Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
10 - Entry Control
The Twenty-Sixth International Training Course
Page 1
10. Entry Contro l
October 24 – November 11, 2016Albuquerque, New Mexico, USA
Vicki Garcia
Entry Control
Learn ing Object ives
After completing this module, you should be able to:• Recognize the purposes of entry control• Identify the fundamental criteria of entry control• List some of the advantages and disadvantages of coded
credentials• Discuss the most common types and use of biometrics• Recognize the features of a good entry control system
2
10 - Entry Control
The Twenty-Sixth International Training Course
Page 2
Entry Control
INFCIRC/225/Revis ion 5
• 4.17 Technical means and procedures for access control, such as keys and computerized access lists, should be protected against compromise
• 4.26 Effective access control measures should be taken to ensure the detection and prevention of unauthorized access
• 4.27 The identity of authorized persons entering the protected area should be verified. Passes or badges should be issued and visibly displayed inside the protected area
3
Entry Control
Purposes of Entry Contro l
• A perimeter security system is designed to provide a boundary around each protection area to prevent or detect unauthorized penetrations
• Entry control is designed to allow authorized persons and materials to move in and out through that boundary in a balanced secure way
• The system must: Allow entry of authorized persons Prevent entry of unauthorized persons Allow exit of authorized persons
4
10 - Entry Control
The Twenty-Sixth International Training Course
Page 3
Entry Control
Def in i t ions for Entry Contro l
Access Authorization: An administrative determination that an individual is eligible for access to enter a secure area or to access a secure cyber space. For instance, he/she is eligible to enter an area where nuclear materials are stored or where classified material is storedBadge: Credential an individual is provided once access authorization is determinedVerification: Determination of access authorization at the entry control point
• Accepts authorized persons• Rejects unauthorized persons
5
Entry Control
Bas is of Personnel Entry Contro l
• Something you know Personal Identification Number (PIN) Password
• Something you have Key Credential
• Something you are Biometric feature (e.g., fingerprints)
6
10 - Entry Control
The Twenty-Sixth International Training Course
Page 4
Entry Control
Types of Personnel Entry Contro l
7
Personnel Authorization Verification
Manual(Protective Force Guards)
Have -Credential
(Photo)
Automated(Machines)
Have -Credential(Coded) Know -
MemorizedNumber
(PIN)
Are -Personal
Characteristics(Biometric)
ExchangeCredential
Entry Control
Combinat ion of Cr i ter ia
• Combining two or all three factors greatly increases security
8
Badge swipe and PIN
Hand-geometry Biometrics
10 - Entry Control
The Twenty-Sixth International Training Course
Page 5
Entry Control
Personal Ident i f icat ion Numbers (PINs)
• Easy to use if not more than 6 digits• Disadvantages
Employee may forget the number Employee may write it down Adversary may obtain it or guess it
• Best used with other types of verification
9
2938
Entry Control
Types of Credent ia ls
• Verified by protective force guards Take-home photo credential
• Photo compared to individual• Photo compared to photo in database
Exchanged photo credential
• Verified by machine Coded credential Best used with other types of verification
10
10 - Entry Control
The Twenty-Sixth International Training Course
Page 6
Entry Control
Badge Exchange System
• The badge exchange system relies on two credentials• One credential is take-home while the other stays within
the secure area• These credentials must look different
11
Take-Home Exchange
Entry Control
Personnel Credent ia ls
• Coded Credentials Bar Code Magnetic Stripe Weigand Proximity “Smart”
12
Advantages
Controls access by area and time
Logs each access (or exit)
Has low false rejection rate
Performs consistently
Disadvantages
Identifies badge, not person
Requires maintenance
May be defeated by counterfeit badge
10 - Entry Control
The Twenty-Sixth International Training Course
Page 7
Entry Control
Character is t ics of Bar Code
• Image of varying width lines (bars) and spaces Linear barcode or one-dimensional (1D) Two-dimensional (2D) barcode
• Commonly used• Easy to make• Disadvantage
Susceptible to reproduction
13
1D Bar Code 2D Bar Code
Entry Control
Character is t ics of Magnet ic Str ipe Badges
• Polarized magnetic particles, similar to cassette tape• Widespread use, as on credit cards • Easy to use• Easy to make• Disadvantage
Erased by common magnet
14
10 - Entry Control
The Twenty-Sixth International Training Course
Page 8
Entry Control
Character ist ics of Wiegand Cards
• Uses series of embedded wires with special magnetic properties
• Widespread use, output format is an industry standard• Easy to use, card is read via a “swipe” action similar to
magnetic stripes• More difficult to make
15
Entry Control
Character ist ics of Proximity Badges
• Radio Frequency identification card Induction powered Coded RF transmitter
• Widespread use• Easy to use
Hands free operation Compatible with protective clothing
• Purchased, not made at site Options for programming
• Pre-programmed• Programmed at site
• Disadvantage Multiple badges in range of reader
16
10 - Entry Control
The Twenty-Sixth International Training Course
Page 9
Entry Control
Character ist ics of Smart Cards
• Credit-card-sized device with microcomputer Allows storage of identification information, including
• PIN / password• Biometric template
Some capable of encrypting data Contact or contactless May include magnetic stripe
and/or barcode
• Increasing use• Usually not made onsite
17
Sir Isaac Newton
Expiration Date 11/12/1700
Entry Control
Ver i f icat ion vs. Recognit ion
• Most biometric systems verify identity You claim to be someone by presenting a card or PIN The system compares the recorded template with the live
biometric (one-to-one)
• Some biometric systems recognize you No claim of identity is made The system searches through its entire database to find a match
(one-to-many)
18
10 - Entry Control
The Twenty-Sixth International Training Course
Page 10
Entry Control
B iometr ic Ver i f icat ion
19
Type Use Verification or Recognition
Fingerprint Common Verification
Hand geometry Common Verification
Iris pattern Not common Recognition or Verification
Voice Not common Verification
Face Not common Verification
Finger Vein pattern New Verification
Entry Control
F ingerpr int Ident i ty Ver i f icat ion
• Captures the ridges and valleys of the fingerprint
Video Capture
Ultrasonic Capture
Solid State Capture
20
10 - Entry Control
The Twenty-Sixth International Training Course
Page 11
Entry Control
Hand Geometry Ident i ty Ver i f icat ion
• Uses CCD camera to image hand using near infrared illumination
21
Picture courtesy of Biomet PartnersPicture courtesy of Ingersoll Rand Security Technologies
Entry Control
I r i s Ident i ty Ver i f icat ion or Recognit ion
• Video camera captures image of the iris• Iris structure is highly unique to an individual
22
10 - Entry Control
The Twenty-Sixth International Training Course
Page 12
Entry Control
Vo ice Recognit ion Ident i ty Ver i f icat ion
• Uses microphone to collect a spoken phrase
23
Entry Control
Fac ia l Ident i ty Ver i f icat ion
• Uses cameras to capture facial features • Special cameras
24
Thermogram Two Dimensional
Two Dimensional with Parallax Three Dimensional
10 - Entry Control
The Twenty-Sixth International Training Course
Page 13
Entry Control
B lood Vein Ident i ty Ver i f icat ion
• Images the vein pattern on finger, palm, or the back of the hand
25
Picture courtesy of Hitachi Finger Vein Products
Entry Control
Factors Impact ing Biometr ic Capture
Environmental Factors Personnel Characteristic
Lighting—Both artificial and natural Fingerprint: Cold, dry, oily, cuts
Dust and debris Face: Hair, glasses, light, clothing, camera, presentation
Background noise Hand: Jewelry, bandages, weight change
Electromagnetic noise Eye: Glasses, head movement,
Voice: Speaker volume, illness
26
10 - Entry Control
The Twenty-Sixth International Training Course
Page 14
Entry Control
Leve ls of Entry Contro l
27
Level Verification Examples
1 One type Credential OR PIN OR Biometric
2 Two Types Credential AND PIN
OR
Credential AND Biometric
OR
Biometric AND PIN
3 Three Types Credential AND PIN AND Biometric
Entry Control
Features of B iometr ic Systems
• Ease of Integration A factor of how many different systems support a specific
technology and if the biometric has an flexible system interface
• Verification times 2 to 20 seconds
• Enrollment 1% to 3% of population is incompatible 30 seconds to 10 minutes required to enroll
• Cost $1,000 to $5,000 per terminal
28
10 - Entry Control
The Twenty-Sixth International Training Course
Page 15
Entry Control
Personnel Entry Contro l Errors
• Performance - Expressed as error rates associated with the specific technology False rejection
• Authorized persons are not allowed to enter• A small number may be an acceptable trade-off for high security
situation• Easy to quantify
False acceptance • Unauthorized persons are allowed to enter• A small number may be an acceptable trade-off for low security
situation• Difficult to quantify
29
Entry Control
Character iz ing Error Rates
30
10 - Entry Control
The Twenty-Sixth International Training Course
Page 16
Entry Control
Features of a Good Entry Contro l System
• Integration with boundary Cannot be bypassed Block individuals until access authorization verified Interfaces with the alarm system
• Integration with the guards/response force Protects guard Area is under surveillance
• Personnel integrate with system Easy to use for entry and exit Accommodates peak throughput (loads) Accommodates special cases
31
Entry Control
Appl icat ion of Good Design Cr i ter ia
32
Secondary Inspection
Area
Hardened Guard Booth
Metal Detectors
Turnstiles with card readers and PIN pads
CCTV Camera
10 - Entry Control
The Twenty-Sixth International Training Course
Page 17
Entry Control
Summary
• The purpose of entry control is to allow authorized persons to move in and out through a protected area boundary
• Entry control verification techniques depend on verifying what you: Know, Have, and Are
• Biometric systems verify who you are by means of a unique physical characteristic, such as fingerprint or hand geometry
• A good entry control system addresses interface with the protected area boundary, the guard force, and personnel
33