Access Control in Critical Infrastructure Control Rooms using Continuous Authentication and Face Recognition
MetadataShow full item record
Access control solutions in critical infrastructure control rooms do not support needs for availability and traceability. Most solutions rely on usernames and passwords that are used on multiple accounts on different systems. Workstations in control rooms need to be visible and available on a 24-7 basis, enabling operators to monitor the infrastructure and to initiate actions when needed. This is not possible today as logins, logouts and rebooting are a part of daily routines. This thesis presents a prototype of a solution that uses continuous authentication and face recognition for access control, that provides user friendliness, and ensures availability and traceability. At the same time, the solution provides for strict access control to ensure that only the right users are allowed in, and that systems are not left open to anyone. This is achieved by rethinking the architecture of how access control is done, by centralizing it through moving authentication from clients to a central server, and by using biometrics. The solution was tested using multiple virtual clients that receive commands from a server that runs continuously a face recognition application. The solution was tested for usability performing scenario tests and security by performing presentation attacks.