wednesday, may 14 track d security & access control · • cross organization team was created...

Wednesday, May 14

Track D Security & Access Control

Session: RFID & Access Use Cases

Time: 3:30 PM – 5:00 PM

Room: W204 D

Moderator: Zack Martin

Editor Avisian

Speakers:

Scott Shane Systems Engineer

Shane-Gelling Co.

Mark Duato SVP, Americas Sales

Bioscrypt, Inc.

Carolyn Loew Secure Badge Product Lead

The Boeing Company

Deon Ford Chief Technologist SI International

1

BOEING is a trademark of Boeing Management Company.Copyright © 2006 Boeing. All rights reserved.

The Boeing Company’sSecureBadge Story

Carolyn [email protected] 14, 2008

Boeing Technology | Information Technology

Copyright © 2006 Boeing. All rights reserved.

Boeing’s Global Reach

Companies that change and adapt in a rapidly evolving global economy will grow and prosper

Companies that change and adapt in a rapidly evolving global economy will grow and prosper

2006 revenue of $61.5 billion from customers in more than 90 countries– International sales accounted for 37 percent of total revenue

Direct employment of more than 150,000 people in 49 states and 70 countries

Contracts with 22,000 suppliers and vendors in more than 100 countries

Research, design and technology development centers and programs in multiple countries

Manufacturing, services and technology partnerships with companies around the world

One of the largest U.S. exporters

2006 revenue of $61.5 billion from customers in more than 90 countries– International sales accounted for 37 percent of total revenue

Direct employment of more than 150,000 people in 49 states and 70 countries

Contracts with 22,000 suppliers and vendors in more than 100 countries

Research, design and technology development centers and programs in multiple countries

Manufacturing, services and technology partnerships with companies around the world

One of the largest U.S. exporters

2



The Journey Began in November 2001

• Physical Access project and Logical Access projects were combined

• Executive mandate to deploy a common badge• Cross organization team was created

• Physical Security• Logical Security• Business Unit Representatives



Physical Access Expectations

• Create a single badge that could be used at all Boeing locations for physical and logical access

• Standard format for barcode and magnetic stripe• Update badge pictures • Update physical access readers to use proximity chip• Common badging system• Update applications that used barcode and magnetic

stripe to use new data format

3



Logical Access Expectations

• Strengthen authentication to two-factor• Eliminate user id and passwords• Reduce password reset costs• Provide secure mobile container for x.509 certificates• Payment or credit card• Replace One Time Password for Remote Access• Provide single sign on based on how user logged onto

Windows



Program Timeline

• Phase I• Establish enterprise standards• Develop Enterprise Badge System• Issue Proximity Badge with updated pictures

• Phase II• Adapt Physical Access Control Systems to read new badge• Adapt Downstream Legacy Systems to read new badge• Deploy Proximity Readers

• Phase III• Establish smart chip infrastructure & production processes• Implement initial smart chip applications• Pilot, then Deploy Smart Badge

2002 2003 2004 2005

Issue Proximity Badge Pilot Start

Production EnvironmentComplete

Pilot End

Image CaptureComplete

Release RFI

Program Start

Complete ReaderUpgrades

Contract Award Deployment Finish

StandardsEstablished

Release RFP

Deployment Start

4



SecureBadge Infrastructure

• SecureBadge• GemExpresso 64k Java Card from Gemalto• HID Prox Chip• Magstripe• Barcode

• Client• Gemsafe Libraries v5.1

• Smart Card Readers• Dell Laptops with built in reader• Keyboard readers for laptops• Gemplus PC Twin USB reader

• Smart Card Management System• Bell ID Andis



Where we are today

• 160,626 SecureBadges with smart chip have been distributed

• 16,123 smart chips have been initialized• 9,945 folks have active basic assurance certificates• All Boeing Employees have a SecureBadge with smart

chip• Blockpoint includes Gemsafe Client software• Laptops and Desktops have a smart card

5



SecureBadge Uses



Challenges

• First time use• Finding reader• Knowing how to insert badge

• End user acceptance • Scared they will leave badge in machine• They see PIN as another password

• No mandatory reason to use badge • Limited metrics available to measure success• Processes for lost and forgotten badges• International travel (export regulations)

• China• Russian Federation

• Client Middleware Interoperabiltiy

6



What we are working on

• VPN Access• Improve Usability

• First Time Users• Survey Users• Expiring certificate e-mail notification

• Shared Workstations / Kiosks



What you need for success

• Initial and ongoing executive support

• Strong program/project management and leadership

• Capable, dedicated, knowledgeable team members that include sustaining organizations

• Communication and strong collaboration between physical security, IT security organizations, business units and vendors

• Communication to user community

• Mandated use

1

Fort Hood Phantom Express

A Case Study inAutomated Vehicular Access Control

Presented to CTST 14 May 2008By Shane-Gelling Company

Shane-Gelling Company 2

Fort Hood Main Gate

Vehicles per Minute

0.00

10.00

20.00

30.00

40.00

50.00

5:15

5:30

5:45

6:00

6:15

6:30

6:45

7:00

7:15

7:30

7:45

8:00

8:15

8:30

8:45

9:00

9:15

2


Automated Vehicular Transaction

Lane Controller


Criteria for Success

• Don’t Reinvent the Wheel• Use the DoD CAC• Execute to Army Regulatory Requirements• Meet or Exceed Existing Physical Security

Standards• Keep up with Throughput• Make the System Maintainable• Make the System a Model for Army ACP• Save Money

3


Initial Roadblocks

• Insufficient Conduit in PlaceGet to Army Corps Before Concrete is Poured

• Hand Jamming of Registration DataGet Data Dumps for Pre-LoadMachine Read Data from Credentials

• Cutover Effect on TrafficInstall Appropriate Signage


System Components

4


Network Overview

Visitor Center

ACP-3

ACP-1Permanent Party

Registration

Data Center

NMS

ACP-2

LE DBLE DBSiSi

SiSi

SiSi

PMO/DES/OPS

IP Video

LEO


Installation Database

• Use DBIDS for Identity Management• Use Existing DBIDS Database Distribution

Model• Supplement Database to Include:

– RFID for Vehicle Identification– FASC-N for Driver Identification– Interface for a Lane Controller

5


Data Entry - Registration

Visitor Control

Permanent Party

Installation Database

Harvest CAC

Harvest DL

Issue RFID

Issue Pass


The Evolving DoD Credentials

• “Teslin” ID Card– 1D and 2D Barcode

• Common Access Card (CAC)– 1D and 2D Barcode

and Magstripe• Transitional CAC

– 1D and 2D Barcode and Magstripe and 14443 Contactless

6


Data Entry - Authentication

DNVCDNVC

DMDC

Authenticate DoD Card HoldersCAC, RAPIDS

COPS-VRS

COPS-VRS

OPMG

Verify Vehicle Registration

DoD Decal

CICCIC

State/FBI

Check Visitor for Criminal History

Driver LicenseArmy

Installation


Lane Access Control

7


Build It


Fort Hood Phantom Express

DBIDS - IDMSRegistration

Good To Go?

RFID

CACRAPIDS

14443FIPS-201

Identify Driver

Identify Vehicle

+

Yes

DODDecal

8


Typical Automated Transaction

• Vehicle RFID Tag is Identified– Vehicle Data Retrieved and Displayed

• Driver is Identified – Driver Name and Photo Displayed– Driver Video and Rear Vehicle Snapshot

• Driver to Vehicle Association Checked– Decision Made

• Guard can Override on Suspicion


Vehicle ID Subsystem

9


Driver ID Subsystem


Meet Criteria for Success?• Don’t Reinvent the Wheel

Based on Government Furnished DBIDS, Use COTS Equipment• Use the DoD CAC

Both Bar Code and 14443 Contactless Technologies• Execute to Army Regulatory Requirements

Identify Vehicle and Driver• Meet or Exceed Existing Physical Security Standards

Database Check of Vehicle Description and Driver by Photograph• Keep up with Throughput

Six to Eight Seconds per Vehicle• Make the System Maintainable

9,000,000+ Transactions, Minimal Equipment Failures• Make the System a Model for Army ACP

Foundation for on-going Army AIE Program• Save Money

Paid for Itself in Guard Reduction Savings

10


Thank You

Dale Shane

Senior Engineer

Shane-Gelling Company

(516) 671-4797

[email protected]

Scott Shane

Systems Engineer

Shane-Gelling Company

(516) 671-4797

[email protected]

wednesday, may 14 track d security & access control · • cross organization team was created...

Documents