RFID cum Biometric based Physical Access Control System for Nuclear Facilities

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, UGC Approved List of Recommended Journal, Volume 8, Issue 5, May 2018)

90

RFID cum Biometric based Physical Access Control System for

Nuclear Facilities

G Prabhakara Rao

1

, T Sathishkumar

2

, BPC Rao

3

1,2,3

Indira Gandhi Centre for Atomic Research, HBNI, Kalpakkam, Tamil Nadu, India

Abstract— Security of nuclear facilities and materials is of

global concern and the recent conduct of four nuclear security summits are the proof. Access control to radiological facilities is of utmost importance in nuclear security to prevent theft of nuclear materials and sabotage of the facilities. The degree of security required for a nuclear facility is much higher and hence, access control systems with advanced features are necessary. An automated access control system with two levels of authentication (based on identity card and biometric) is recommended for nuclear facilities. However, security features like anti-pass-back, prevention of tailgating, secure communication between access controllers and peripherals, secure access to server application, dual occupancy rule are not present in commercial access control systems. Further, biometric based systems suffer from the problem of false rejection and it needs to be countered. In view of the above, an access control system was designed and developed with the necessary security features and reduced false rejection rate. This paper describes the development and implementation of the access control system eliciting the novel features that are built into the system to make it suitable for use in nuclear and other strategic facilities.

Keywords— Anti-pass-back, biometric, dynamic template

updating, false rejection ratio, tail-gating.

I. INTRODUCTION

Nuclear facilities need to be protected against theft and sabotage. The areas in the nuclear facility which are identified and classified as targets are to be protected with high secure access control systems. The access control systems control the access to the facility by allowing only authorized personnel to gain access and reject all unauthorized personnel. Atomic Energy Regulatory Board (AERB) [1] of India has issued guidelines for an access control system for a nuclear facility. These guidelines have been arrived at after research of the nature of nuclear materials stored inside the facilities and the radiological consequences that may arise in the event of a theft. Commercial access control systems do not implement all the necessary recommendations in their access control systems. In order to attain self-sufficiency in the field of security for nuclear facilities, an access control system with all the recommended features has been developed.

The paper is organized as follows. Section-2 describes the design of the controller board, Section-3 describes the firmware design, Section-4 describes the software design for the server application, Section-5 explains the novel features implemented in the access controller that is not found in commercial systems, section 6 concludes and gives future scope.

II. ACCESS CONTROLLER BOARD

The access controller board is designed to process inputs from four RFID readers and two biometric devices simultaneously. Based on these inputs, the controller can operate two turnstiles. LPC2478 [2] based microcontroller is chosen for the controller board based on the number of GPIO pins available (160) and the presence of necessary peripherals like, external memory controller, multimedia card, Ethernet MAC on chip.

Inputs to the board come from the RFID readers which read the information from the RFID card based on secret keys and relay the card details via wiegand [3] protocol to the controller board. The controller board has a Schmitt trigger 74HC14 [4] to shape the wiegand data and feed it to the microcontroller.

The biometric device (hand geometry) is connected to the controller board via RS 485 protocol [5]. The controller board has two memory devices viz. a parallel flash memory [6] and a micro SD card [7] for storing the user database, configurations and transactions.

To accept feedbacks from the turnstile for 10º and 15º feedbacks, opto-couplers [8] were provided on board.

The turnstiles are controlled via the potential-free contacts provided by relays on board. The relays are driven by ULN2003 [9] via the GPIO pins from the microcontroller.

(2)

[image:2.612.50.290.126.332.2]

91

Figure 1: Access Controller Board

III. CONTROLLER FIRMWARE

The firmware for the controller card is developed in embedded C language using Keil µvision-4 [10]. To ensure simultaneous operation of all the four RFID readers and simultaneous access of all the doors, Keil RTX Real Time Operating System [11] is used for the development of the firmware. The controller firmware is designed to operate in any one of the four configurations detailed below:

a. Configuration :1 (4 Doors – Entry : RFID; Exit: push-button switch )

b. Configuration :2 (2 Doors – Entry : RFID; Exit: RFID )

c. Configuration :3 (2 Doors – Entry :RFID+HGU; Exit: RFID)

d. Configuration :4 (2 Doors – Door 1 : Entry+ Exit: RFID+HGU ; Door 2 : Entry + Exit :RFID)

The RTOS tasks are shown in Figure 2. The firmware module reads the interrupts arriving at the GPIO pins and records them as 0’s or 1’s depending on which line is producing the interrupt. Once the designated numbers of bits are recorded, the bits are checked for parity errors. If parity errors are found, the data received is discarded. Once the data is read, it is passed on to the database verification module.

Figure 2: Tasks running on access controller.

The database verification module verifies the data received from the RFID module with those data in the database.

[image:2.612.329.562.231.450.2]

(3)

[image:3.612.62.280.151.447.2]

92

Figure 3: Flow chart for verification.

A. Card Details Verification

 Employee Code Verification: The card is issued by the organization to an employee. This prevents access by cards that are not issued by the organization.  Card Serial Number Verification: The card is the only

one issued to that particular employee. This ensures that only the card that is currently issued to the user could be given access.

B. Validity Verification

The card is used during the period which it is valid. This eliminates the scenario of access gain via old discarded cards

C. Biometric Verification

The card is used to gain access by the user to whom the card is issued. This prevents an adversary gaining access by theft of cards.

D. Anti-Pass-Back Verification

Anti-pass-back (APB) is the prevention of the case wherein a valid card is passed back to gain access to an unauthorized individual.

After completion of all the verifications, the system gives access to only to the authorized personnel. Moreover, the transaction is attached with a timestamp and sent to the server application over Ethernet.

IV. SERVER APPLICATION

The server application is written using C# [12] on dot net framework 4.0 [13]. The server application connects the controllers via Ethernet, synchronizes the clock timings in the controller, provides GUI for user database management and receives transactions from the controllers, and has provisions to generate various kinds of reports from the transactions.

V. NOVEL FEATURES IN THE ACCESS CONTROL SYSTEM

A. Anti-Pass-Back (APB)

Pass-Back is the mechanism wherein a genuine user gains access using his/her credentials, and then passes the card back to enable the adversary to gain access. This is a serious issue in nuclear facilities as only authorized personnel must be allowed to gain access. To overcome this, before every transaction, APB check is performed. This is implemented in the firmware as follows. The memory in the controller is used to store the APB flag of every user. Whenever an ENTRY transaction is made by a particular user, the flag in the slot allotted for that particular user is updated. If a second entry is attempted using the same credentials, that would be rejected while flag check is performed. This would ensure that every entry must be accompanied by its corresponding exit.

B. Prevention Of Tail-Gating

(4)

93

To avoid this problem, the RFID inputs are disabled when a transaction is in progress. This is done in the firmware by disabling the interrupts for the time duration that the transaction is performed. The turnstile system has feedback output to indicate the end of the transaction, by means of a micro-switch at 45º feedback. Only after the feedback is received or time out occurred, the interrupts will be enabled back again to receive the next card input.

C. Dynamic Hand Template Updating

During enrollment, the hand geometry of a personnel is recorded using the hand key device and a 9 byte template is generated. This template is stored in the card and used for authentication. Due to the inherent changes between the enrollment machine and authentication machines and the temporal changes in the hand geometry of the person, the authentication process would fail frequently as time progresses.

[image:4.612.345.541.338.435.2]

An experiment was conducted to assess this scenario. The templates generated during enrollment were taken as data1. The updated templates stored in the controller are taken as data2. The genuine scores were calculated by measuring the Euclidean score [14] between data1 and data2. This would be the scenario if dynamic template updating is not performed. The imposter scores were calculated by comparing one template from data2 with another template from data2. There could be a large number of imposter scores that could be generated by comparing each template with all the other templates. But to maintain the same order as that of the genuine scores, the imposter score calculations were performed by comparing one template with its adjacent template. The resulting distribution graph is shown in Figure 4. As can be seen, the genuine and imposter graphs are very close and less separable.

Figure 4: Distribution graph- Without Dynamic Updating

To overcome this and to minimize the number of

rejections, dynamic hand template updating is

implemented. Each time a successful transaction of low score is performed, the template is averaged and the controller stores the updated template in its memory. When the user presents his/her hand for authentication at a later time, this updated hand template from the controller is retrieved and verified with the present hand template. By this way, the access control system keeps track of the temporal changes of the hand template of each individual and adapts itself, resulting in reduction of rejections. Working in this direction, the template taken two days after data2 is recorded is taken to be data3. Comparison between data2 and data3 yields genuine scores. This is compared with the imposter scores. The rejection rates after dynamic template updating are found to reduce as typically shown in Figure 5.

Figure 5: Distribution graph with dynamic updating

[image:4.612.348.555.511.637.2]

Figure 6 shows the three distributions in a single graph. It depicts that as time progresses, even genuine users will keep getting rejected, thus, increasing the false rejection ratio. This is counter-acted by dynamic template updating.

Figure 6: Distribution graph- genuine, imposter, updated templates

[image:4.612.79.256.535.677.2]

(5)

[image:5.612.70.276.133.275.2]

94

Figure 7: Error rate curve without updating.

[image:5.612.70.268.348.490.2]

Figure 8 shows the error rate curve when dynamic hand template updating is performed. The error rate achieved is almost 1% which is 28 times lower than what was achieved without dynamic template updating.

Figure.8. Error Rate Curve- With Dynamic Updating

D. Secure Communication

To prevent the adversary from listening to the channel of

communication between security systems, it is

recommended to encrypt all communication. The access control system developed applies 128 bit Advanced Encryption Standard (AES) [15] to encrypt the transactions and commands that are communicated. Further, the data from the RFID reader to be the controller, when sent via RS 485 network, is encrypted as well. This ensures that the data is always secure.

E. Secure Access To Server

The access to the server application has to be strictly monitored and restricted only to the authorized personnel. To achieve this, fingerprint based log-in to the server application is provided, thereby, making sure that only authorized personnel are accessing the server application.

F. Report Generation

Various kinds of reports can be generated based on the transactions. Nuclear facilities require often an important report, called headcount report, wherein the number of personnel presents at a specific time inside a facility can be obtained. This is done by listing those personnel whose last transaction was a Successful Entry or an Unsuccessful Exit. Both these conditions of the last transaction would indicate that the particular personnel are present inside the facility which is required during emergency exercises in nuclear facilities.

G. Emergency Lock / Unlock

During emergency exercises, it becomes necessary to lock the turnstiles to prevent people from leaving in panic. It is of utmost importance to take stock of the personnel inside the facility and facilitate systematic safe exit. To achieve this, an option is provided in server application using which any controller can be locked in an emergency state, after which a head count report can be generated.

H. Dual Occupancy Rule

In some secure areas of the nuclear facility, like the fuel storage areas, two personnel presence is required to make an access. To achieve this, after verifying the authenticity of the first personnel, the access control system waits for the authentication of the second personnel. Only if the two personnel are authenticated successfully within a fixed amount of time, access would be granted.

I. Self Diagnosis

The system periodically performs diagnosis of the components connected to it like the hand geometry unit, SD card, memory units and raises an audible and visual alarm in the server in case of any problems. This helps in minimizing the downtime of the system.

VI. CONCLUSION

An access control system was developed in order to cater to the high secure requirements of a nuclear facility. Various features were implemented in the system using advanced principles to make it usable for highly secured strategic facilities. The system is shown to be minimizing the error rates with superior ability to distinguish between genuine personnel and imposters.

(6)

95

Constant evaluation of the access control requirements and subsequent evolution of the system to meet the stringent requirements is where the future lies.

REFERENCES

[1] AERB Safety Guide, March 2011, Security of radioactive sources in radiation facilities, Guide No AERB/RF-RS/SG-1.

[2] LPC24XX User Manual. 26, August 2009, UM10237 Rev 04. [3] Understanding Card Data Formats, HID, Technology basics white

paper, www.hidcorp.com

[4] Product Datasheet, 74HC14 Hex Inverting Schmitt Trigger, Rev 7, 19th_{November 2015}

[5] Thomas Kugelstadt, Texas Instruments, The RS-485 Design guide, Application Report, October 2016

[6] Microchip 64 Mbit (x16) multi-purpose flash plus SST39VF6401, 2015

[7] Accessing SD/MMC card using SPI on LPC2000 , Application Note, Rev 3, 3 January 2007

[8] Eric Wright, Opto-isolator Selection guidelines: TPS 2384 I2_C

interface, Application Report, SLVA229-March 2006

[9] Texas Instruments, ULN 200X, High-voltage, High-Current Darlington Transistor Arrays, SLRS 027O January 2016

[10] Keil MDK ARM Development kit , www.keil.com accessed on April 26th₂₀₁₈

[11] Keil RTX Real Time Operating System RTOS, http://www.keil.com/arm/rl-arm/kernel.asp accessed on April 26th 2018

[12] C# Programming Language https://docs.microsoft.com/en-us/dotnet/csharp/ accessed on April 26th₂₀₁₈

[13] Dot Net Framework 4.0 https://msdn.microsoft.com/en-us/library/w0x726c2%28v=vs.100%29.aspx accessed on April 26th

2018

[14] Announcing the Advanced Encryption Standard , Federal Information Processing Standards Publication 197, November 26, 2001