Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Similar documents
Strategies for the Implementation of PIV I Secure Identity Credentials

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

Strategies for the Implementation of PIV I Secure Identity Credentials

Single Secure Credential to Access Facilities and IT Resources

Biometric Use Case Models for Personal Identity Verification

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop. Scalability: Dimensions for PACS System Growth

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Managing PIV Life-cycle & Converging Physical & Logical Access Control

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Interagency Advisory Board Meeting Agenda, February 2, 2009

Using the Prototype TWIC for Access A System Integrator Perspective

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

State of the Industry and Councils Reports. Access Control Council

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

g6 Authentication Platform

FiXs - Federated and Secure Identity Management in Operation

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

Helping Meet the OMB Directive

Cryptologic and Cyber Systems Division

Identiv FICAM Readers

Physical Access Control Systems and FIPS 201

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility

000027

Standard CIP Cyber Security Physical Security

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

Credentialing Project Technical Architecture

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Secure Web Fingerprint Transaction (SWFT) Access, Registration, and Testing Procedures

IMPLEMENTING AN HSPD-12 SOLUTION

Standard CIP-006-4c Cyber Security Physical Security

Standard CIP-006-3c Cyber Security Physical Security

TWIC Transportation Worker Identification Credential. Overview

Interagency Advisory Board Meeting Agenda, Wednesday, April 24, 2013

Pro s and con s Why pins # s, passwords, smart cards and tokens fail

Is Your Information Safe? Presented by: Jake Gibson IT Director, Eurofins

FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Identity & Access Management

No More Excuses: Feds Need to Lead with Strong Authentication!

Secure Lightweight Activation and Lifecycle Management

Version 3.4 December 01,

TWIC / CAC Wiegand 58 bit format

TIME SYSTEM SECURITY AWARENESS HANDOUT

CREDENTSYS CARD FAMILY

TWIC Readers What to Expect

TWIC Implementation Challenges and Successes at the Port of LA. July 20, 2011

Session objectives. Identification and Authentication. A familiar scenario. Identification and Authentication

1. Federation Participant Information DRAFT

HITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013

Centeris Data Centers - Security Procedure. Revision Date: 2/28/2018 Effective Date: 2/28/2018. Site Information

Leveraging the LincPass in USDA

Changes to SP (SP ) Ketan Mehta NIST PIV Team NIST ITL Computer Security Division

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

Revision 2 of FIPS 201 and its Associated Special Publications

Interagency Advisory Board Meeting Agenda, February 2, 2009

Mobile: Purely a Powerful Platform; Or Panacea?

INNOMETRIKS INC. Rhino Quick Start Guide

Computerized Central Records System

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

Federated Access. Identity & Privacy Protection

Physical Access Control Systems and FIPS 201 Physical Access Council Smart Card Alliance December 2005

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

CIP Compliance Workshop Boise, ID March 29, 2018

Certification Authority

Reliability Standard Audit Worksheet 1

Select Agents and Toxins Security Plan Template

Interagency Advisory Board Meeting Agenda, March 5, 2009

Practical SCADA Cyber Security Lifecycle Steps

AWARD TOP PERFORMER. Minex III FpVTE PFT II FRVT PRODUCT SHEET. Match on Card. Secure fingerprint verification directly on the card

National Transportation Worker ID Card (TWIC) Credentialing Direct Action Group Functional Requirements DRAFT

Keep the Door Open for Users and Closed to Hackers

Paul A. Karger

FRAMEWORK FOR CERTIFICATION OF BIOMETRIC FINGERPRINT SCANNERS. (PUBLIC)

FINGER VEIN SERVER FOR RETAIL BANKS

Intelligent Access Terminal

Enrollment Instructions for Member-Applicant

The ID Concierge. Identity Credentials. Solutions GUIDE. Identity as a Service Suite (IDaaSS) great looking secure ID credentials delivered

The Open Protocol for Access Control Identification and Ticketing with PrivacY

Standard CIP 004 3a Cyber Security Personnel and Training

EDUCATOR. Certified. to know to become a. What you need. in Florida. General Certification. Requirements for. Individuals Applying

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Security Standards for Electric Market Participants

DigitalPersona Altus. Solution Guide

Are You Avoiding These Top 10 File Transfer Risks?

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Canadian Access Federation: Trust Assertion Document (TAD)

Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery

Interagency Advisory Board (IAB) Meeting. August 09, 2005

Canadian Access Federation: Trust Assertion Document (TAD)

5. Execute the attack and obtain unauthorized access to the system.

Secure Web Fingerprint Transaction (SWFT) Frequently Asked Questions

PKI is Alive and Well: The Symantec Managed PKI Service

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Transcription:

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop Total Operational Security Roger Roehr Executive Director, Roehr Consulting 8 th Annual Smart Cards in Government Conference Washington Dc Convention Center October 27 30, 2009

9/11 Commission As we detail in our report, this was a failure of policy, management, capability, and above all a failure of imagination. Public Statement Release of 9/11 Commission Report The Hon. Thomas H. Kean and the Hon. Lee H. Hamilton July 22, 2004

The Long War War Defined War is thus a process of continuous mutual adaptation, of give and take, move and countermove Al Gray, Warfighting Time Seven years between the first and second attacks on the World Trade Center Most change is evolutionary not revolutionary Remember this is a constant struggle with a passionate enemy!

Think Like The Wolf Do not under estimate the enemy! The enemy path of least resistance may not be yours Layer of security are key Exception may very well be the easy route Read the hacker blogs Red Team your own system Also use staff outside security department

Education is the Key Most of the attacks are going involve some amount of social engineering Privilege Granting System designers need to remember that cylinder of excellence lead to people filling the gaps. PACS

Education is the Key continued Security personnel need to understand how security solutions work Digital signature can not verified in the printed format. Design system with the security built in

Two Over Often Overlooked Vulnerabilities Door hard ware Does the hardware match the door security? PACS back end process Does the privileging process follow the guidelines for enrollment? How system changes and acknowledgements are verified User Name & Password PKI digital signature

Door Hardware Out reader? Door Contact Fail Safe Lockset REX Location Hinges Fail Secure Lockset Anti tailgate & Piggybacking

Back End Security Authoritative Database, Sponsor and Adjudicators. System administrators Credential Production Cross Certifiers Privilege Granting Alarm Acknowledgement Credential privileging Area Access Parking Transport Reimbursement

Integration Road Map For Privileges Access Control Building and Door Access, Parking Lots and Spot, Logical SP800-116 Authorization Sponsor, Background Check, Security Clearance Accounts Physical Access, Logical Access, Visitor Escort, Parking, Authorizing Agent Credentials PIV, Building pass, Visitor pass Social Security, Birth Certificate, Driver Licenses Vehicle Hang Tags Identity Name, DOB, Place of Birth, Mother & Father Name, Biometrics SP800-73,-78,-79,-87,-103, HSPD-12, FIPS-201 SP800-76 SP800-73,-78,-79,-87,- 103 Audit & Investigations 1 0

Define Your Process Visitor is sponsored PIV card holder? No Collect Biometric & Breeder Document Yes Privilege for Escorted Access Does Credential Holder know the PIN? Yes No Collect Biometric & Verify Certificate Enter PIN Verify Biometric & Verify Certificate Privilege for Unescorted Access

Privilege Management System Architecture Authoritative Data Sources Privilege Provisioning Data Collection and Adjudication PIV information Collection Sponsorship Visitor information Biometrics capture Provisioned Systems Law Enforcement Databases Terrorist Watch Lists Biometric database FBI IAFIS PKI Breeder Document Authentication Privilege Provisioning Database Server Privilege person database Blacklist Process Systems 1:N Biometric Search Card Issuance PKI verification Sponsor verification Physical Access Control System(s) Logical Access Control Systems 1 2

Privileging Architecture PACS Privilege Database PIV Data capture Kiosks Visitor Management Workstation Business Process Server Mobil Data Terminal Sponsor pick up Kiosks Visitor Kiosks E-mail sever Internet PKI responder All connections are TCP/IP Ethernet 1 3

PACS Administration Secure access to PACS application PKI Log On PKI log to application directly PKI log on to OS Every user requires Domain account Single Sign On PKI on to the OS and Password on application

PACS Administration continued Events Require digital signature of events Middle ware will be required for most Operating Systems Storing events will events will take more space Signing Acknowledgment Acknowledgment + Log entry Acknowledgment + Log entry + fingerprint match score

Books www.dtic.mil/doctrine/jel/service_pubs/mcdp1.pdf

Book Continued

Final Thought Don t Ever Give Up!

Speaker Contact Information Roger Roehr Roehr Consulting roger.roehr@gmail.com Phone: (703) 407-8249

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback