Strengths and Weaknesses of (Physical) Access Control Systems

Presented at The Last HOPE (2008), July 20, 2008, 4 p.m. (60 minutes)

Access control systems are widely used in security, from restricting entry to a single room to locking down an entire enterprise. The many different systems available - card readers, biometrics, or even posting a guard to check IDs - each have their own strengths and weaknesses that are often not apparent from the materials each vendor supplies. This talk provides a comprehensive overview of 20 different access control technologies that focuse on weaknesses (particularly little known or not-yet public attacks) and other points that a buyer would not likely get from a vendor. Also presented will be a model for thinking about access control systems in general that will provide a useful framework for evaluating new or obscure technologies.

Presenters:

• Mike Spindel
  Mike Spindel is a recovering graduate student with a penchant for security research and good bourbon. His interests include distributed systems, MANETs, reverse engineering, and physical access control.
• Eric Schmiedl
  Eric Schmiedl has spoken at BlackHat 2007, the 2006 Dutch Open, and Defcon 14. He is a member of the TOOOL.US board of directors, maintains a semblance of an undergraduate career at the Massachusetts Institute of Technology, and has been picking locks all his life.

Links:

• https://infocon.org/cons/2600/The Last HOPE (2008)/The Last HOPE (2008) - Strengths and Weaknesses of (Physical) Access Control Systems.mp4
• https://www.youtube.com/watch?v=TM3R6qwqnho

Similar Presentations:

• BSidesSF 2016 / Access Control in 2016 - deep dive
• DEF CON 23 (2015) / Are We Really Safe? - Bypassing Access Control Systems
• AppSec USA 2013 / Securing Cyber-Physical Application Software