Examining the Cyber Security of a Real World Access Control Implementation

Julian Jørgensen Teule, Marius Frilund Hensel, Victor Büttner, Jonathan Velgaard Sørensen, Magnus Melgaard, Rasmus Løvenstein Olsen

Publikation: Bidrag til bog/antologi/rapport/konference proceedingKonferenceartikel i proceedingForskningpeer review

Abstrakt

As smart cards have become increasingly prevalent in electronic access control systems, this paper investigates an implementation at a national institution, which uses a smart card with publicly known weaknesses. The main outcome is a set of recommendations which can be used for securing electronic access control systems against the discovered flaws of this work: The implementation did not
follow guidelines from the manufacturer of the cards, the content of the restricted sector was printed onto each card, and in-house services with inherent security flaws were built around the cards, but not maintained. These flaws meant that the civil registration number of any employee at the institution could be revealed. Additionally, the flaws allowed for changing the PIN code of any card in the system.
OriginalsprogEngelsk
Titel2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
Antal sider3
ForlagIEEE
Publikationsdato14 jul. 2020
Artikelnummer9139617
ISBN (Trykt)978-1-7281-6691-9
ISBN (Elektronisk)978-1-7281-6690-2
DOI
StatusUdgivet - 14 jul. 2020
Begivenhed2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) - Dublin, Irland
Varighed: 15 jun. 202019 jun. 2020

Konference

Konference2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
LandIrland
ByDublin
Periode15/06/202019/06/2020

Citationsformater

Teule, J. J., Frilund Hensel, M., Büttner, V., Velgaard Sørensen, J., Melgaard, M., & Olsen, R. L. (2020). Examining the Cyber Security of a Real World Access Control Implementation. I 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) [9139617] IEEE. https://doi.org/10.1109/CyberSA49311.2020.9139617