Advanced

Access Control With High Security Credentials

Kapusta, Michael and Lindstrom, Nicklas (2016) In MSc Theses
Department of Automatic Control
Abstract
Developing security regardless of its format is a constant cat and mouse game were adversaries are either in the midst of trying to crack your solution, or they may have already cracked it. A cryptographic algorithm may be unfeasible to crack from a mathematical perspective but as long as a human being is the one developing the solution, a human error is always possible.

A large quantity of the current security solutions on the Physical Access Control Systems market are, as will be shown in this thesis, riddled with human errors. Security systems that are portrayed by their developers as secure even though they are not, give the users a false sense of security. The insecure Physical Access Control Systems are, as will be shown in this... (More)
Developing security regardless of its format is a constant cat and mouse game were adversaries are either in the midst of trying to crack your solution, or they may have already cracked it. A cryptographic algorithm may be unfeasible to crack from a mathematical perspective but as long as a human being is the one developing the solution, a human error is always possible.

A large quantity of the current security solutions on the Physical Access Control Systems market are, as will be shown in this thesis, riddled with human errors. Security systems that are portrayed by their developers as secure even though they are not, give the users a false sense of security. The insecure Physical Access Control Systems are, as will be shown in this thesis, most frequently a result of proprietary solutions by the developers.

The thesis analyzes and evaluates various authentication and authorization techniques with a high level of security for smart cards and smartphones, within the scope of Physical Access Control Systems. This includes an analysis of standards and protocols such as PIV, PLAID, FICAM and FIPS 201 with respect to their cryptographic properties, workflows and user management. The thesis also includes prototyping of such functionality on an embedded system in combination with a smartphone. (Less)
Please use this url to cite or link to this publication:
author
Kapusta, Michael and Lindstrom, Nicklas
supervisor
organization
year
type
H3 - Professional qualifications (4 Years - )
subject
publication/series
MSc Theses
report number
TFRT-6003
language
English
id
8820688
date added to LUP
2016-03-06 16:14:37
date last changed
2016-03-21 14:09:41
@misc{8820688,
  abstract     = {Developing security regardless of its format is a constant cat and mouse game were adversaries are either in the midst of trying to crack your solution, or they may have already cracked it. A cryptographic algorithm may be unfeasible to crack from a mathematical perspective but as long as a human being is the one developing the solution, a human error is always possible. 

 A large quantity of the current security solutions on the Physical Access Control Systems market are, as will be shown in this thesis, riddled with human errors. Security systems that are portrayed by their developers as secure even though they are not, give the users a false sense of security. The insecure Physical Access Control Systems are, as will be shown in this thesis, most frequently a result of proprietary solutions by the developers.
 
 The thesis analyzes and evaluates various authentication and authorization techniques with a high level of security for smart cards and smartphones, within the scope of Physical Access Control Systems. This includes an analysis of standards and protocols such as PIV, PLAID, FICAM and FIPS 201 with respect to their cryptographic properties, workflows and user management. The thesis also includes prototyping of such functionality on an embedded system in combination with a smartphone.},
  author       = {Kapusta, Michael and Lindstrom, Nicklas},
  language     = {eng},
  note         = {Student Paper},
  series       = {MSc Theses},
  title        = {Access Control With High Security Credentials},
  year         = {2016},
}