An Integrated Room Booking and Access Control System for Public Spaces

Kamil, Jaffar, Amer, Mohamed

January 2023

Public spaces, especially educational institutions like universities, encounter challenges with their room booking and access control systems. These challenges commonly manifest as overlapping bookings and unauthorized entry. The latter issue, unauthorized access, specifically stems from inadequate integration between the respective systems. This bachelor thesis introduces a proof-of-concept for a cohesive room booking and access control system to address these issues. The proposed solution encompasses two mobile applications, one as the room reservation platform and the other as the access control mechanism. By integrating the management of bookings and access control, this proof-of-concept aims to overcome the prevalent shortcomings in existing systems. Halmstad University's IT department was consulted during the requirement definition phase to ensure a comprehensive understanding of the common problems, their underlying causes, and possible solutions. The proposed system utilizes common technologies such as NodeJS, Android Studio, and PostgreSQL. Additionally, Mobile BankID is integrated as a unique feature for secure user authentication, providing a trusted and widely-accepted method to verify users' identities. The final results were tested in a simulated environment and indicate that the developed system satisfies the initial requirements, addressing the problems of double bookings and unauthorized access identified during the consultation with the IT department.

Integrated Systems

Room Booking System

Access Control System

Bank ID

Mobile Applications

Computer Systems

Datorsystem

Workflow-driven, dynamic authorization for Modular Automation systems

Basic, Enna, Radonjic, Ivan

January 2023

Industrial Control Systems (ICSs) play a critical role in various industries, automating processes and efficiency optimization. However, these systems have security vulnerabilities that make them prone to cyber attacks, so it is crucial to have strong access control mechanisms in place. This master thesis focuses on the investigation, development, and evaluation of workflow-driven dynamic authorization for modular automation systems. The authorization enables specifying of policies that can adapt in real-time to the dynamic security environment of ICSs. Furthermore, the thesisexplores the efficiency of authorization in terms of execution time, memory consumption, andtoken size through experimental evaluation. The experimental evaluation compares three variationsof token population: a baseline approach that directly encodes accesscontrol list permissions into the token, and two token population algorithms that aim to reduce thetoken size by replacing permissions with overlapping roles. The results show that the baseline approach achieves the shortest execution time and lowest memory consumption, but leads to increased token sizes. On the other hand, the token population algorithms reduce the token size at the costof increased execution time and memory consumption. The choice between these approaches wouldinvolve trade-offs and would depend on the specific requirements of the ICSs environment. / InSecTT

industrial control systems

dynamic access control

authorization service

cyber security

modular automation

Computer Sciences

Datavetenskap (datalogi)

Responding to Policies at Runtime in TrustBuilder

Smith, Bryan J.

20 April 2004

Automated trust negotiation is the process of establishing trust between entities with no prior relationship through the iterative disclosure of digital credentials. One approach to negotiating trust is for the participants to exchange access control policies to inform each other of the requirements for establishing trust. When a policy is received at runtime, a compliance checker determines which credentials satisfy the policy so they can be disclosed. In situations where several sets of credentials satisfy a policy and some of the credentials are sensitive, a compliance checker that generates all the sets is necessary to insure that the negotiation succeeds whenever possible. Compliance checkers designed for trust management do not usually generate all the satisfying sets. In this thesis, we present two practical algorithms for generating all satisfying sets given a compliance checker that generates only one set. The ability to generate all of the combinations provides greater flexibility in how the system or user establishes trust. For example, the least sensitive credential combination could be disclosed first. These ideas have been implemented in TrustBuilder, our prototype system for trust negotiation.

trust negotiation

compliance checker

access control policies

IBM Trust Policy Language

TrustBuilder

satisfiability

Computer Sciences

Framework to Implement Authentication, Authorization and Secure Communications in a Multiuser Collaborative CAx Environment

Mensah, Francis

01 December 2014

Computer Aided Design (CAD) applications have historically been based on a single user per application architecture. Although this architecture is still popular to date, it does have several drawbacks. First of all the single user CAD architecture inhibits a concurrent engineering design process where several designers can work on the same model simultaneously. This limitation introduces time inefficiency especially when a project involves geographically dispersed designers. A solution to these drawbacks could be a transition from the traditional single user CAD architecture to a multiuser collaborative architecture. Advances in computer networking technologies, especially relating to the Internet, have provided the needed tools to make this transition a reality, thus making it possible for designers to simultaneously work on geometric models from one or more networked computers regardless of the location of the user. This new paradigm is expected to improve collaboration and greatly reduce product design times and consequently reduce cost and improve productivity. The multi-user architecture will, however, also require reliable security mechanisms to ensure its successful deployment in an enterprise environment where protection of intellectual property is of critical importance. This thesis proposes a framework to implement authentication, authorization and secure data communications in a multiuser collaborative CAD software system. This framework has been tested on an emerging multiuser collaborative CAD system called v-CAx being developed at Brigham Young University.

CAx

CAD

TLS

PKI

multiuser

authentication

authorization

access control

secure communications

active directory

Computer Sciences

Evaluation of Angle of Arrival based positioning for keyless entry access control

Englund, Martin

January 2018

This thesis aims at evaluating a proposed interferometry Angle of Arrival method for Bluetooth Low Energy and investigating the feasibility of using it together with current technology in a keyless entry access control solution. The current technology is an evaluation kit from Texas Instrument that is used together with various types of antennae arranged in arrays. An in-depth look at it revealed that it does not implement the proposed Angle of Arrival method for Bluetooth Low Energy but the deviations are minor. Results obtained from tests with delay lines show enough accuracy for a keyless entry access control solution. However, none of the tested antenna types do. The work concludes that current technology cannot be used as a keyless entry access control solution due to strong antenna dependencies. Future work is thus proposed to be done on antenna development. / Detta arbete syftar till att utvärdera en förslagen interferometri Angle of Arrival-metod för Bluetooth Low Energy samt undersöka möjligheten att använda den tillsammans med nuvarande tekniken i nyckellös åtkomstkontroll. Den nuvarande tekniken är ett utvärderingspaket från Texas Instrument som används tillsammans med olika typer av antenner. En utförlig undersökning av tekniken avslöjade att den inte implementerar den föreslagna Angle of Arrival-metod för Bluetooth Low Energy men avvikelserna är minimala. Resultat som erhållits från tester med fördröjningslinjer visar tillräckligt noggrannhet för nyckellös åtkomstkontroll. Men ingen av de testade antenntyperna gör det. Arbetet drar slutsatsen att den nuvarande tekniken inte kan användas som nyckellös åtkomstkontroll på grund av starka antennberoende. Framtida arbete föreslås således att fokusera på antennutveckling.

Angle of arrival

Positioning

Keyless entry access control

Bluetooth Low Energy

Computer and Information Sciences

Data- och informationsvetenskap

Antenna Design for Angle of Arrival Measurement in Access Control Applications

Prokic, Theodoros

January 2019

The Bluetooth direction finding working group proposed functionalities to the Bluetooth core that can realize Angle of Arrival estimations using interferometry. The technology can be employed to develop new access control applications. Following previous findings in Englund (2018), the purpose of this project is to investigate the feasibility of such systems when antennas are being used. The goal is to design a matchbox size antenna array which can be used by the system to distinguish between two sides in an inside-outside scenario. A number of antennas were designed, simulated and tested on a prototype. While the simulations results were consistent with the theory, the prototype measurements were not. However, it is shown that it is possible to estimate between inside and outside. / Bluetooth direction finding working group har lagt fram ett förslag om att lägga till Angle of Arrival estimerings funktionalitet baserat på en interferometri metod i Bluetooth kärnan. Tekniken kan användas för att utveckla nya åtkomstkontrolls lösningar. Detta projekt en påbyggnad av arbetet utfört av Englund (2018), syftet är att utvärdera möjligheten av en sådan åtkomstkontrolls lösning där antenner används. Målet är att designa en tändsticksask stor antenn array som kan användas av ett systemet för att särskilja mellan två sidor i ett insida-utsida scenario. Ett antal antenner konstruerades, simulerades och prototyper byggdes samt testades. Medan simuleringsresultaten var förenliga med teorin, så påvisade prototyperna inte samma beteende då resultatet skiljde sig från teorin. Projektet konstaterar dock att det är möjligt att skilja mellan insida och utsida.

Patch Antenna

Angle of Arrival

Bluetooth

Keyless Access Control

Engineering and Technology

Teknik och teknologier

Airtime Management for Low-Latency Densely Deployed Wireless Networks / 低遅延稠密無線ネットワークのためのエアタイム管理

Yin, Bo

23 March 2021

京都大学 / 新制・課程博士 / 博士(情報学) / 甲第23327号 / 情博第763号 / 新制||情||130(附属図書館) / 京都大学大学院情報学研究科通信情報システム専攻 / (主査)教授 守倉 正博, 教授 原田 博司, 教授 大木 英司 / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DFAM

media access control

IEEE 802.11 WLAN

reinforcement learning

game theory

stochastic geometry

007

Design and analysis of energy-efficient media access control protocols in wireless sensor networks. Design and analysis of MAC layer protocols using low duty cycle technique to improve energy efficient and enhance communication performance in wireless sensor networks.

Ammar, Ibrahim A.M.

January 2014

Wireless sensor network (WSN) technology has gained significant importance due to its potential support for a wide range of applications. Most of the WSN applications consist of a large numbers of distributed nodes that work together to achieve common objects. Running a large number of nodes requires an efficient mechanism to bring them all together in order to form a multi-hop wireless network that can accomplish some specific tasks. Even with recent developments made in WSN technology, numbers of important challenges still stand as vulnerabilities for WSNs, including energy waste sources, synchronisation leaks, low network capacity and self-configuration difficulties. However, energy efficiency remains the priority challenging problem due to the scarce energy resources available in sensor nodes. These concerns are managed by medium access control (MAC) layer protocols. MAC protocols designed specifically for WSN have an additional responsibility of managing radio activity to conserve energy in addition to the traditional functions. This thesis presents advanced research work carried out in the context of saving energy whilst achieving the desired network performance. Firstly the thesis contributes by proposing Overlapped Schedules for MAC layer, in which the schedules of the neighbour clusters are overlapped by introducing a small shift time between them, aiming to compensate the synchronisation errors. Secondly, this thesis proposed a modified architecture derived from S-MAC protocol which significantly supports higher traffic levels whilst achieving better energy efficiency. This is achieved by applying a parallel transmission concept on the communicating nodes. As a result, the overall efficiency of the channel contention mechanism increases and leads to higher throughput with lower energy consumption. Finally, this thesis proposed the use of the Adaptive scheme on Border Nodes to increase the power efficiency of the system under light traffic load conditions. The scheme focuses on saving energy by forcing the network border nodes to go off when not needed. These three contributions minimise the contention window period whilst maximising the capacity of the available channel, which as a result increase network performance in terms of energy efficiency, throughput and latency. The proposed system is shown to be backwards compatible and able to satisfy both traditional and advanced applications. The new MAC protocol has been implemented and evaluated using NS-2 simulator, under different traffic loads and varying duty cycle values. Results have shown that the proposed solutions are able to significantly enhance the performance of WSNs by improving the energy efficiency, increasing the system throughput and reducing the communication delay.

Attribute-based Approaches for Secure Data Sharing in Industry

Chiquito, Alex

January 2022

The Industry 4.0 revolution relies heavily on data to generate value, innovation, new services, and optimize current processes [1]. Technologies such as Internet of Things (IoT), machine learning, digital twins, and much more depend directly on data to bring value and innovation to both discrete manufacturing and process industries. The origin of data may vary from sensor data to financial statements and even strictly confidential user or business data. In data-driven ecosystems, collaboration between different actors is often needed to provide services such as analytics, logistics, predictive maintenance, process improvement, and more. Data therefore cannot be considered a corporate internal asset only. Hence, data needs to be shared among organizations in a data-driven ecosystem for it to be used as a strategic resource for creating desired values, innovations, or process improvements [2]. When sharing business critical and sensitive data, the access to the data needs to be accurately controlled to prevent leakage to authorized users and organizations.  Access control is a mechanism to control actions of users over objects, e.g., to read, write, and delete files, accessing data, writing over registers, and so on. This thesis studies one of the latest access control mechanisms in Attribute Based Access Control (ABAC) for industrial data sharing. ABAC emerges as an evolution of the commonly industry-wide used Role-based Access Control. ABAC presents the idea of attributes to create access policies, rather than manually assigned roles or ownerships, enabling for expressive fine-granular access control policies. Furthermore, this thesis presents approaches to implement ABAC into industrial IoT data sharing applications, with special focus on the manageability and granularity of the attributes and policies.  The thesis also studies the implications of outsourced data storage on third party cloud servers over access control for data sharing and explores how to integrate cryptographic techniques and paradigms into data access control. In particular, the combination of ABAC and Attribute-Based Encryption (ABE) is investigated to protect privacy over not-fully trusted domains. In this, important research gaps are identified. / Arrowhead Tools

Access Control

NGAC

Fine-grained

IoT

Industry 4.0

Encryption

flexible

Computer Systems

Datorsystem

Private Key Allocation based Access Control Scheme for Social Networks

Srinivas, Preethi

17 August 2010

No description available.

Computer Science

Social Structure

Technology

social network

access control

key management

resource sharing

security