future perspectives.

Download Full-text

Design and Implementation of Continuous Authentication Mechanism Based on Multimodal Fusion Mechanism

Security and Communication Networks ◽

10.1155/2021/6669429 ◽

2021 ◽

Vol 2021 ◽

pp. 1-19

Author(s):

Jianfeng Guan ◽

Xuetao Li ◽

Ying Zhang

Keyword(s):

Data Privacy ◽

Access Network ◽

Trust Model ◽

Multimodal Fusion ◽

Authentication Mechanism ◽

Legitimate User ◽

Continuous Authentication ◽

Mouse Movement ◽

Multidimensional Behaviour ◽

The One

Most of the current authentication mechanisms adopt the “one-time authentication,” which authenticate users for initial access. Once users have been authenticated, they can access network services without further verifications. In this case, after an illegal user completes authentication through identity forgery or a malicious user completes authentication by hijacking a legitimate user, his or her behaviour will become uncontrollable and may result in unknown risks to the network. These kinds of insider attacks have been increasingly threatening lots of organizations, and have boosted the emergence of zero trust architecture. In this paper, we propose a Multimodal Fusion-based Continuous Authentication (MFCA) scheme, which collects multidimensional behaviour characteristics during the online process, verifies their identities continuously, and locks out the users once abnormal behaviours are detected to protect data privacy and prevent the risk of potential attack. More specifically, MFCA integrates the behaviours of keystroke, mouse movement, and application usage and presents a multimodal fusion mechanism and trust model to effectively figure out user behaviours. To evaluate the performance of the MFCA, we designed and implemented the MFCA system and the experimental results show that the MFCA can detect illegal users in quick time with high accuracy.

Download Full-text

Packaging of a Fingerprint Based Access Control System

International Symposium on Microelectronics ◽

10.4071/isom-2010-ta2-paper3 ◽

2010 ◽

Vol 2010 (1) ◽

pp. 000047-000051

Author(s):

Zdenka J. Delalic ◽

Sandeepsarma Josyula ◽

B Anand

Keyword(s):

Control System ◽

Access Control ◽

Control Systems ◽

Capacitive Sensor ◽

Brute Force ◽

Rfid Systems ◽

Risc Processor ◽

Access Control System ◽

Emergency Exit ◽

Operating Distance

Verification for access control is faster and cheaper than identification based access control systems. The aim of this project was to develop a fingerprint based access control system, where the verification or validation of the entry is based upon the data from a RFID card. The multi-hop unit is controlled by a PIC 18F series, RISC processor. The capacitive sensor employed extracts 40 minutiae points, which are verified based on the pre-stored data in the RFID card. The capacitive sensor is capable of detecting human tissue, eliminating brute-force or latent print attacks. The low power RFID reader makes the unit portable. The use of RFID cards and verification mechanisms eliminate the use of a centralized database to store the data of every valid entry. The Infineon RFID card has an operating distance of 5mm, as opposed to 0.5mm normally used in swipe based RFID systems, making it easier to use. The packaged fabricated unit was successfully designed to program new RFID cards with minutiae data obtained from the capacitive sensor. Additional features of the unit include blacklisting entries and emergency exit.

Download Full-text