A Review of Access Control Technologies in Data Privacy and security

Hadoop Ecosystem

Abstract

Access control technologies are essential for data privacy protection, as they enforce access restrictions to nonpublic information resources hence security. Overtime, access control technologies has evolved in various forms of physical, mechanical, digital and combinations of the later. With each having various challenges and strength in form of scalability, usability, interoperability, and security. This report provides a comprehensive review of access control technologies; it covers the definitions, illustrations, use cases, strengths, weaknesses, and future projections. The review revealed that all access control systems face challenges and an approach that uses an integration of all access control modes, creates a versatile multi-layered defense against unauthorized access. However, as technology evolves, trends like smart fences, biometric locks, and blockchain-based controls, the use of machine learning and artificial intelligence demonstrate the potential for more intelligent and adaptive access control systems.

Contents

  1. Introduction
  2. Categories Of Access Control
    1. Physical Access Control Technologies
    2. Mechanical Access Control Technologies
    3. Digital Access Control Technologies
    4. Mixed Model of Access control
  3. Conclusion
  4. References

1 Introduction

As data breaches continue to pose significant risks to personal and organizational information, access control technologies have become increasingly important than ever before in protecting data by restricting access. Technologies that implementation imposes restrictions on privacy, so that only authorized personnel can access sensitive data. According to Parkinson and Khan [1], access control technologies can be divided into three major categories: physical, mechanical and digital.

Access control technologies are critical to data privacy and security, as they prevent unauthorized access, protect data privacy and integrity, ensure data availability and accountability, and compliance with data privacy regulations. Mohamed, Auer, Hofer and Küng [2] elaborate in their review for authorization and access control that all access controls interchangeably (with different intensity), have both challenges and strengths of usability, usability, connectivity, security, and ease of use. Mainly with interoperability which refers to the compatibility and integration of an access control system with other systems and devices [2]; and security that refers to the resilience and robustness of an attack control system against attacks and threats [3].

Therefore, with reference to recent research, this report provides a comprehensive review of access control technologies in ensuring data privacy and security. A major focus was put on the four broad categories of physical, mechanical, digital and their combinations. Additionally, definitions, illustrations, use case application, strengths, weaknesses, and future projections were explored for each of the category.

2 Categories Of Access Control

In this section, the models of access controls are explored, covering their definitions, illustrations, use cases, strengths, weaknesses, and future projections for each.

2.1 Physical Access Control Technologies

Physical Access control technologies include physical barriers such as burglar proof casings, fences, walls, and gates that control access to a property. Physical access controls are the oldest and most basic approach to access control. Physical access technology is often combined with other controls such as mechanical controls to provide multiple levels of protection [4].

Figure 2: Physical controls (case, burglar proof, wall, fence)

According to Masoumzadeh, van der Laan and Dercksen [4], Physical access control technologies can be broadly categorized into two types: static and dynamic; where static physical access control technologies is defined as fixed and permanent, such as burglar proof casings, walls, doors, and windows and dynamic physical access control technologies as movable and temporary, such as gates, turnstiles, and barriers. Static physical access control technology provides consistent control, while dynamic physical access control technology provides variable control with respect to user permissions.

Furthermore, Masoumzadeh, van der Laan and Dercksen [4] elaborate that physical access can be evaluated using metrics such as coverage, connectivity, cost, and complexity. Physical access technology can be used for a variety of purposes, including perimeter security, intrusion detection, crowd control, and emergency management.

Physical access control technologies have several strengths, such as simplicity, durability, and visibility. They are easy to understand and operate, as they do not require sophisticated software; are resistant to environmental factors, such as weather, temperature, and humidity and they are also visible and preventive, as they can alert and discourage potential intruders.

Despite the above-mentioned strengths of the physical access control, they also have several weaknesses including inflexibility, inefficiency, and vulnerability. Physical access control technologies are difficult to modify and update, as they require physical changes and maintenance; are inefficient and inconvenient, as they can cause delays and queues for legitimate users and are also vulnerable to physical attacks, such as cutting, breaking, or bypassing.

It is worthy to note that physical access control technologies have been evolving and improving over time, incorporating new materials, designs, and features. Such as fences that can detect and respond to intrusions with electric shocks, alarms, or notifications. With increased adaptions and improvements, physical access control technologies are expected to continue to play an important role in access control as the first line of defence against physical threats.

2.2 Mechanical Access Control Technologies.

Mohamed, Auer, Hofer and Küng [2] define mechanical access control technologies as an access control model that involves mechanical locks and manual controls that require human intervention to operate. Just like Physical access controls, they are not standalone hence used in conjunction with physical and/or digital access control technologies to provide solid security. They are based on the state - transition methodology, where states represent the locking and unlocking status of the lock and transitions represent the actions.

Mechanical access controls
Figure 2: some mechanical access controls

Mechanical access controls have several strengths which include affordability, availability, and compatibility. Mechanical access control technologies are relatively cheap and easy to install; are widely available and accessible, as they can be found and used in most places and situations; and are also compatible and interoperable, with the other models.

However, as explored by Parkinson and Khan [1], mechanical access control technologies also have limitations of vulnerability, inefficiency, and inconvenience. They are prone to physical attacks; can cause delays and hassles for legitimate users, for example when keys are lost, stolen, or forgotten.

The innovation and technology progress have not left this technology the same too, there has been evolution and changes of incorporating new designs and features. Some of the innovations in mechanical access control include smart locks and biometric locks. Smart locks are locks that can be controlled and monitored remotely via mobile applications or a web interface. Biometric locks are locks that can authenticate users based on their biometric features, such as fingerprints. This integration of the digital access controls plus it's simple and effective way of securing physical access will continue to provide a more holistic access control solution.

2.3 Digital Access Control Technologies

Digital access controls
Figure 2: Some of digital access controls

Gardner and Tanenbaum [3] explains digital access control technologies as the use of computer-based systems and devices that use electronic credentials, such as passwords, smart cards, biometrics, and mobile devices, to authenticate and authorize users to access resources. Digital access control technologies are considered the newest most advanced form of access control. They are mostly used to add a layer of control to the physical and mechanical access control technologies.

Digital access control technologies can be broadly categorized into the types of mobile access control, cloud-based access control, multi-factor authentication, biometric access control, and blockchain-based access control [5, 6]. Where mobile access control leverages mobile devices, such as smartphones, tablets, or wearables, as access credentials; Cloud-based access control is grounded on the use of cloud computing, which enables users to access resources from anywhere and anytime over the internet; Multi-factor authentication technologies is the use of multiple factors, such as knowledge, possession, and inherence, to verify the identity [1]; Biometric access technologies use of biometric features, such as fingerprints, face to authenticate the user [5] and the most latest; Blockchain-based access control technologies that are based on the use of blockchain, which is a distributed ledger that records and verifies transactions in a secure and decentralized way [6].

Unlike the physical and mechanical, digital access control technologies offer more flexibility and convenience, as they allow remote access control; they provide higher security and lower risk of credential duplication, as they use passwords, biometric scans, or other forms of authentication that are harder to breach and bypass; they also enable modern features and benefits, such as integrations and access analytics [1, 2, 7].

Despite the merits, digital access control has obstacles too; they are complex and expensive to install and maintain, as they require complex software and hardware components; they can be hacked and compromised by malicious actors; are more prone to malfunction and damage; they pose more ethical and social challenges, such as privacy, security, trust, and accountability issues [1, 2, 5, 7].

However, With the increasing technology innovations such as artificial intelligence, block chain, cloud computing and the increase in demand for convenience, remote access and efficiency in security, digital access control technologies are expected to grow more rapidly providing access control for the future.

2.4 Mixed Model of Access control

From all the above exploration of access model of physical, mechanical, and digital, it is evident that none of these modes work as standalone control system but rather a careful fusion to provide more solid access control. By combining elements from each mode, a more resilient and adaptive access control infrastructure emerges. This integration capitalizes on the theory that the strength of one mode compensates the weakness of the other.

This establishes multiple layers of security, leveraging physical barriers, mechanical locks, and sophisticated digital authentication methods. However, it should be noted that this amalgamation isn't devoid of challenges but is undeniably more robust.

3 Conclusion

Despite their challenges, Access control technologies are essential and unavoidable for data privacy protection, capitalising on their strengths and strategizing for their weaknesses. This report has provided a comprehensive review of access control technologies with a comprehensive cover of what they are, what they do and future projections.

Access control technologies are constantly evolving and improving to meet the changing needs and demands of data privacy and security. However, this is evident to have come with challenges and risks of complexity and cost. Additionally, overall, it was found that mostly these technologies (physical, mechanical, and digital access control technologies) do not work as standalone control systems but rather a well-structured combination resulting in a multi-layer access control system.

With the rapid evolution of technology with artificial intelligence, machine Learning, and block chain; coupled with the interoperability of the models; plus, the continued research and development, access control is becoming more better narrowing the trade-off gap between complexity to the user and control provided, leveraging high levels of abstraction.

4 References

  1. Parkinson, S. and Khan, S. A Survey on Empirical Security Analysis of Access-control Systems: A Real-world Perspective. ACM Comput. Surv., 55, 6 (2022), Article 123.
  2. Mohamed, A. K. Y. S., Auer, D., Hofer, D. and Küng, J. A systematic literature review for authorization and access control: definitions, strategies and models. International Journal of Web Information Systems, 18, 2/3 (2022), 156-180.
  3. Gardner, D. L. and Tanenbaum, T. J. The access control double bind: How everyday interfaces regulate access and privacy, enable surveillance, and enforce identity. Convergence (2023), 13548565231193706.
  4. Masoumzadeh, A., van der Laan, H. and Dercksen, A. BlueSky: physical access control: Characteristics, challenges, and research Opportunities. City, 2022.
  5. Duarte, T., Pimentão, J. P., Sousa, P. and Onofre, S. Biometric access control systems: A review on technologies to improve their efficiency. City, 2016.
  6. Golightly, L., Modesti, P., Garcia, R. and Chang, V. Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDN. Cyber Security and Applications, 1 (2023/12/01/ 2023), 100015.
  7. Quach, S., Thaichon, P., Martin, K. D., Weaven, S. and Palmatier, R. W. Digital technologies: tensions in privacy and data. Journal of the Academy of Marketing Science, 50, 6 (2022/11/01 2022), 1299-1323.