Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Cai E. Xu,Feng Xu,Xiaohua Li,Dongming Lu,Yanqi Cheng

DOI: https://doi.org/10.3969/j.issn.1000-436x.2013.z2.027

2013-01-01

Abstract:Considering access control with more card, scattered access flow data and poor scalability in current university building multi-system, the campus integrated access management platform triple frame design with the core of perception layer, transport layer and application layer was proposed. Campus card access control applications based on a unified data processing were realized, by method of Media and unified campus card authorization, implementing hierarchical management and access networking, comprehensively regulate access standards and centralized storage of data water. The design not only facilitates the management of school access control applications, but also carries out data mining based access control and lay the foundation for leadership decision-making support.

ZHENG Lan,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.07.058

2005-01-01

Abstract:With the rapid growth of internet and enterprises on a global scale, the use of directories as accessible repositories providesa flexible and various solution for gathering, storage and accessing information. The design and implementation of an unified accesscontrol system supporting single-sign-on areintrodueed, whichis based on LDAPdirectory and combines access controls ofall applicationsystems to realize security access system of unified users management. The system used middleware technology to efficiently resolvethe bottleneck problem when a lot of users accesed LDAP database.

Kostiantyn Khabarlak,Larysa Koriashkina

DOI: https://doi.org/10.48550/arXiv.2103.06767

2021-03-11

Cryptography and Security

Abstract:Better access control system security comes at a higher price. It many cases the price is too high for small companies, leaving them vulnerable with cheap and insecure systems. In this work we introduce an alternative access control scheme, which improves access control security while lowering the cost. In the proposed model, passive RFID tags are mounted near a turnstile or a smart door. Tag reading and programming is done via NFC chip directly on the users smartphone. To enhance security, together with smartphone-based authorization we require the user to provide his photograph while entering a secure gate. The photograph is then displayed on a monitoring dashboard side-by-side with the registration picture, so that the two can be matched against each other. The developed client-server application offers administrative system used to configure gate access policies and monitor entrances with filters by access time, user and gate. Also, we propose a mobile application that allows gate registration and serves as a door unlock key. The suggested access control model reduces installation costs required, while maintaining good security. The system is fully wireless and uses cheap autonomous RFID-tags as its main component. We hope, that the proposed system architecture will find its application in small to medium-sized companies.

Wang Baoyi,Zhang Shaomin,Zhilei Zhang

DOI: https://doi.org/10.1109/ICIT.2008.4608609

2008-01-01

Abstract:Role-based Access Control (RBAC) policy separates user and privilege logically by importing the concept of role, which can simplify the management of privilege in electric power enterprise. As the development and sustaining change of electric power system, unattended substations become the new developing direction. Unattended substation automation system will realize centralized management and remote control, so the use of RBAC access control method will aggravate the burden of the access control server. What is more, it adds the complexity of management. RBAC could not meet the needs of the system. This paper designs Distributed RBAC access control model, according to the substation automation system structure stated in IEC61850. Users obtain their roles in centralized server, and obtain their privilege dispersedly. The efficiency is improved. Management is more convenient. In the end, a practical example is presented to prove that the designed model and algorithm have high security, feasibility and effectiveness in unattended substation automation system. Because the model and algorithm are designed according to the ITU-T X.509 and IEC61850 international standards, the design has high currency, adaptability and expansibility. ©2008 IEEE.

Nataliya Kuznetsova,Tatyana Karlova,Aleksandr Bekmeshov

DOI: https://doi.org/10.30987/2658-6436-2023-3-13-22

2023-09-30

Automation and modeling in design and management

Abstract:The aim of the scientific work is to create a methodology for designing an auxiliary automated management decision making system based on analysing information security level of intellectual resources of a large industrial enterprise. The methodology is based on the principle of comprehensive information security. The article is devoted to solving the problem of creating a convenient auxiliary tool for auditing information security events. The novelty of the work is the proposed creative concept of using the maximum amount of data on information security events to make a management decision (including a personnel management decision). The study results are recommendations for building an auxiliary automated system for auditing and analysing the information security level of intellectual resources of a large industrial enterprise.

ВОЛОДИМИР КОРЧИНСЬКИЙ,ІРИНА ТАРАСЕНКО,СЕРГІЙ РАЦИБОРИНСЬКИЙ,ОЛЕКСАНДР АКАЄВ,АРТЕМ ХАДЖИОГЛО

DOI: https://doi.org/10.31891/2307-5732-2024-331-44

2024-02-29

Abstract:The paper provides an overview and analysis of the problems in the application of automated access control systems based on NFC. The capabilities of the Arduino platform are investigated and an access control system with an RFID-NFC module is developed on its basis. The use of automated access control systems in the modern world is becoming increasingly relevant. It involves a number of benefits that such systems can bring to businesses and other entities. These systems simplify and speed up the process of identifying a person, save time and increase the efficiency of security services, but still require human control. RFID-NFC technology is up-to-date, so the development and use of this technology for an access control system can solve the problem of unauthorized access to premises and/or controlled areas. Also, a company/enterprise can save money on identification devices, since various documents with an embedded NFC tag can be used as an identifier. For example, it can be a passport of a citizen of Ukraine, a passport of a citizen of Ukraine for travelling abroad, a certificate of registration, bank cards and a smartphone with NFC function, etc. An automated access control system is a set of advanced technologies and software designed to control and restrict access to a specific private territory/controlled area. The main purpose of an automated access control system is to ensure security, control and monitoring of access to a private territory/controlled area. Such systems are used to identify personnel, vehicles, etc. that have access to a restricted area/controlled zone. Access control systems can be integrated with other security systems, such as video surveillance systems, intrusion detection/prevention systems, etc.

Zhu Guiqiang,Huang Hao

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.04.003

2013-01-01

Abstract:Access control is the necessary means to realise multilevel information security.When defining and describing the information system,in this paper we divide its objects into static object and dynamic object.The static object is stored in the resource server for centralised management.Mails are used as the only carrier to transmit the dynamic object between subjects.The monitoring mechanism is deployed in both the mail client and the resource servers to implement access control.Function test shows that this system can control the subject visiting object and the communication between subjects simultaneously so as to protect the security of sensitive information and prevent the leakage and unauthorised access.

N. Limanova,A. Anashkin

DOI: https://doi.org/10.33619/2414-2948/87/27

2023-02-15

Bulletin of Science and Practice

Abstract:The relevance of the work lies in the fact that the pace of development of the field of information security does not correspond to progress in the development of data processing methods, resulting in a serious lack of practical knowledge of the subject area, which prevents the creation of conditions for secure recording, processing and storage of data. In the process of writing the article, modern methods and principles of ensuring information security, including a mandatory approach, were studied, and a brief description of software products supporting this approach was given. The mandatory method of information protection implies granting access rights to certain actions in accordance with the user’s status. Such actions can be, for example, writing, reading and changing data. Examples of user statuses are ‘administrator’ and ‘reader’, where the administrator, as a rule, is provided with the entire list of available actions, and the reader is provided with only a minimum, sufficient for familiarization activities. In its architecture, the mandatory approach often contains tools for conducting cluster analysis. Cluster analysis can be used both to carry out work on risk analysis and assessment, and to determine the degree of protection of an object. In any case, when building a cluster, it should be taken into account that some levels of protection may be represented by more objects than others. There are software products on the information security market that allow the use of a mandatory method of ensuring information security. One of the striking examples is the PostgreSQL database management system, which has an apparatus of labels assigned according to the user’s level of rights: the higher the level of rights, the higher the access level.

Anastasia Kalita,Marina Ozhiganova,Evgeny Tishchenko

DOI: https://doi.org/10.15688/nbit.jvolsu.2019.1.2

2019-08-01

NBI Technologies

Abstract:Over the past few decades, there has been a tendency to minimize the participation of the human factor in various production and other processes. This process is implemented through the mass introduction of automated systems. Man-machine complexes are currently the most common and productive model of activity. At the current stage of technology development, the process of human activity automation is only an intermediate link on the way to excluding human intervention. This direction is the most relevant for systems that have a potential and real threat to human health and life (for example, manufacturing plants) or systems that are threatened by a person (for example, transport systems). The second group includes the sphere of information security. There is a need to move to the next level of excluding the human factor – introducing adaptive systems that will transfer the process of information protection in a completely different plane. The organization of adaptive information security systems is based on applying existing methods of adaptation from other areas of scientific knowledge in relation to information security issues. Features of such application of the generalized principles of adaptation reflect the specifics of the subject area without violating generally accepted norms. This article discusses the general principles of adaptive systems. It investigates the existing approaches to the organization of adaptive information security systems as well.

Igor Kotenko,Igor Saenko,Roman Zakharchenko,Dmitry Velichko,,,,

DOI: https://doi.org/10.21681/2311-3456-2023-1-13-27

2023-01-01

Voprosy kiberbezopasnosti

Abstract:The purpose of the article: conducting a system analysis of the requirements for the subsystem for preventing computer attacks on critical information infrastructure in order to substantiate the directions for further improved scientific and methodological apparatus for the full functioning of the subsystem for preventing computer attacks. Research method: theoretical and systematic analysis of the requirements of legal acts, scientific publications, protection technologies and means of their implementation in departmental systems for detecting and counteringcomputer attacks.The result obtained: the rationale for the need to build mechanisms for preventing computer attacks on critical information infrastructure objects and the requirements for the subsystem for preventing computer attacks was carried out, an approach was proposed to prevent computer attacks at the stages of reconnaissance by an attacker of critical information infrastructure objects, based on the introduction of a security event correlation mechanism with automatic adaptation to the analyzed information infrastructure and the functions it performs at the current time and a detailed specification of the correlation rules.Scope of the proposed approach: a subsystem for preventing computer attacks of departmental systems for detecting and countering computer attacks, which should identify and prevent attempts to conduct computer attacks on critical information infrastructure objects in advance.The scientific novelty consists in a comprehensive analysis of the need to build mechanisms for preventing computer attacks on critical information infrastructure objects, an analysis of the requirements for the computer attack prevention subsystem, its functions and means of implementation. It is shown that the functions of preventing computer attacks in domestic technical solutions are not fully implemented, and that there is a substitution of the concept of “subsystem for preventing computer attacks” by the concept of “control and technical measures”. It is substantiated that for the implementation of the functions of preventing computer attacks, there is a technological backlog in the form of a ready-made technology based on the technology for building SIEM systems. It is shown that there is a need to refine the scientific and methodological apparatus for implementing computer warning functions based on artificial intelligence methods and big data technologies.Contribution: Kotenko I.V. - analysis of the functionality of the subsystem for preventing computer attacks, setting the task and proposals for developing the functionality of the subsystem for preventing computer attacks on critical information infrastructure objects; Saenko I.B. - analysis of the subsystem for preventing computer attacks in the general context of the theory of information security, substantiation of the implementation of the functions of preventing computer attacks based on the technology of building SIEM systems and big data; Zakharchenko R.I. - analysis of technical solutions that ensure the implementation of the subsystem for preventing computer attacks, Velichko D.V. - an approach to detecting computer attacks at the stages of reconnaissance by an attacker of objects of critical information infrastructure. All authors participated in the writing of the article.

ZHANG Jian-jun,ZHANG Qun,ZHANG Li

DOI: https://doi.org/10.3969/j.issn.1003-5060.2006.07.028

2006-01-01

Abstract:How to build an effective access control is very important to the security and reliability of the enterprise information management system(EIMS).In this paper,a kind of flexible object-oriented access control(FOOAC) model is presented based on the analysis of requirements of real access control and access control models of related information management systems,especially the role-based access control model.An access controller based on the FOOAC model is given to demonstrate the application of the model.

Oleksandr Khrapkin,

DOI: https://doi.org/10.25140/2411-5215-2023-4(36)-86-94

2023-01-01

Abstract:The article deals with the peculiarities of ensuring strategic management of information security of modern enterprises. Nowadays, information security systems are designed to ensure the full function-ing of an enterprise's information infrastructure using various types of information services, automation of financial and production activities, as well as its business processes.The basic provisions of information security are formalized and enshrined in the Information Security Strategy of Ukraine. Other regulatory documents and standards of enterprises must comply with the laws and regulatory framework of Ukraine, international law, industry standards and EU and NATO directives.The article considers the need to form an information security management system, which is caused by the existence of internal and external threats, their destructive consequences for the activities and image of an enterprise. The tasks of information security are analyzed: data confidentiality, integ-rity, availability, ensuring the reliability of information, ensuring the legal significance of information, ensuring the untraceability of user actions. Information security management involves identifying po-tential risks to an enterprise, assessing the potential impact, developing and implementing strategies to eliminate problems designed to minimize risks with the available resources.The main stages of developing an information security policy are identified: complete registration of all information resources that require protection; formation of a list of possible threats to each re-source from the list; assessment of the probability of occurrence of each threat; application of actions for the effective protection of each resource. The basic principles of an information security management system for an enterprise are outlined: ease of use, full control, open architecture, access limits, least privileges, sufficient stability, and minimization of duplication. It is also about storing and processing significant amounts of information of varying degrees of confidentiality, so the issue of protecting im-portant enterprise information data from various internal and external threats is relevant

JIN Yi,ZHEN Jun,YAN Ji-duo,SHI Sheng-jin

DOI: https://doi.org/10.3969/j.issn.1673-6125.2013.01.014

2013-01-01

Abstract:Security access management system is one supervising system to manage the attendance checks of employees by using RFID and security access card readers with automatic storing checks data.The system guarantees the accuracy of checking attendance management information and also provides the convenience for the management personnel.

Rasa Bruzgiene,Konstantinas Jurgilas

DOI: https://doi.org/10.3390/electronics10151819

IF: 2.9

2021-07-29

Electronics

Abstract:Information systems of critical infrastructure provide services on which the core functions of a state and its economy depend as well as welfare of society. Such systems are becoming an increasingly common target for crimes and attacks in cyberspace, as their vulnerabilities can be exploited for malicious activities seeking financial or political gain. One of the main reasons that threatens the security of these systems is the weak control of remote access, otherwise defined as management of a system’s user identity. Management of user identity depends on user authentication, authorization and the assignment of certain rights in the digital space. This paper provides the proposed two-factor (2FA) digital authentication method for remote access to an information system of a critical infrastructure. Results of testing the method’s usability and resilience to cyber threats have shown that the system, in which the method was implemented, is protected from dangerous HTTP requests and publicly available system’s endpoints are protected from threatening inputs that could cause malicious activities on the critical infrastructure. Additionally, the implementation of the authentication API application ensures the rapidity of the method for less than 500 ms for 100 users working in parallel with the system at the same time.

engineering, electrical & electronic,computer science, information systems,physics, applied

Syuan-You Chen Syuan-You Chen,Shih-Wen Jiang Syuan-You Chen,Whai-En Chen Shih-Wen Jiang

DOI: https://doi.org/10.53106/160792642023112406017

2023-11-01

網際網路技術學刊

Abstract:An access/entry control system usually consists of many subsystems. These subsystems have different Application Programming Interfaces (APIs), but they need to be integrated and interacted well. Without a good integrated platform, the communications between subsystems will be very complicated. In addition, except user name and password, Radio Frequency Identification (RFID), and the human’s biometrics (e.g., fingerprint and face) are used to identify users. Wireless Local Area Network (WLAN), mobile communications (e.g. 4G/5G) and Bluetooth are adopted as the remote access technologies. In addition, with the COVID-19 pandemic, public health and personal safety are getting more concerns. People are required to wear personal protective equipment (PPE) in some special areas (e.g., barns and factories) to ensure the personal healthy and food’s safety. To identify the user and detect whether the PPE is correctly worn, this paper proposes an access/entry control system by using an Internet of Things (IoT) platform. Through the proposed IoT system architecture, different identification mechanisms and communication technologies can be adopted, and the messages can be exchanged between two mechanisms. This paper elaborates the architecture design of the IoT platform and discusses the implementation/deployment issues of the PPE detection by using machine learning mechanisms.  

computer science, information systems,telecommunications

Yiyang Jia,Hanyan Wu,Dongxing Jiang

DOI: https://doi.org/10.1109/CyberC.2015.47

2015-01-01

Abstract:Security situation assessment is an effective way to analyze the situation of an information system, which helps administrator understand the current system risk status and make policy to response in time. However, the existing researches for security situation assessment mostly focus on network. The proposed methods for network are not so suitable for information systems. This paper proposes a hierarchical security situation analysis framework for information system, based on a classical NSSA [1] (network security situation analysis) model. The framework provides a standard flow for analyzing the security situation of information system. It consists a security situation analysis model of information system, an index system used in the model proposed, and a quantitative index fusion method to calculate a security situational value. We divided information system into 3 levels: sub-system level, composition level and index level. The collected information from the index level can be combined with grey model to determine the correlation degree between each major index and secondary index. Finally we calculate the whole system security situational value level by level. We use data from Tsinghua University information system to verify the proposed model and method. The result shows that this model can reflect the current security situation of information system comprehensively.

Dipankar Dasgupta,Arunava Roy,Debasis Ghosh

DOI: https://doi.org/10.1016/j.ins.2017.09.039

IF: 8.1

2018-01-01

Information Sciences

Abstract:Exfiltration of sensitive data and intellectual property theft have increased to a significant level affecting both government agencies as well as small to large businesses. One of the major reasons of data breaches is malicious insiders who have the access rights, knowledge of data values and technical know-how of escalating their privileges in launching such insider attacks. Traditional access control policies (to shared data and computing resources) were evolved around the trust on legitimate users’ access rights (read, write and execute) based on their jobs and role hierarchy in an organization. However, such access privileges are increasingly being misused by hostile, oblivious, rouge and pseudo-insiders. This work introduces a multi-user permission strategy and formulates a methodology for shared-trustworthy access (to classified data and services) by considering organizational structure. Accordingly, based on the sensitivity of the information being requested by a user, approvers are selected dynamically to reflect the work environment such as mobility, use of the device, access policy, etc. For this purpose, the proposed methodology first generates an access control graph, based on inter-relationship among employees and their roles in an organization. Next, it generates a set of permission grantees who are allowed to approve the access request of a user at a given time. The proposed multi-user permission strategy is evaluated with two empirical datasets and reported results demonstrated its ability in selecting non-repetitive approvers for a user access under different organizational and environmental constraints.

computer science, information systems

Malik Imran-Daud

DOI: https://doi.org/10.48550/arXiv.1612.09527

2016-12-30

Cryptography and Security

Abstract:Thanks to the advent of the Internet, it is now possible to easily share vast amounts of electronic information and computer resources (which include hardware, computer services, etc.) in open distributed environments. These environments serve as a common platform for heterogeneous users (e.g., corporate, individuals etc.) by hosting customized user applications and systems, providing ubiquitous access to the shared resources and requiring less administrative efforts; as a result, they enable users and companies to increase their productivity. Unfortunately, sharing of resources in open environments has significantly increased the privacy threats to the users. Indeed, shared electronic data may be exploited by third parties, such as Data Brokers, which may aggregate, infer and redistribute (sensitive) personal features, thus potentially impairing the privacy of the individuals. A way to palliate this problem consists on controlling the access of users over the potentially sensitive resources. Specifically, access control management regulates the access to the shared resources according to the credentials of the users, the type of resource and the privacy preferences of the resource/data owners. The efficient management of access control is crucial in large and dynamic environments. Moreover, in order to propose a feasible and scalable solution, we need to get rid of manual management of rules/constraints (in which most available solutions rely) that constitutes a serious burden for the users and the administrators. Finally, access control management should be intuitive for the end users, who usually lack technical expertise, and they may find access control mechanism more difficult to understand and rigid to apply due to its complex configuration settings.