In the past several years as IT professionals have become increasingly active in discussions about physical access control systems there has been a continual call for convergence, convergence and more convergence. Yet, physical access control systems that are joined with logical access control systems are hard to find. The reason may be found in the cards. Could it be that security managers and IT managers have different requirements for what makes an access control card secure?
If the card reader can read a card and extract a unique number from it, then that’s all that is needed in most physical access control security applications. The proximity (or similar) card sends a signal to the reader that says, “I’m 10101,” and the reader verifies whether or not 10101 is a number that will direct it to open the lock on the door. The theory is that this is the only 10101 in existence, it has not been duplicated and that the person carrying 10101 is authorized to do so. For most physical access control applications, this suffices.
Most card readers used in physical access control cannot do much more than perform this simple interrogation of the card with a number stored in it. As one surveys such readers from an IT manager’s viewpoint, it becomes clear that their use in a secured, converged system is limited. IT managers, who constantly worry about hackers and other intruders into their data systems, cannot and will not approve such an easy way to get onto their systems.
Does this incongruence in credential security make convergence less likely? Let’s take a close look at how biometrics can facilitate integrating access control into identity management systems for goals beyond the simple process of opening a door or allowing someone to use a computer.
What Does the IT Manager Want?
IT professionals want strong authentication credentials — the level of security provided by smart cards. Contrary to proximity cards and accompanying readers, smart cards go through a challenge and response sequence to initiate conversations with the network. Card signatures are checked to make sure the card is indeed authentic and exhibits no tampering. Communications are encrypted using industry standard encryption techniques.
With the price of smart credentials now comparable to that of proximity cards, there seems to be no reason not to deploy smart credentials immediately, even if the only application is physical access control. A smart credential provides a much higher level of security than today’s most popular card credential, the proximity card.
Contrary to door keys, magnetic stripe cards or proximity cards, smart credentials have inherent security that makes them more difficult to duplicate. Mutual authentication ensures that the reader and the card are allowed to talk with each other before any information is exchanged. AES 128-bit key encryption helps protect sensitive information. Diversified keys virtually ensure no one can read or access the holder’s credential information without authorization. These security features ensure complete and unmodified transfer of information, helping to protect data integrity and prevent outside attacks.
In this way, IT managers are able to see a digital signature — a mathematical scheme for demonstrating the authenticity of a digital message or document. The benefits are numerous. First of all, a valid digital signature gives a card reader — and the access control application — reason to believe that the message was initiated by a known sender and that it was not altered in transit.
Secondly, digital signatures can be used to authenticate the source of messages. Although messages may often include information about the entity sending the message, that information may not be accurate. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user.
Thirdly, in many scenarios, both the sender and receiver of a message need confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. If a message is digitally signed, any change in the message after signature will invalidate the signature.
The bottom line is that IT systems depend on keeping the private key secret. In most cases, though, the key is stored on the network and protected by a local PIN. Here, the IT manager sees two immediate problems: a PIN can be stolen and the security of the private key depends entirely on the security of the network, the very entity the IT manager wants to protect.