SECURITY AND COMMUNICATION NETWORKS

Security Comm. Networks 2015; 8:3826–3835

Published online 14 July 2015 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1303

RESEARCH ARTICLE

Risk adaptive hybrid RFID access control system

Malek Al-Zewairi¹, Jarsquo;far Alqatawna²* and Jalal Atoum¹

1

King Hussein Faculty for Computing Sciences, Princess Sumaya University for Technology, Amman 11941, Jordan

2

King Abdulla II School for Information Technology, The University of Jordan, Amman 11942, Jordan

ABSTRACT

Dynamic environments pose a challenge for traditional access control models where permissions are granted or revoked merely based on predefined and static access policies making them incapable of dynamically adapting to changing conditions. Risk adaptive access control models have been gaining more attention in the research community as an alternative approach to overcome the limitations of traditional access control models. Radio Frequency Identification (RFID) is an emerging technology widely utilized in both physical and logical access control systems because of its contactless nature, low cost, high read/write speed and long distance operation. Serverless RFID system architecture offers better availability assurance and lower implementation cost, while access rights management is easier in server-based architecture. In this study, we continue to build on our previous research on the privacy and security of RFID access control systems without a backend database in order to overcome its limitations. We propose a hybrid design for a risk adaptive RFID access control system; that is, dynamically alternating between two access control modes, online (server-based) and offline (serverless), to adapt to the level of risk depending on rule-based risk scenarios and current risk value. The proposed design combines features of both serverless and risk adaptive access control systems. Copyright copy; 2015 John Wiley amp; Sons, Ltd.

KEYWORDS

risk adaptive; access control; RFID; security

*Correspondence

Jarsquo;far Alqatawna, King Abdullah II School for Information Technology, The University of Jordan, Amman 11942, Jordan.

E-mail: J.Alqatawna@ju.edu.jo

1. INTRODUCTION

Access control systems often represent the first line of defense and the bottleneck in the overall security of the entire system. Mainly, they protect the access points of the system and their availability reflect on the availability of the whole system. Most of the traditional access control models, i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), focus on how to define the rights of users in a precise way to prevent any violation of the access control policy of an organization [1]. With DAC, each object has an owner who is responsible for granting and revoking permissions to that object. File system permissions on Unix, Unix-like and Windows operating systems are a great example of DAC systems. On the other hand, each object in MAC systems is assigned a security label that reflects its classification level, while each subject has a security clearance that indicates its authorization level.

In RBAC systems, only permissions that are needed to perform the job functions are granted the subject [2].

Nonetheless, traditional access control models are incapable of dynamically adapting to changing conditions, because access is granted or revoked based on predefined static rules, which may introduce various risk scenarios [3,4]. For example, temporary access to patient medical records might need to be granted to a non-treating doctor in case he/she was suddenly unavailable, or that an organization needs to restrict access permissions during disturbance events, which is not applicable with traditional access control models. Therefore, they are not suitable for dynamic environments where access rights need to be elevated or reduced based on multiple factors whether they are temporal, environmental, situational, operational or risk-based factors [5,6]. The limitations of traditional access control models render them unsuitable for dynamic environments where access permissions need to be adjusted based on multiple factors [3–8].

The concept of risk adaptive access control is an emerging topic in current studies that aims to adjust the access control decision dynamically by balancing between the risk of granting or denying access to resources and its overall benefits. It was addressed in the security of critical systems such as the US Department of Defense Global Information Grid (GIG), yet it has great potentials in commercial and healthcare applications as well [9].

Incorporating risk adaptive techniques in access control models represents an alternative approach to overcome the limitations of traditional access control models by incorporating risk assessment in the access control decision-making process. When an access request is received, in addition to the traditional access control policies, the system calculates the risk of either granting or denying this request and uses it accordingly to issue a verdict [8]. This leveraging of security risk in access control allows the system to cope with emergent events and adapt to current situation, which at the end translates to better accommodation for the operational needs [7].

Radio Frequency Identification (RFID) is a contactless wireless communication technology consisting, in its basic forms, of tag and reader. It has been integrated in several applications such as human identification, shipments tracking, e-money transactions, public transportation ticketing and gaming, and it is widely used in access control systems to secure both physical and logical access [10–13].

R

剩余内容已隐藏，支付完成后下载完整资料

风险自适应混合RFID门禁系统

概要

动态环境对传统访问控制模型提出了挑战，其中仅基于预定义和静态访问策略授予或撤销权限，使得它们无法动态地适应变化的条件。风险自适应访问控制模型作为克服传统访问控制模型局限性的替代方法，在研究界越来越受到关注。射频识别（RFID）是一种在物理和逻辑门禁系统中广泛使用的新兴技术，因为它具有非接触性，低成本，高读/写速度和长距离操作。无服务器RFID系统架构提供更好的可用性保证和更低的实施成本，而基于服务器的架构中访问权限管理更容易。在这个研究中，我们继续在之前的研究中建立RFID访问控制系统的隐私和安全性，而不需要后端数据库来克服其局限性。我们提出了一种用于风险自适应RFID门禁系统的混合设计; 也就是说，在两种访问控制模式之间动态交替，在线（基于服务器）和离线（无服务器），以根据基于规则的风险情景和当前风险值来适应风险级别。所提出的设计结合了无服务器和风险自适应访问控制系统的特征。版权所有copy;2015 John Wiley＆Sons，Ltd。在两种访问控制模式之间动态交替，在线（基于服务器）和离线（无服务器），以根据基于规则的风险情景和当前风险值来适应风险级别。所提出的设计结合了无服务器和风险自适应访问控制系统的特征。版权所有copy;2015 John Wiley＆Sons，Ltd。在两种访问控制模式之间动态交替，在线（基于服务器）和离线（无服务器），以根据基于规则的风险情景和当前风险值来适应风险级别。所提出的设计结合了无服务器和风险自适应访问控制系统的特征。

1简介

访问控制系统通常代表第一道防线和整个系统整体安全性的瓶颈。主要是，它们保护系统的接入点，它们的可用性反映了整个系统的可用性。大多数传统的访问控制模型，即自主访问控制（DAC），强制访问控制（MAC）和基于角色的访问控制（RBAC），都侧重于如何以精确的方式定义用户的权利，以防止任何违反组织的访问控制策略1。使用DAC，每个对象都有一个所有者，负责授予和撤消该对象的权限。Unix，类Unix和Windows操作系统上的文件系统权限是DAC系统的一个很好的例子。另一方面，MAC系统中的每个对象被分配一个反映其分类级别的安全标签，而每个主体具有指示其授权级别的安全许可。在RBAC系统中，只有执行作业功能所需的权限才被授予主题2。

尽管如此，传统的访问控制模型不能够动态地适应不断变化的条件下，由于访问被授予或基于预定义的静态规则撤销，其可引入各种风险情况3，4。例如，可能需要临时访问患者医疗记录，以防他/她突然不能使用，或者组织需要在干扰事件期间限制访问权限，这不适用于传统的访问控制楷模。因此，它们不适用于需要根据多种因素提升或降低访问权限的动态环境，无论这些因素是时间因素，环境因素，情境因素，操作因素还是基于风险因素5，6。传统的访问控制模型的局限性使得它们不适合在那里访问权限需要根据多种因素来调整动态环境 3 - 8。

风险自适应访问控制的概念是当前研究中的一个新兴主题，旨在通过平衡授予或拒绝访问资源的风险及其总体收益来动态调整访问控制决策。它在诸如美国国防部全球信息网格（GIG）等关键系统的安全性中得到了解决，但它在商业和医疗保健应用方面也具有巨大的潜力9。

将风险自适应技术纳入访问控制模型是通过将风险评估结合到访问控制决策过程中来克服传统访问控制模型的局限性的替代方法。当收到访问请求时，除了传统的访问控制策略之外，系统还会计算授予或拒绝此请求的风险，并相应地使用它来发布判决8。这种对访问控制中安全风险的利用使系统能够应对紧急事件并适应当前情况，最终转化为更好地适应运营需求7。

射频识别（RFID）是一种非接触式无线通信技术，其基本形式包括标签和阅读器。它已经集成在多种应用如人识别，跟踪的出货量，电子货币交易，公共交通售票和游戏，它被广泛应用于门禁系统，以确保这两个物理和逻辑访问10 - 13。

RFID系统架构的复杂程度因应用类型，安全要求和工作环境而异。因此，每个RFID系统在其组件和子系统中可以是唯一不同的。美国国家标准与技术研究院（NIST）发布了用于保护RFID系统的指南，该RFID系统识别三个子系统，即射频（RF），企业和企业间子系统14。

通常在访问控制系统中，当使用RFID时，需要后端数据库系统来存储访问控制信息。在这种情况下，系统的可用性将与包含后端数据库和访问控制决策机制15的企业子系统的可用性相关联。

其它系统利用省略了企业子系统提供访问控制和依靠RF子系统，从而作用，提供更好的可用性保证无服务器的方法16 - 23。

在本研究中，我们的目标是提出一种新的风险自适应混合RFID门禁控制系统，以克服我们以前的工作中发现的局限16。通过在两种访问控制模式之间动态交替，所提出的设计结合了无服务器和风险自适应访问控制系统的优点：在线（基于服务器）和离线（无服务器）以适应风险等级; 因此，名称“混合”。

本文的其余部分结构如下。在第2节中，我们研究了无服务器RFID和风险自适应访问控制的最新研究。在第3节中，我们简要概述了我们之前关于没有后端数据库的RFID访问控制系统的研究的优势和局限性。在第4节中，提出了拟议的设计，然后在第5节进行评估和讨论。结论，限制和未来工作见第6节。

2.文献综述

2.1无服务器RFID系统

Tan等人。引入的第一无服务器RFID认证协议，而不依赖后端数据库服务器上的认证在17，因此，名称为“无服务器”。他们的协议使用质询和响应在询问器（阅读器）和应答器（标签）之间提供无服务器相互认证（读取器到标签和标签到阅读器）。尽管如此，该协议的可扩展性较差，并且标签信息在认证15之后容易受到窃听攻击。此外，提供相互认证的声明已经减少了