Name of the participant: Fabian Bendun
Description of the IT-research project: Access control describes the task of ensuring that an area may only be entered by persons who are also authorised to enter it. The problem is older than the computer and therefore also offers various non-information technology solutions such as keys or manual control by persons. In particular, the latter is extremely cost-intensive and is therefore usually not used in favour of technical solutions. In the context of information systems this problem also occurs; who is allowed to read or write which data and when? Here, authentication methods such as passwords in conjunction with access control lists and capabilities have established themselves as solutions. These guidelines can be generated by various logics. Inspired by information technology solutions, the field of access control also uses techniques such as password authentication, fingerprint scanners or RFID cards.
However, there are risks associated with the diffusion of and confidence in these technologies. Passwords are regularly lost, fingerprints can be cloned, and RFID cards also offer a large target. In addition, each of these systems is difficult to replace. So in the long run, the only options are costly replacement or loss of security.
The problem to be solved in this project is therefore to find an access control mechanism that is secure according to academic standards – taking into account the state of the art -, offers flexibility to implement various access policies, and allows maintenance – in the sense of changes in policy and technology standard – easily and without hardware replacement. Due to the growing number of networked electronic devices, a cost-effective, secure authentication procedure that can be used flexibly is of great importance in order to guarantee personal data on the one hand and physical security on the other, e.g. in the case of home automation.
The smartphone is at the heart of the solution idea. These have the same degree of portability as keys or access cards, but have the potential to grow with the state of the art as computer software. In addition, operating systems of smartphones already offer various protection mechanisms for private data stored by applications as well as several communication channels.
Software Campus partners: Universität des Saarlandes, Scheer Group GmbH
Implementation period:01.04.2014 – 31.03.2016