Access control

From Wikipedia, the free encyclopedia

(Redirected from Access Control Systems)
Jump to: navigation, search
For access control on a highway, see limited-access highway.

Access control is the ability to permit or deny the use of something by someone.

Contents

Underground entrance to the New York City Subway system
Underground entrance to the New York City Subway system

Physical access of a person may be allowed depending on payment, authorization, etc. Also there may be one-way traffic of people. These can be enforced by personnel such as a border guard, a doorman, a ticket checker, etc., or with a device such as a turnstile. There may be fences to avoid circumventing this access control. An alternative of access control in the strict sense (physically controlling access itself) is a system of checking authorized presence, see e.g. Ticket controller (transportation). A variant is exit control, e.g. of a shop (checkout) or a country.

In physical security, the term "access control" refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. Physical access control can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through technological means such as a card access system or biometric identification.

Physical access control is a matter of who, where, and when. An access control system determines who is allowed to enter or exit, where they are allowed to exit or enter, and when they are allowed to enter or exit. Historically this was partially accomplished through keys and locks. When a door is locked only someone with a key can enter and/or exit through the door depending on how the lock is configured. Mechanical locks and keys generally do not allow restriction of the key holder to specific times or dates. Mechanical locks and keys do not provide records of the key used on any specific door and the keys can be easily copied or transferred to an unauthorized person. When a mechanical key is lost or the key holder is no longer authorized to use the protected area, the locks must physically be changed.

Electronic access control uses the power of computers to solve the limitations of mechanical locks and keys. A wide range of credentials can be used to replace mechanical keys. The electronic system determines whether to grant access to the protected area based on the credential presented and when it is presented. If access is granted, the door is unlocked for a predetermined time period and the transaction is recorded. If access is refused, the door remains locked and the attempted access is recorded. The system will also monitor the door and declare an alarm if the door is forced open or held open too long after being unlocked.

Access Control System Operation Sometimes the best way to understand a system is to walk through a typical use of the system. In access control this typically begins when the user presents the assigned credential to the appropriate reader. The reader conveys the credential’s information to the device that makes the access decision. In most electronic access control systems this is a highly reliable independent control panel. The control panel is aware of the current time and date and decides whether the holder of the presented credential is allowed access at this door at this time and date. Whether access is granted or denied, the transaction is recorded providing a history that can be consulted when questions arise about who was in the protected area.

Access Control System Components An access control point can be a door, turnstile, parking gate, elevator, or other physical barrier where the granting of access can be electrically controlled. Typically the access point is a door and the access is controlled through either a magnetic lock or electric strike.

Knowing the position of the door is an important element of the system and is typically accomplished with a magnetic switch concealed in the frame of the door. This sensor is used to detect a door forced open without authorization or being held open too long after authorization. Sometimes there are additional sensors that monitor the state of the lock, motion in the protected area, and other alarm sensors.

The user’s primary interface with an access control system is the credential reader. A reader reflects the technology of the credential. The reader for a magnetic stripe, bar code, or Wiegand card is typically called a swipe reader and is in common use in retail stores and ATMs. Some swipe readers require the card to be swiped in a specific direction in order to get a good read, but the typical swipe reader for access control can read the credential when it is swiped in either direction. The reader for a proximity or contactless smart card is actually a radio transceiver. The broadcast field of the reader activates the card, which then begins radio-based transaction with the reader. The smart cards with the gold contacts visible on the front of the card are known as contact smart cards and require the gold contacts to physically touch contacts on the reader to accomplish the transaction. Biometric readers are unique to the technology being used but always require the users to present some part of their body, whether it is actually touching the reader for fingerprint or hand geometry or looking at a camera in the case of face recognition, iris and retinal scanning or speaking into a microphone in the case of voice recognition.

Entry into a protected area always requires a device to validate the person requesting access. Exit from a protected area may or may not require validation. When it does, a second reader, almost always using the same technology as entry validation, is used for exit validation. Even when exit validation is desired, fire and emergency codes require a means of exiting an area without validation. For that purpose there are a range of “Request to Exit” devices commonly called REX devices. A REX device may be as simple as a pushbutton or as sophisticated as a heat and motion detector. In any case the REX button will unlock the door for at least as long as the REX device is activated. If exit validation is not required, REX activation is considered normal operation. If exit validation is required, activation of the REX device may trigger an alarm.

Each of the above devices is connected to an access control panel. This panel should be designed to operate standalone, in the absence of any supervising computer. The control device must have backup power capable of sustaining the operation of the system during a primary power failure for as long as it typically takes to re-establish primary power or make arrangements for an alternate power source. The access control panel must also detect and generate an alarm any time the control enclosure is opened so that a monitoring guard is aware of any attempts at tampering with the system.

Summary Electronic access control systems today range from standalone single door controllers to complex networked systems integrated with closed circuit television systems, burglar alarm systems, and other building control systems. The selection of the proper credentials and readers, the system features needed, and the many choices available for installation and implementation can require complex planning and difficult decisions. There are books available to help you learn more about these choices or you can contact a professional dealer to help you define your needs and arrive at an appropriate solution. If you would like to begin the process of defining your needs, try taking our free risk analysis.

Credential A credential is something you have, something you know, some biological characteristic, or some combination of these. The typical credential today is something you have such as an access card, key fob, or other key. There are many card technologies including magnetic stripe, bar code, Wiegand, 125 kHz proximity, contact smart cards, and contactless smart cards. A credential based on something you know can be a Personal Identification Number (PIN), a combination, or a password. The use of biological characteristics as credentials is generally called biometrics. Typical biometric technologies include fingerprint, face recognition, iris recognition, retinal scan, voice, and hand geometry. All card technologies are generally used to convey an identification number that is comprised of three components: the card number, the facility or site code, and the issue number. The card number is a unique number that distinguishes the cardholder from all other cardholders. The facility code, also called the site code, is a number that was created, when memory was expensive, to allow the range of unique numbers to be smaller while eliminating duplicate numbers. The issue number is incremented each time the card is replaced due to a lost or missing card.

The identification number in most card technologies is generally stored in one of two formats: Wiegand or ABA. The Wiegand format, named for the card technology where the format was first used is bit-oriented and ranges from 26 to 60 bits long. The ABA format, named for the American Banking Association, is digit oriented and is typically found on credit cards or other cards using magnetic stripe technology.

Bar Code Technology A bar code is a series of alternating dark and light stripes that are read by an optical scanner. The organization and width of the lines is determined by the bar code protocol selected. There are many different protocols but code 39 is the most popular in the security industry. Sometimes the digits represented by the dark and light bars are also printed to allow people to read the number without an optical reader. The advantage of using bar code technology is that it is cheap and easy to generate the credential and it can easily be applied to cards or other items. The disadvantage of this technology is that it is cheap and easy to generate a credential making the technology susceptible to fraud and the optical reader can have reliability problems with dirty or smudged credentials. One attempt to reduce fraud is to print the bar code using carbon-based ink and then cover the bar code with a dark red overlay. The bar code can then be read with an optical reader tuned to the infrared spectrum, but can not easily be copied by a copy machine. This does not address the ease with which bar code numbers can be generated from a computer using almost any printer.

Magnetic Stripe Technology Magnetic stripe technology, usually called mag-stripe, is so named because of the stripe of magnetic oxide tape that is laminated on a card. There are three tracks of data on the magnetic stripe. Typically the data on each of the tracks follows a specific encoding standard, but it is possible to encode any format on any track. A mag-stripe card is cheap compared to other card technologies and is easy to program. The magnetic stripe holds more data than a bar code can in the same space. While a mag-stripe is more difficult to generate than a bar code, the technology for reading and encoding data on a mag-stripe is widespread and easy to acquire. Magnetic stripe technology is also susceptible to misreads, card wear, and data corruption.

Wiegand Card Technology Wiegand card technology is a patented technology using embedded ferromagnetic wires strategically positioned to create a unique pattern that generates the identification number. Like magnetic stripe or bar code, this card must be swiped through a reader to be read. Unlike those other technologies the identification media is embedded in the card and not susceptible to wear. This technology once gained popularity because of the difficulty in duplicating the technology creating a high perception of security. This technology is being replaced by proximity cards because of the limited source of supply, the relatively better tamper resistance of proximity readers, and the convenience of the touch-less functionality in proximity readers.

Proximity Card Technology The typical proximity card consists of a microchip and antenna embedded in a plastic card. When the card is placed within the radio field of the reader, the energy broadcasted from the reader energizes the microchip on the card and begins a transaction between the card and reader. When the reader recognizes the card, the card is queried for the identification number. A proximity card can be passive or active. An active card has a battery to power the microchip and is usually thicker than the standard ISO plastic card. A passive card depends solely on the radio field of the reader for power giving it less range but longer useful life. Proximity readers have been steadily gaining in popularity because of the ease of use, lack of wear, and high tech image. The cards are very difficult to duplicate because of the need for the microchip, knowledge of radio technology, and the software needed to implement the protocol. The minor problems associated with this technology are occasional problems with RF interference and the fact that it may be easier to follow someone with valid access through a door because the read range may make it more difficult for a guard to verify that a person has or has not presented a card.

Smart Card There are two types of smart cards: contact and contactless. Both have an embedded microprocessor and memory. The smart card differs from the card typically called a proximity card in that the microchip in the proximity card has only one function: to provide the reader with the card’s identification number. The processor on the smart card has an operating system and can handle multiple applications such as a cash card, a pre-paid membership card, and even an access control card. The difference between the two types of smart cards is found in the manner with which the microprocessor on the card communicates with the outside world. A contact smart card has eight contacts, which must physically touch contacts on the reader to convey information between them. A contactless smart card uses the same radio-based technology as the proximity card with the exception of the frequency band used. Smart cards allow the access control system to save user information on a credential carried by the user rather than requiring more memory on each controller.

PIN A personal identification number (PIN) falls in the category of what you know rather than what you have. The PIN is usually a number consisting of four to eight digits. Less and the number is too easy to guess. More and the number is too difficult to remember. The advantage to using a PIN as an access credential is that once the number is memorized, the credential cannot be lost or left somewhere. The disadvantage is the difficulty some people have in remembering numbers that are not frequently used and the ease with which a PIN can be observed and therefore used by unauthorized people. The PIN is even less secure than a bar code or magnetic stripe card.

In computer security, access control includes authentication, authorization and audit. It also includes measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humans and automated systems.

In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects (see also Access Control Matrix). Subjects and objects should both be considered as software entities, rather than as human users: any human user can only have an effect on the system via the software entities that they control. Although some systems equate subjects with user IDs, so that all processes started by a user by default have the same authority, this level of control is not fine-grained enough to satisfy the Principle of least privilege, and arguably is responsible for the prevalence of malware in such systems (see computer insecurity).

In some models, for example the object-capability model, any software entity can potentially act as both a subject and object.

Access control models used by current systems tend to fall into one of two classes: those based on capabilities and those based on access control lists (ACLs). In a capability-based model, holding an unforgeable reference or capability to an object provides access to the object (roughly analogous to how possession of your house key grants you access to your house); access is conveyed to another party by transmitting such a capability over a secure channel. In an ACL-based model, a subject's access to an object depends on whether its identity is on a list associated with the object (roughly analogous to how a bouncer at a private party would check your ID to see if your name is on the guest list); access is conveyed by editing the list. (Different ACL systems have a variety of different conventions regarding who or what is responsible for editing the list and how it is edited.)

Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject).

Access control systems provide the essential services of identification and authentication (I&A), authorization, and accountability where:

  • identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in;
  • authorization determines what a subject can do;
  • accountability identifies what a subject (or all subjects associated with a user) did.

Identification and authentication (I&A) is the process of verifying that an identity is bound to the entity that asserts it. The I&A process assumes that there was an initial vetting of the identity, during which an authenticator was established. Subsequently, the entity asserts an identity together with an authenticator as a means for validation. The only requirements for the identifier is that it must be unique within its security domain.

Authenticators are commonly based on at least one of these four factors:

  • Something you know, such as a password or a personal identification number (PIN). This assumes that only the owner of the account knows the password or PIN needed to access the account.
  • Something you have, such as a smart card or token. This assumes that only the owner of the account has the necessary smart card or token needed to unlock the account.
  • Something you are, such as fingerprint, voice, retina, or iris characteristics.
  • Where you are, for example inside or outside a company firewall, or proximity of login location to a personal GPS device.

Authorization applies to subjects rather than to users (the association between a user and the subjects initially controlled by that user having been determined by I&A). Authorization determines what a subject can do on the system.

Most modern operating systems define sets of permissions that are variations or extensions of three basic types of access:

  • Read (R): The subject can
    • Read file contents
    • List directory contents
  • Write (W): The subject can change the contents of a file or directory with the following tasks:
    • Add
    • Create
    • Delete
    • Rename
  • Execute (X): If the file is a program, the subject can cause the program to be run. (In Unix systems, the 'execute' permission doubles as a 'traverse directory' permission when granted for a directory.)

These rights and permissions are implemented differently in systems based on discretionary access control (DAC) and mandatory access control (MAC).

Accountability uses such system components as audit trails (records) and logs to associate a subject with its actions. The information recorded should be sufficient to map the subject to a controlling user. Audit trails and logs are important for

  • Detecting security violations
  • Re-creating security incidents

If no one is regularly reviewing your logs and they are not maintained in a secure and consistent manner, they may not be admissible as evidence.

Many systems can generate automated reports based on certain predefined criteria or thresholds, known as clipping levels. For example, a clipping level may be set to generate a report for the following:

  • More than three failed logon attempts in a given period
  • Any attempt to use a disabled user account

These reports help a system administrator or security administrator to more easily identify possible break-in attempts.

Access control techniques are sometimes categorized as either discretionary or mandatory.

Discretionary access control (DAC) is an access policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.

Two important concepts in DAC are

  • File and data ownership: Every object in the system has an owner. In most DAC systems, each object's initial owner is the subject that caused it to be created. The access policy for an object is determined by its owner.
  • Access rights and permissions: These are the controls that an owner can assign to other subjects for specific resources.

Access controls may be discretionary in ACL-based, capability-based, or Role-based access control systems. (In capability-based systems, there is usually no explicit concept of 'owner', but the creator of an object has a similar degree of control over its access policy.)

Mandatory access control (MAC) is an access policy determined by the system, not the owner. MAC is used in multilevel systems that process highly sensitive data, such as classified government and military information. A multilevel system is a single computer system that handles multiple classification levels between subjects and objects.

  • Sensitivity labels: In a MAC-based system, all subjects and objects must have labels assigned to them. A subject's sensitivity label specifies its level of trust. An object's sensitivity label specifies the level of trust required for access. In order to access a given object, the subject must have a sensitivity level equal to or higher than the requested object.
  • Data import and export: Controlling the import of information from other systems and export to other systems (including printers) is a critical function of MAC-based systems, which must ensure that sensitivity labels are properly maintained and implemented so that sensitive information is appropriately protected at all times.

Two methods are commonly used for applying mandatory access control:

  • Rule-based access controls: This type of control further defines specific conditions for access to a requested object. All MAC-based systems implement a simple form of rule-based access control to determine whether access should be granted or denied by matching:
    • An object's sensitivity label
    • A subject's sensitivity label
  • Lattice-based access controls: These can be used for complex access control decisions involving multiple objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower-bound and least upper-bound values for a pair of elements, such as a subject and an object.

Few systems implement MAC. XTS-400 is an example of one that does.

In telecommunication, the term access control is defined in U.S. Federal Standard 1037C [1] with the following meanings:

  1. A service feature or technique used to permit or deny use of the components of a communication system.
  2. A technique used to define or restrict the rights of individuals or application programs to obtain data from, or place data onto, a storage device.
  3. The definition or restriction of the rights of individuals or application programs to obtain data from, or place data into, a storage device.
  4. The process of limiting access to the resources of an AIS to authorized users, programs, processes, or other systems.
  5. That function performed by the resource controller that allocates system resources to satisfy user requests.

Notice that this definition depends on several other technical terms from Federal Standard 1037C.

In public policy, access control to restrict access to systems ("authorization") or to track or monitor behavior within systems ("accountability") is an implementation feature of using trusted systems for security or social control.

Retrieved from "http://en.wikipedia.org/wiki/Access_control"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.