Wednesday, May 14. Track D Security & Access Control

Transcription

1 Wednesday, May 14 Track D Security & Access Control Session: RFID & Access Use Cases Time: 3:30 PM 5:00 PM Room: W204 D Moderator: Zack Martin Editor Avisian Speakers: Scott Shane Systems Engineer Shane-Gelling Co. Mark Duato SVP, Americas Sales Bioscrypt, Inc. Carolyn Loew Secure Badge Product Lead The Boeing Company Deon Ford Chief Technologist SI International

2 The Boeing Company s SecureBadge Story Carolyn Loew Carolyn.l.loew@boeing.com May 14, 2008 BOEING is a trademark of Boeing Management Company. Boeing s Global Reach 2006 revenue of $61.5 billion from customers in more than 90 countries International sales accounted for 37 percent of total revenue Direct employment of more than 150,000 people in 49 states and 70 countries Contracts with 22,000 suppliers and vendors in more than 100 countries Research, design and technology development centers and programs in multiple countries Manufacturing, services and technology partnerships with companies around the world One of the largest U.S. exporters Companies Companies that that change change and and adapt adapt in in a rapidly rapidly evolving evolving global global economy economy will will grow grow and and prosper prosper 1

3 The Journey Began in November 2001 Physical Access project and Logical Access projects were combined Executive mandate to deploy a common badge Cross organization team was created Physical Security Logical Security Business Unit Representatives Physical Access Expectations Create a single badge that could be used at all Boeing locations for physical and logical access Standard format for barcode and magnetic stripe Update badge pictures Update physical access readers to use proximity chip Common badging system Update applications that used barcode and magnetic stripe to use new data format 2

4 Logical Access Expectations Strengthen authentication to two-factor Eliminate user id and passwords Reduce password reset costs Provide secure mobile container for x.509 certificates Payment or credit card Replace One Time Password for Remote Access Provide single sign on based on how user logged onto Windows Program Timeline Program Start Standards Established Release RFI Image Capture Complete Release RFP Issue Proximity Badge Contract Award Pilot Start Complete Reader Upgrades Pilot End Phase I Establish enterprise standards Develop Enterprise Badge System Issue Proximity Badge with updated pictures Production Environment Complete Deployment Start Phase II Adapt Physical Access Control Systems to read new badge Adapt Downstream Legacy Systems to read new badge Deploy Proximity Readers Phase III Establish smart chip infrastructure & production processes Implement initial smart chip applications Pilot, then Deploy Smart Badge Deployment Finish 3

5 SecureBadge Infrastructure SecureBadge GemExpresso 64k Java Card from Gemalto HID Prox Chip Magstripe Barcode Client Gemsafe Libraries v5.1 Smart Card Readers Dell Laptops with built in reader Keyboard readers for laptops Gemplus PC Twin USB reader Smart Card Management System Bell ID Andis Where we are today 160,626 SecureBadges with smart chip have been distributed 16,123 smart chips have been initialized 9,945 folks have active basic assurance certificates All Boeing Employees have a SecureBadge with smart chip Blockpoint includes Gemsafe Client software Laptops and Desktops have a smart card 4

6 SecureBadge Uses Challenges First time use Finding reader Knowing how to insert badge End user acceptance Scared they will leave badge in machine They see PIN as another password No mandatory reason to use badge Limited metrics available to measure success Processes for lost and forgotten badges International travel (export regulations) China Russian Federation Client Middleware Interoperabiltiy 5

7 What we are working on VPN Access Improve Usability First Time Users Survey Users Expiring certificate notification Shared Workstations / Kiosks What you need for success Initial and ongoing executive support Strong program/project management and leadership Capable, dedicated, knowledgeable team members that include sustaining organizations Communication and strong collaboration between physical security, IT security organizations, business units and vendors Communication to user community Mandated use 6

8 Fort Hood Phantom Express A Case Study in Automated Vehicular Access Control Presented to CTST 14 May 2008 By Shane-Gelling Company Fort Hood Main Gate Vehicles per Minute :15 5:30 5:45 6:00 Shane-Gelling Company 2 6:15 6:30 6:45 7:00 7:15 7:30 7:45 8:00 8:15 8:30 8:45 9:00 9:15 1

9 Automated Vehicular Transaction Lane Controller Shane-Gelling Company 3 Criteria for Success Don t Reinvent the Wheel Use the DoD CAC Execute to Army Regulatory Requirements Meet or Exceed Existing Physical Security Standards Keep up with Throughput Make the System Maintainable Make the System a Model for Army ACP Save Money Shane-Gelling Company 4 2

10 Initial Roadblocks Insufficient Conduit in Place Get to Army Corps Before Concrete is Poured Hand Jamming of Registration Data Get Data Dumps for Pre-Load Machine Read Data from Credentials Cutover Effect on Traffic Install Appropriate Signage Shane-Gelling Company 5 System Components Shane-Gelling Company 6 3

11 Network Overview ACP-3 NMS Data Center LEO IP Video PMO/DES/OPS Si Si LE LE DB DB ACP-2 Si ACP-1 Permanent Party Registration Visitor Center Shane-Gelling Company 7 Installation Database Use DBIDS for Identity Management Use Existing DBIDS Database Distribution Model Supplement Database to Include: RFID for Vehicle Identification FASC-N for Driver Identification Interface for a Lane Controller Shane-Gelling Company 8 4

12 Data Entry - Registration Permanent Party Harvest CAC Issue RFID Visitor Control Harvest DL Installation Database Issue Pass Shane-Gelling Company 9 The Evolving DoD Credentials Teslin ID Card 1D and 2D Barcode Common Access Card (CAC) 1D and 2D Barcode and Magstripe Transitional CAC 1D and 2D Barcode and Magstripe and Contactless Shane-Gelling Company 10 5

13 Data Entry - Authentication DMDC Army Installation CAC, RAPIDS DoD Decal Driver License DNVC DNVC Authenticate DoD Card Holders COPS- COPS- VRS VRS OPMG Verify Vehicle Registration CIC CIC State/FBI Check Visitor for Criminal History Shane-Gelling Company 11 Lane Access Control Shane-Gelling Company 12 6

14 Build It Shane-Gelling Company 13 Fort Hood Phantom Express DOD Decal + RFID Identify Vehicle Registration DBIDS - IDMS Good To Go? Yes Identify Driver CAC RAPIDS FIPS-201 Shane-Gelling Company 14 7

15 Typical Automated Transaction Vehicle RFID Tag is Identified Vehicle Data Retrieved and Displayed Driver is Identified Driver Name and Photo Displayed Driver Video and Rear Vehicle Snapshot Driver to Vehicle Association Checked Decision Made Guard can Override on Suspicion Shane-Gelling Company 15 Vehicle ID Subsystem Shane-Gelling Company 16 8

16 Driver ID Subsystem Shane-Gelling Company 17 Meet Criteria for Success? Don t Reinvent the Wheel Based on Government Furnished DBIDS, Use COTS Equipment Use the DoD CAC Both Bar Code and Contactless Technologies Execute to Army Regulatory Requirements Identify Vehicle and Driver Meet or Exceed Existing Physical Security Standards Database Check of Vehicle Description and Driver by Photograph Keep up with Throughput Six to Eight Seconds per Vehicle Make the System Maintainable 9,000,000+ Transactions, Minimal Equipment Failures Make the System a Model for Army ACP Foundation for on-going Army AIE Program Save Money Paid for Itself in Guard Reduction Savings Shane-Gelling Company 18 9

17 Thank You Dale Shane Senior Engineer Shane-Gelling Company (516) Scott Shane Systems Engineer Shane-Gelling Company (516) Shane-Gelling Company 19 10

18 NOTES