9. Entry Control - Sandia National Laboratories · 9 - Entry Control The Twenty-Seventh International Training Course Page 1 9. Entry Control April 29 –May 18, 2018 Albuquerque,

9 - Entry Control

The Twenty-Seventh International Training CoursePage 1

9. Entry Contro lApril 29 – May 18, 2018

Albuquerque, New Mexico, USA

Sandia National Laboratories is a multimission laboratory managed and operated by National Technology and Engineering Solutions of Sandia LLC, a wholly owned subsidiary of Honeywell International Inc. for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-NA0003525.

SAND2015-1984 TR

Entry Control

Learn ing Object ives

After completing this module, you should be able to:• Recognize the purposes of entry control• Identify key terms associated with entry control• Identify three principal characteristics of personnel entry

control• Describe types of credentials used for entry control• Discuss the most common types and uses of biometrics• Recognize the features of an effective entry control

system

2

9 - Entry Control

The Twenty-Seventh International Training CoursePage 2

Entry Control

IAEA Nuclear Secur i ty Ser ies 13 (NSS-13)

• 4.17 Technical means and procedures for access control, such as keys and computerized access lists, should be protected against compromise

• 4.26 Effective access control measures should be taken to ensure the detection and prevention of unauthorized access

• 4.27 The identity of authorized persons entering the protected area should be verified. Passes or badges should be issued and visibly displayed inside the protected area

3

Entry Control

Purposes of Entry Contro l

• A perimeter security system is designed to provide a boundary around each protection area to prevent or detect unauthorized penetrations

• Entry control is designed to allow authorized persons and materials to move in and out through that boundary in a balanced secure way

• The system must: Allow entry of authorized persons Prevent entry of unauthorized persons Allow exit of authorized persons

4

9 - Entry Control

The Twenty-Seventh International Training CoursePage 3

Entry Control

Def in i t ions for Entry Contro l

Access Authorization: An administrative determination that an individual is eligible for access to enter a secure area or to access a secure cyber space. For instance, he/she is eligible to enter an area where nuclear materials are stored or where classified material is storedBadge: Credential an individual is provided once access authorization is determinedVerification: Determination of access authorization at the entry control point• Accepts authorized persons• Rejects unauthorized persons

5

Entry Control

Character is t ics of Personnel Entry Contro l

• Something you know Personal Identification Number (PIN) Password

• Something you have Key Credential

• Something you are Biometric feature (e.g., fingerprints)

6

9 - Entry Control

The Twenty-Seventh International Training CoursePage 4

Entry Control

Types of Personnel Entry Contro l

7

Personnel Authorization Verification

Manual(Protective Force Guards)

Have -Credential

(Photo)

Automated(Machines)

Have -Credential(Coded) Know -

MemorizedNumber

(PIN)

Are -Personal

Characteristics(Biometric)

ExchangeCredential

Entry Control

Combinat ion of Cr i ter ia

• Combining two or all three factors greatly increases security

8

Badge swipe and PIN

Hand-geometry Biometrics

9 - Entry Control

The Twenty-Seventh International Training CoursePage 5

Entry Control

Leve ls of Entry Contro l Level Verification Examples

1 One type Credential    OR PIN OR Biometric

2 Two Types Credential   AND PIN  

OR 

Credential   AND Biometric

OR 

Biometric    AND PIN  

3 Three Types Credential   AND PIN  AND Biometric

9

Entry Control

Personal Ident i f icat ion Numbers (PINs)

• Easy to use if not more than 6 digits• Disadvantages

Employee may forget the number Employee may write it down Adversary may obtain it or guess it

• Best used with other types of verification

10

2938

9 - Entry Control

The Twenty-Seventh International Training CoursePage 6

Entry Control

Types of Credent ia ls

• Verified by protective force guards Take-home photo credential

• Photo compared to individual• Photo compared to photo in database

Exchanged photo credential• Verified by machine

Coded credential Best used with other types of verification

11

Entry Control

Badge Exchange System

• The badge exchange system relies on two credentials• One credential is take-home while the other stays within

the secure area• These credentials must look different

12

Take-Home Exchange

9 - Entry Control

The Twenty-Seventh International Training CoursePage 7

Entry Control

Personnel Credent ia ls

• Coded Credentials Bar Code Magnetic Stripe Proximity “Smart”

13

Disadvantages

• Identifies badge not person

• Requires maintenance• May be defeated by 

counterfeit badge

Advantages

• Controls access by area and time

• Logs each access or exit• Has low false rejection 

rate• Performs consistently

Entry Control

Character is t ics of Bar Code

• Image of varying width lines (bars) and spaces Linear barcode or one-dimensional (1D) Two-dimensional (2D) barcode

• Commonly used• Easy to make• Disadvantage

Susceptible to reproduction

14

1D Bar Code 2D Bar Code

9 - Entry Control

The Twenty-Seventh International Training CoursePage 8

Entry Control

Character is t ics of Magnet ic Str ipe Badges

• Polarized magnetic particles, similar to cassette tape• Widespread use, as on credit cards • Easy to use• Easy to make• Disadvantage

Erased by common magnet

15

Entry Control

Character ist ics of Proximity Badges• Radio Frequency identification card

Induction powered Coded RF transmitter

• Widespread use• Easy to use

Hands free operation Compatible with protective clothing

• Purchased, not made at site Options for programming

• Pre-programmed• Programmed at site

• Disadvantage Multiple badges in range of reader

16

9 - Entry Control

The Twenty-Seventh International Training CoursePage 9

Entry Control

Character ist ics of Smart Cards

• Credit-card-sized device with microcomputer Allows storage of identification information, including

• PIN / password• Biometric template

Some capable of encrypting data Contact or contactless May include magnetic stripe

and/or barcode• Increasing use• Usually not made onsite

17

Sir Isaac Newton

Expiration Date 11/12/1700

Common Biometr ic Entry Contro l Types

• Types Fingerprint Identity Hand Geometry Iris Identity Voice Recognition Facial Identity Finger Vein Identity

Entry Control

9 - Entry Control

The Twenty-Seventh International Training CoursePage 10

Entry Control

F ingerpr int Ident i ty Ver i f icat ion

• Captures the ridges and valleys of the fingerprint

Video Capture

Ultrasonic Capture

Solid State Capture

19

Entry Control

Hand Geometry Ident i ty Ver i f icat ion• Uses CCD camera to image hand using near infrared 

illumination

20

Picture courtesy of Biomet PartnersPicture courtesy of Ingersoll Rand Security Technologies

9 - Entry Control

The Twenty-Seventh International Training CoursePage 11

Entry Control

I r i s Ident i ty Ver i f icat ion or Recognit ion

• Video camera captures image of the iris• Iris structure is highly unique to an individual

21

Entry Control

Vo ice Recogni t ion Ident i ty Ver i f icat ion

• Uses microphone to collect a spoken phrase

22

9 - Entry Control

The Twenty-Seventh International Training CoursePage 12

Entry Control

Fac ia l Ident i ty Ver i f icat ion

• Uses cameras to capture facial features • Special cameras

23

Thermogram Two Dimensional

Two Dimensional with Parallax Three Dimensional

Entry Control

F inger Vein Ident i ty Ver i f icat ion

• Images the vein pattern on finger, palm, or the back of the hand

24

Picture courtesy of Hitachi Finger Vein Products

9 - Entry Control

The Twenty-Seventh International Training CoursePage 13

Entry Control

Factors Impact ing Biometr ic CaptureEnvironmental Factors Personnel Characteristic

Lighting—Both artificial and natural Fingerprint: Cold, dry, oily, cuts

Dust and debris Face: Hair, glasses, light, clothing, camera, presentation

Background noise Hand: Jewelry, bandages, weight change

Electromagnetic noise Eye: Glasses, head movement, 

Voice: Speaker volume, illness

25

Entry Control

Features of B iometr ic Systems

• Ease of Integration A factor of how many different systems support a specific

technology and if the biometric has an flexible system interface• Verification times

2 to 20 seconds• Enrollment

1% to 3% of population is incompatible 30 seconds to 10 minutes required to enroll

• Cost $1,000 to $5,000 per terminal

26

9 - Entry Control

The Twenty-Seventh International Training CoursePage 14

Entry Control

Features of Effect ive Entry Contro l System

• Integration with boundary Cannot be bypassed Block individuals until access authorization verified Interfaces with the alarm system

• Integration with the guards/response force Protects guard Area is under surveillance

• Personnel integrate with system Easy to use for entry and exit Accommodates peak throughput (loads) Accommodates special cases

27

Entry Control

Appl icat ion of Effect ive Des ign Cr i ter ia

28

Secondary Inspection

Area

Hardened Guard Booth

Metal Detectors

Turnstiles with card readers and PIN pads

CCTV Camera

9 - Entry Control

The Twenty-Seventh International Training CoursePage 15

Entry Control

Key Takeaways

• Purpose of entry control is to allow authorized persons to move in and out through a protected area boundary

• Entry control verification techniques depend on verifying what you: Know, Have, and Are Combining two or all three factors greatly increases security

• An effective entry control system integrates Protected area boundary (e.g., cannot bypass) Guard force (e.g., protects and allows surveillance) Personnel (e.g., easy to use and accommodates throughput)

29