Access Control Systems: Technologies & Biometrics

Access Control Lists (ACLs)

Access Control Lists (ACLs) are fundamental components in network security, primarily used on routers and switches to filter traffic. They define rules that determine whether network packets are allowed or denied passage through a device. ACLs are typically configured to:

• Allow or deny specific network access based on criteria like source/destination IP addresses, ports, or protocols.
• Manage and prioritize network traffic flow.

These lists are crucial for enforcing security policies and segmenting network access.

Windows Firewall Configuration

Windows Firewall serves as a software-based access control mechanism, allowing users to manage network permissions for applications and services on a local computer. It is accessible via Control Panel > Administrative Tools > Windows Firewall.

To modify program exceptions or enhance security, such as preventing unauthorized remote access, follow these steps:

• Navigate to the Windows Firewall exceptions settings.
• To restrict external access, specifically disable "Remote Assistance" within the exceptions list.

Security System Access Control Types

Security access control systems can be broadly categorized based on their operational independence and connectivity requirements:

• Dependent Systems: These systems require a continuous connection to a central PC or server for their operation. They rely on a host computer for database management, decision-making, and logging.
• Self-Contained Systems: Also known as standalone systems, these units operate independently without needing a constant network connection. They store access credentials and make decisions locally, often isolated from the main network for enhanced security.

Common Access Control Technologies

Various technologies are employed to manage and enforce access, each with distinct characteristics and applications:

• Keypad/Keyboard: Requires users to enter a specific Personal Identification Number (PIN) or access code to gain entry.
• Barcode Cards: An older technology where access is granted by scanning a barcode. These are now largely disused in high-security access control due to ease of duplication.
• Magnetic Stripe Cards: Data is encoded on a magnetic stripe, which is read by swiping the card through a reader. Common in older access systems and credit cards.
• Proximity Cards (RFID): Utilize Radio Frequency Identification (RFID) technology. These cards contain an RFID chip and antenna, allowing them to be read when brought within a certain range (typically less than 15 cm) of a reader. Long-range RFID systems can be read from 2 to 3 meters away, offering hands-free access.
• KABA RCID Identification Technology: A specialized system that identifies individuals by analyzing their unique electrostatic charge pattern.
• Touch Keys (iButton): Small electronic chips encased in a metal casing. When brought into contact with a reader, the chip transmits a unique identifier to grant access.

Biometric Access Control

Biometrics is a field dedicated to measuring and analyzing unique biological characteristics or behavioral traits of individuals for identification and verification purposes. Common examples include fingerprints, facial physiognomy, palm prints, and iris patterns.

Key Biometric Indicators

Effective biometric characteristics typically possess the following qualities:

• Universality: The characteristic should be present in most individuals.
• Uniqueness: The characteristic should be sufficiently distinct for each individual to differentiate them.
• Permanence: The characteristic should remain relatively stable and unchanged over an individual's lifetime.
• Measurability/Quantifiability: The characteristic must be accurately capturable and processable by a sensor.

Enforceable Features & Performance Metrics

For practical application, biometric systems also consider:

• Effectiveness: How well the system performs its intended function of identification or verification.
• Acceptance: The willingness of individuals to use the biometric system, considering factors like convenience and privacy.
• Reliability: The consistency and dependability of the system's performance over time and under varying conditions.

Biometric system performance is primarily evaluated by:

• Identification Process: Matching an individual's biometric data against a database of known identities to determine who they are (one-to-many comparison).
• Verification Process: Confirming an individual's claimed identity by comparing their biometric data to a stored template (one-to-one comparison).

Accuracy & Error Rates

Critical performance metrics for biometric systems include:

• False Rejection Rate (FRR): The rate at which legitimate users are incorrectly denied access (Type I error).
• False Acceptance Rate (FAR): The rate at which unauthorized users are incorrectly granted access (Type II error).
• Equal Error Rate (EER): The point where the False Rejection Rate and False Acceptance Rate are equal. The EER represents a balanced measure of system accuracy, indicating the trade-off between security and convenience.

Types of Biometric Systems

Common biometric modalities used for access control include:

• Fingerprint Recognition: Utilizes the unique ridge and valley patterns of an individual's fingerprint. Each individual possesses a unique fingerprint that does not change throughout life.
• Iris Recognition: Analyzes the distinct and complex patterns of the iris (the colored part of the eye). Iris patterns are highly unique to each individual and remain stable over time.
• Palm Print Recognition: Involves scanning the unique lines, creases, and patterns on a person's palm.
• Face Recognition: Scans and analyzes facial features for identification. Recent advancements include 3D scanning for enhanced accuracy and liveness detection.