ACRP MP
yk1993
Residency_FinalPowerPoint_Group12.pptxFlow of presentation
Abstract
Introduction
Methodologies
Results
Conclusion
References
Abstract
In today's world, having data safeguarded is the most important thing that any company or organization should accomplish. In this research, we will discuss what goes into an ' Encryption based access control system is superior to non-encrypted AC systems,' providing data security or authorized access within the control system using encryption techniques. Data storage and sharing applications may cause data information owners to fail to control the data access. In this paper, we will be presenting how the Encryption approach is designed to limit the user permissions to a system that could make access system models more flexible. In this paper, we will be researching mainly on how to involve encryption in access control systems. The research will be based on the different encryption techniques used like symmetrical and asymmetrical models, different types of access control systems, different types of security systems, types of threats that can happen, different terminology involved with the encryption and access controls. The results show that encryption-based access control systems can effectively improve data security and reduce unauthorized user access in any business application.
Keywords: Encryption, Access control, Public Key Infrastructure
introduction
When it comes to protect sensitive data is to be discussed, the concern of integrators was to simply stop unauthorized user access.
Any unauthorized user access or attacks to control systems leads to major risk / damage for any organization data, such as unauthorized employee being access to control server rooms, hackers able to logging to cloud databases.
Common method is to providing extra secured authorization layer to the user. And to protect user data using encryption and authorization.
introduction
Encryption is the art of secret writing. It is the process of encoding or converting the plaintext to ciphertext. It uses an algorithm or key.
The building blocks: Authentication, Integrity and Non-repudiation.
Encryption techniques must be applied into AC systems to protect the data confidentiality by limiting the user access and user permissions.
Juan M. Marın Perez, Gregorio Martınez Perez, Antonio F. Skarmeta Gomez [2] operates on motion data This research will show literature survey on various encryption algorithms methods used in protecting sensitive data and avoiding unauthorized user access.
findings
The most key finding of research:
We described how encryption-based AC systems are more beneficial over non-encrypted systems.
Encryption algorithm incorporated into the backend systems to limit the user permissions, so that avoid any data modifications and data security
Various Encryption models is designed to limit the user permissions to a system that could make access system models more flexible
Few drawbacks of using non-encryption and possible risks and possible attacks.
Methodology
Qualitative Methodology approach has employed, principally focusing on researching and information gathering.
Referred to scholarly and academic resources
Incorporating real world application enforced in data security at work
Brainstorming session done within the group.
Study on encryption implemented access control systems in building management and cloud-based databases
The research and data gathered by focusing encryption vs non-encrypted AC systems and distributed the work equally among the group members.
Methodology
How does Access control encryption work?
Adding encryption to an access control systems
Risk/ attacks:
Man in the middle attacks
Social Engineering
WI-FI Hacking
Web Application Hacking
SQL Injection
Cross Site Scripting
Encryption Methods
Attributed based encryption
Ciphertext policy based encryption
Ciphertext Policy Attribute Set Based Encryption
Identity Based Encryption
Hierarchical Identity Based Encryption
Hierarchical Attribute Based Encryption
results
Ensure the data integrity, data confidentiality.
Prevent or avoid the unauthorized access to the application or cloud database
Increase client confidence.
User Access: Authorization of the user can be carried by using a flag key encryption at backend systems. As shown in figure 1 below, create a table for user permissions
Reduce the time for approval holds – Encryption algorithm model supports in automation build process in IT department.
Risk Management: help prevent any damage to the control systems and protect from any cyber attacks. By follow the hierarchical structure as shown in figure 2.
results
Figure 2: Hierarchy structure
Figure 1: Database Table structure for users
Discussion
By maintaining an encrypted AC systems will increase data security by using an encrypted algorithm key to manage risks or data tampering will build client confidence.
It will support trusted platform and secure communication between two parties.
Asymmetrical encryption and symmetrical encryption models will support and designed to be adaptable to various types of access control systems, security systems.
Encryption algorithm principally aims at maintain a standard suitable authorization and authentication standards that assists the users to read/write the system if they only have authorized key.
It provides regular updates to the access control system by implementing automation encryption model suitable to the modern types of threats that can damage.
conclusion
From the research it is safe to say that the security systems of access control makes sure that secured information of organization is always safe and is protected from any kinds of vulnerabilities.
Acknowledgement
This paper is made possible with guidance and support of Dr. Prof. Douglas Dune, ISOL-531-50 – Summer 2020 – Access Control, University of the Cumberland’s at Williamsburg, KY
References:
Mohammed ENNAHBAOUI Said ELHAJJI “Study of Access Control Models”, Proceedings of the World Congress on Engineering 2013 Vol II, WCE 2013, July 3 - 5, 2013, London, U.K.
Juan M. Marın Perez, Gregorio Martınez Perez, Antonio F. Skarmeta Gomez “SecRBAC: Secure data in the Clouds” IEEE Transactions on Services Computing (Volume: 10, Issue: 5, Sept.-Oct. 1 2017).
