Designing of Access Control Systems - Term Paper Example

Access Control Systems: Student’s Name: Institution’s Name: Introduction Access control is a procedure of mediating each request to data and resources preserved by a system as well as determining if the request needs to be denied or granted. It is a usual component for several applications of software to attain information security (Sun & Huang, 2011). A physical system for controlling access is first design, then implemented and later installed. The system gives support to a number of identification media types and gives an easy means of management. An administration system that is based on web gives all required functions so as to control the users’ access rights and perform system monitoring. Additionally, a web interface for users is available so as give information regarding account of each user (Daradimos et al., 2007). Physical systems for controlling access are turning to be more popular in universities, libraries as well as in large organizations where individuals must have authorized access and control. A number of vendors have created access control systems which integrate the newest methods of authentication such as biometrics and Radio Frequency Identification (RFID). These kinds of systems need dedicated infrastructure of communication, specialized hardware and computer systems to regulate access (Vela et al., 2007). This paper describes different policies, theories and techniques applied while designing an integrated system for access control. The discussed ideas are then borrowed in designing an integrated system for access control in a mine’s main office block that contains five essential departments in it. Policies and Theories Applied in Designing Access Control System There are two essential management components required in a system if a system is supposed to be employed by more than one user. One is a component for identity management (IDM) which focuses on plotting entities of a real world into digital identities (Bertino et al., 2002). The digital identities stand for personal data of individuals which are known to as identities, users or accounts. Additionally, the component of IDM serves like a foundation of the next building block which aims at dealing with issues of access management (AM) by allocating authorization to digital identities, founded on concepts for instance roles, groups, or a combination of the two (Pluta et al., 2011). While developing an access control system, there are three controls concepts that should be considered which include mechanisms, models, and policies. Policies of access control are requirements of high-level that specify ways in which access is administered and who may access which information, under which circumstances (Custance, 1997). While policies of access control can be specific in their application and therefore being considered by a number of application vendors, it is possible that polices in an organizational unit context mostly affects users’ actions. At a higher degree, policies of access control are implemented by a mechanism which transforms access request of a user frequently in form of a structure provided by the system. There is an extensive structures variation for instance a straightforward lookup may be executed to deny or grant access. Although there is no a define structure to govern the support of the policy, various mechanisms of access control are straightforward formal policy concepts for access control implementation (Hu et al., 2006). Physical Access Control System Physical computer based access control systems operate by controlling doors’ locks. An individual who wishes to access a locked door need to prove to the system that she or he is listed in the door’s access list (Buchs et al., 1996). An individual does this through presenting credentials of identification. Normally, these credentials are in kinds of access cards or personal identification number (PIN). PIN is typed on a keypad by an individual or a card is presented to the card readers. There are a number of systems that take both card readers and keypads ant every entry point to enhance tight security. Usually, after giving a card to the card reader or keying in the PIN number to the keypad, the system counter checks the entered number with the number stored in the database to verify whether the input data matches any entry stored in the database (Stretton, 1997). Another good example of physical system for controlling access is by use of biometric technology. A biometric system contains four varying building blocks. The first block is based at the access point where the user presses his or her finger prints or where eye iris is read. The second block entails pre-processing of the captured image so as to eliminate the repeated information thus producing a clear image that can be taken to the next level. Pre-processing takes place in the metric and later the pre-processed image is transported to the database located in a computer machine for processing (Sun & Huang, 2011). This transfer of the image from the pre-processed block to the database is by use of local network underlying infrastructure. The third block extract the feature passed on by the second stage. At this stage pores, minutiae or some other information associated with finger iniquity or any other biological feature used is obtained. Lastly, the obtained feature is matched with the database stored features. The matching will give similarity percentage which will be employed to verify whether the user applying for access is the same as the person enrolled to gain access. If they percentage of the match indicates higher level of similarity, access is granted else it is denied. This part of the processing takes place in the computer system (Sanchez-Reillo & Sanchez-Avila, 2001). Computer Accesses Control System Currently, computers and buildings access control systems apply similar basic ideas, though they do not operate together. Workers must carry or memorize a number of diverse access credential. Mangers of security need to learn on how to employ a various systems which cannot offer a consistent security picture of a company. Access control system that is integrated provides employees with a particular access token which allows them into computer systems via doors. Additionally, it contains an integrated database which provides security view of entire company to the manger. One technique used to shift to integrated system is by first introducing smart cards as access tokens of dual-purpose. Later one can develop a database of an integrated access control (Hu et al., 2006). Computer access systems of controlling access to computers work almost the same with physical systems. An individual who wish to log the system of a computer must prove to the system that he has the rights to do so. This is done by keying in username, followed by a password. An identifier is then used to confirm if the entered details are in the system access list. A password is used to verify an individual is whom she or he asserts to be. In a number of current computer systems, users are forced to remember their passwords. Additionally, every system of a computer is liable for conducting its own admittance control (Ysnushkevich et al., 2006). Frequently, this results to varying methods of controlling access on diverse computer systems as well as varying passwords. This has turned into a great challenge especially in the current network era. The advancement of access security problem has resulted into an increase in numerical value of products used to handle the problem. A number of these products coalesced hand-held generator of password with particular software which operated on various computers. A new password is supplied to the user by password generator, at each time she or he access the machine and therefore password memorization is not necessary. This software gives a common method of access control to diverse machines (Gouglidis & Mavrids, 2012). Another method employed to control access into a computer system is by utilizing of a central computer assigned for users’ authentication only. Keberos is among the most famous system of this kind. An authentication server of keberos exchanges encoded messages with personal computer of an employee to verify the identity of an employee. It then gives the employee single or more electronic tickets which allows her or him to access other network computers (Smith & Chardland, 1994). Access Control Integrated System Structural Design While designing the integrated system for controlling access to the mine, officials should consider the best ways in which they can manage entrances to the five major sensitive departments that include board rooms, executive suite, finance, geology department and administration which are all built in main office building. Among some of the credential solution to mine office access control will include use of physical measures such as gates, fences, locks as well as security credentials for instance smart cards, proximity cards, magnetic card or biometrics systems. Additionally, the computer system inside the building must be assigned to specific users who will be identified by use of passwords and user names (Aiphone, 2010). Below is an integration description that can be applied in the mine to control access to the mine’s essential departments that requires authorized personals only. The designer will ensure that there at least one recognition media at the office main door, as well as all doors that lead to the five main offices. Since the office main door is accessed by many individuals, a smart card or magnetic strip card would be appropriate. A device named as identification media reader (IMR) which communicate with recognition media such as RFID, biometrics scanners, iButtons, Magnetic stripe card and a smart card it will be attached to the used media (Al-Zewairi et al., 20011). An electromechanical actuator which is a device with technique that controls physical access to a region by use of electromagnetic lock of a door can also be used at doors entrance. Additionally, the entrance will also need a feedback device which will be used to inform individuals who try to employ a particular access point of its status of access. The device can be indicator light, speaker, or LCD display. Access point controller is an electronic circuit which controls and communicates multiple point of access (Xiaoping & Yungliang, 2011). In addition to the physical setup, the following software setup is highly recommended. This will be controlled by the servers and their actual location is inside a server that can be located in administration offices (Parker, 1990). Access control client will be applied to enhance exchange of data among access control server and an APC by use of https/http protocol and networking infrastructure. Access control server deals with requests of access from multiple clients’ access control and with regard to credentials given by clients it replies with a message to indicate whether the access is denied or accessed. Additionally, ACS will keep track and accounts for the AP status (Hazaa et al., 2009). An integrated system of access control will be used. This interface requires two web interfaces, one is the interface to the administrator that enables control over the whole system and gives the tools for managing users as well as access scheduling, access time-plan and access control. The second interface is the user interface (Goyal & Singh, 1991). This interface allows users right of entry to information such as access scheduling, access control and account details. Additionally, user is given an option to disable his or her media of access if it is compromised. The last essential requirement that will be need is a database. Database holds all require information for a system to function. This information includes information of access scheduling, information of access media, information of access point and user account details. The mine needs to be well networked before implementation of the described design. The figure one below shows the interaction of the discussed design ( Daradimos et al., 2007) Figure 1: System overview Conclusion Access control is a procedure of mediating each request to data and resources preserved by a system as well as determining if the request needs to be denied or granted. A physical system for controlling access is first design, then implemented and later installed. On the other hand, an administration system that is based on web gives all required functions so as to control the users’ access rights and perform system monitoring. Physical systems for controlling access are turning to be more popular in universities, libraries as well as in large organizations where individuals must have authorized access and control. There are two essential management components required in a system if a system is supposed to be employed by more than one user. Additionally, while developing an access control system, there are three controls concepts that should be considered which include mechanisms, models, and policies. Physical computer based access control systems operate by controlling doors’ locks. Therefore an individual who wishes to access a locked door need to prove to the system that she or he is listed in the door’s access list. Currently, computers and buildings access control systems apply similar basic ideas, though they do not operate together. References Aiphone, (2010). How to have a complete access control system. Retrieved from http://www.campussafetymagazine.com/files/resources/aiphone.pdf Al-Zewairi, M., Alqatawna, J., & Al-Kadi, O. (2011). Privacy and security for RFID Access Control Systems: RFID Access Control Systems without back-end database. The IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT). Amman: Jordan. Bertino, E., Catania, B., & Ferrari, E. (2002). A system to specify and manage multipolicy access control models. Proceedings from POLICY ’02. The Third International Workshop on Policies for Distributed Systems and Networks. Milan Univ: Milan. Buchs, J.D., Detlefsen, W., & Grabow, W. (1996). Access control system based on the emerging European standard for 5.8 GHz short range communication. Proceedings from Vehicular Technology Conference, 1996. The IEEE 46th 'Mobile Technology for the Human Race’. Atlanta, GA: USA. Custance, N.D.E. (1997). Technical access control systems. Turning policy into practice. Proceedings from IEEE ’97. The 31st Annual International Carnahan Conference on Security Technology. Canberra, ACT. Daradimos, I., Papadopoulos, K., Stavrakas, I., Kaitsa, M., Kontogiannis, T. &, Triantis, D. (2007). A Physical Access Control System that utilizes existing networking and computer infrastructure. Proceedings from EUROCON, 2007. The International Conference on "Computer as a Tool". Athens, Greece. Goyal, M. L., & Singh, G. V. (1991). Access control in distributed heterogeneous database management systems . Computers & Security, 10 (7), 661-669. Gouglidis, A., & Mavridis, I. (2012). DomRBAC: An access control model for modern collaborative systems. Computers & Security, 31 (4), 540-556. Hazaa, M.A, Ghani, A.A.A., Mamat, A., & Ibrahim, H. (2009). Secure role based access control systems using aspect-orientation designing. Proceedings from 5th IEEE. GCC Conference & Exhibition, 2009. Putra: Malaysia. Hu, V. C., Ferraiolo , D.F., & Kuhn, D.R. (2006). Assessment of Access Control Systems. Retrieved from http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf Parker , T. A. (1990). Application access control standards for distributed systems. Computers & Security, 9 (6), 519-528. Pluta, D., Weinert, P., & Hommel, W. (2011). Identity & access control management infrastructure blueprint —design principles for true informational self-determination. Retrieved from http://www.daasi.de/ldapcon2011/downloads/plutahommelweinert-paper.pdf Sanchez-Reillo, R., & Sanchez-Avila, C. (2001). Fingerprint verification using smart cards for access control systems. Proceedings from IEEE ’01. The 35th International Carnahan Conference on Security Technology. Carlos III: Leganes. Smith, J.M., & Charland, R. (1994). Integrating physical and computer access control systems. Proceedings from IEEE ’94. The 28th Annual International Carnahan Conference on Security Technology. Ottawa: Canada. Stretton, C.J.H. (1997). Technical access control systems. The development of a corporate security strategy. Proceedings from IEEE ’97. The 31st Annual International Carnahan Conference on Security Technology. Hawthorn: London. Sun, L. & Huang, G. (2011). Towards accuracy of role-based access control configurations in component-based systems. Journal of Systems Architecture, 57 (3), 314-326. Vela, F.L.G., Montes, J.L.I., Rodríguez, P. P., Román, M. S. R., & Valverde, B. J. (2007). An architecture for access control management in collaborative enterprise systems based on organization models . Science of Computer Programming, 66(1), 44-59. Xiaoping, F., & Yunliang, Z. (2011). A QoS-enabled secure LAN access control system. Preceding from Communications and Networks (CECNet). The 2011 International Conference on Consumer Electronics. Beijing: China Yanushkevich, S.N., Stoica, A., & Shmerko, V.P. (2006). Semantic Framework for Biometric-Based Access Control Systems. Proceedings from IEEE ’06. The International Conference on Computational Intelligence for Homeland Security and Personal Safety. Calgary Univ: Alta. Read More