Door Locks

(OBJ 1.2)

Door locks as a security measure

• Once an attacker is inside the facility, how do we keep him out of those offices with sensitive information?
  • The actual moment of vulnerability arises when unauthorized individuals gain access tot the building's interiors
• Door Locks are a critical physical security control measure designed to restrict and regulate access to specific spaces or properties, preventing unauthorized intrusions and safeguarding sensitive data and individuals
• Only individual with the proper access method can gain access
• Often places on the outside of the building's main entrance, as well as inside of the building on server room doors, network closets, and other areas
• Not all door locks offer the same protection level

Types of Door Locks

Traditional Locks

• Traditional Padlocks

  • Easily defeated and offer minimal protection
  • Defeated using a Lock Pick and a tension wrench, usually takes about 30-60 seconds
  • Lock picking:
    • Take the tension wrench, place it into the keyhole at the bottom, turn it to the right, apply pressure to hold it in place
    • Use the lock pick to pick each of those six pins to find the right place for them, once we get them right, the lock will open.
  • These padlocks use a pin and tumbler system that is fairly easy to defeat

• Basic Door Locks

  • Locks embedded on a door
  • Still vulnerable to simple techniques like lock picking

Modern Electronic Door Locks

• Utilize various authentication methods for enhanced security
• Authentication Methods:
  • Identification Numbers
    • Require entry of a unique code, providing a balance of security and convenience
    • Use a Personal Identification Number (PIN)
    • Can be configured so each person is using their own unique identification number, so that it can later be logged and audited for review
  • Wireless Signals
    • Utilize technologies like NFC, Wi-Fi, Bluetooth, or RFID for unlocking
    • You can use your Smartphone or a keycard to get in
  • Biometrics
    • Rely on physical characteristics like fingerprints, retinal scans, or facial recognition for authentication
    • Examples:
      • Fingertip reader
      • Face recognition
      • Retina scanner
    • Biometric Challenges
      • False Acceptance Rate (FAR)
        • The rate that the system authenticates a user as valid, even though that person should not have been granted access to the system
        • Occurs when the system erroneously authenticates an unauthorized user
        • We want to ideally get this rate down to zero
        • Lower FAR by increasing scanner sensitivity
      • False Rejection Rate (FRR)
        • Just as big of a problem as a false acceptance
        • Denies access to an authorized user who should have been allowed access to the system
        • Adjusting sensitivity can increase FRR
      • Crossover Error Rate (CER) or Equal Error Rate (EER)
        • Uses a measure of the effectiveness of a given biometrics system to achieve a balance
        • A balance between FAR and FRR for optimal authentication effectiveness
          • FAR and FRR are intercepting at that specific point where they are Equal
        • When you purchase a biometrics sensor you want to look for its CER, that will tell you the "performance" it will ensure
          • The lower the crossover error rate, the better that lock is going to be

Modern Electronic Door Locks with MFA

• Some electronic door locks use multiple factors, such as an identification number and fingerprint, to increase security
• Secure entry areas in office buildings, often using electronic access systems with badges and PINs for authentication

Cipher Locks

• A cipher lock provides excellent protection using a mechanical locking mechanism with push buttons that are numbered and require a person to enter the correct combination in order to open that door
• Mechanical locks with numbered push buttons, requiring a correct combination to open
• Commonly used in high-security areas like server rooms