Do you notice the turnstile at subway or the biometric security access, say requiring fingerprint, at office buildings, RFID and NFC identity card-based access at libraries, hotels and gyms, etc.? ‘Access Denied’ is another thing that you might have come across. All of these are a fine example of technology based access control systems that are set up to streamline access. Access control systems play a crucial role in ensuring the security and integrity of information and physical assets everywhere. These systems are designed to restrict unauthorized access to sensitive areas, data, or resources.
Access control for ticketing purposes is another great use of modern-age technologies for not only streamlining business but also for security and event management. The recently concluded G20 event held in India had an access control system based on RFID technology where visitors were issued RFID-card-IDs in order to take part in various meetings and talks.
Over time, access control systems have evolved, incorporating various technologies and methodologies to meet the growing demands of security. I mean we really have come very far from using bouncers, a security guard, to deter people from entering a place that they are not supposed to be at.
What is an Access Control System?
Access control system refers to a technological solution of managing who enters and leaves a facility, what resources one can access, information on can view or share, etc. based on some pre-fixed criteria, already saved in a computer software system.
Consider the turnstiles at subway, for example. It works on tickets or passes. You purchase a valid ticket and put it on the receiver section at the turnstile and it authenticates your ticket and allows you to pass.
The Metro card we use here in Delhi Metro, checks for two things, does the card belong to DMRC (Delhi Metro Rail Corporation) and does it have enough money for a ticket.
Modern access control systems use several layers of authentication and allow for several types of access protocols including mandatory access control (MAC), role-based access control (RBAC), discretionary access control (DAC), rule-based access control (RBAC), etc.
Let’s delve into the different types of access control systems and various modern IoT technologies such as BLE, RFID, NFC, and Biometrics that are being used to streamline access control.
1. Mandatory Access Control (MAC)
Mandatory Access Control is based on a hierarchical structure where access is determined by the system administrator, not the user. The system assigns labels to resources and clearance to users, based on the sensitivity of the information with the resources and user’s security clearance level, and only grants access if the user's security clearance level matches the resource's label. Each variable security clearance level assigned to each user categorically mentions their access to resources and the system restricts their access accordingly.
This rigid system ensures that access decisions are strictly enforced based on predefined rules and policies and that is why Mandatory Access Control, as a security model, is widely used in government and military settings. What happens is that only the administrators have the ability to classify resources and information contained in these resources as restricted, classified or top secret. Users can not alter their security clearance or the sensitive nature of the resources and information for access as the access control system strictly enforces the admin directives.
2. Role-Based Access Control (RBAC)
Role-Based Access Control is a widely adopted access control model used in organizations of all sizes. It assigns permissions to users based on their roles and responsibilities within the organization.
The network access to users is defined and assigned as per authority and responsibility of the staff within an organization. The system defines various roles and associates them with specific privileges and access rights in order to maintain the security.
RBAC is most suitable for organizations that have a defined user centric structure and allow access to information as well as specific areas to user based upon their assigned duties and their position in the company. It also manages specific permissions of read, write, delete and execute for each users. RBAC simplifies administration by reducing the complexity of managing access permissions for individual users.
Prominent companies that use Role based access control include Google, Apple, Amazon, Walmart, large banking institutions, etc.
3. Discretionary Access Control (DAC)
Discretionary Access Control is a flexible access control model that allows users to control access to their own resources. In DAC systems, users have the authority to grant or deny access to their files or resources at their discretion.
DAC model is commonly used in personal computer systems or small-scale environments where centralized control is not necessary.
DAC system features access control lists (ACLs) (think of your Facebook Friends list) and user identities and allows users to grant same access to resources to other specific groups or users, unlike MAC, where access is based on clearance levels.
Popular use cases of DAC include Social Media and smartphone designs where permission is first sought for specific functions.
In physical world, DAC applies to access to specific locations and areas within an organization where the user can provide the same access to others as well.
4. Rule-Based Access Control (RBAC)
Rule-Based Access Control is a dynamic access control model that determines access based on predefined rules or conditions. Access decisions are made by evaluating the characteristics of both the user and the requested resource against a set of specified rules.
Rule based access control system doesn’t consider an individual’s role within an organization but whether or not the user fit the criteria. This approach enables highly granular access control, allowing organizations to implement complex policies and adapt to changing security requirements.
IoT Technologies for Physical Access Control Systems
With the advent of the Internet of Things (IoT), access control systems have further advanced to incorporate cutting-edge technologies. These technologies include:
1. Bluetooth Low Energy (BLE)
BLE technology is used to establish secure wireless communication between devices. It is commonly employed in access control systems to enable proximity-based authentication and authorization.
2. Radio Frequency Identification (RFID)
RFID utilizes radio waves to identify and track objects through small electronic tags. In access control systems, RFID tags can be embedded in identification cards or badges, allowing for convenient and efficient access management.
3. Near Field Communication (NFC)
NFC is a technology that enables secure communication between devices in close proximity. It is extensively used in access control systems, allowing users to authenticate themselves by simply tapping their NFC-enabled devices or cards on readers.
Biometric access control systems employ unique physical or behavioral characteristics, such as fingerprints, iris patterns, or facial recognition, to verify the identity of individuals. Biometric technology offers high accuracy and reliability, making it increasingly popular in both physical and logical access control scenarios.
To conclude, Access control systems are an integral part of safeguarding sensitive information and resources. From traditional models such as mandatory access control, role-based access control, discretionary access control, and rule-based access control to the modern IoT technologies like BLE, RFID, NFC, and biometrics, organizations now have a wide range of options to choose from.