Securing the Delta Biometric Sorority House

Our shop is in a college town and as well as getting frequent calls from the various University departments for all types of security work, providing security for off campus student residences is part of our business. Many of these residences are fraternity and sorority houses.

Standalone keypad access is a favorite solution for these applications because it eliminates the need to hand out keys to all the residents, and then repeat the process when the student turnover happens.

PIN-only access control is more convenient than key-based access, but regrettably does not offer any substantial improvement in security over traditional mechanical keys in most instances because students will share their PINs.

If the premises is keyed with proprietary key system, the chance of unauthorized key duplication is reduced, but the cost for keys is higher and keys can be lost, and the loss may not be immediately reported. When it is finally reported, you have to rekey and give out another set of keys.

If the keypad system utilizes a single PIN code, there are the issues of people sharing the code, and the possibility that the PIN code will be guessed by a perseverant miscreant.

With individual PIN code type systems, the number of user codes increases the probability of a good guess, does not prevent sharing a PIN, and therefore does not provide a substantial improvement in security.

If the keypad system is an individual PIN type system and provides for an audit trail, or if video surveillance is incorporated into the system, the combined effects of dual intimidation do represent an improved security management system.

 

Dual Authentication

But even if the PIN codes are replaced with individually enrolled credentials and then individual user codes are assigned to each credential, although security improves with each added level of authentication, there still remains opportunities for an enterprising and highly creative mind of a youth to circumvent a system.

Most of our customers find that some sort of PIN code solution is adequate for their purposes weighing risk against convenience against ROI.

When a sorority contacted me and asked if I did biometrics, of course I said yes.

In theory, the superior security benefits of biometrics are hard to dispute, assuming you are dealing with a legitimate biometrics security product.

Last summer we worked with an imported biometric lock, where the installer could dial in the sensitivity of the biometric algorithm. This was supposed to help for applications where higher throughput was desired, and occasional false positives were acceptable.

To me this is nutty. Of course higher throughput is always desirable. While false negatives slow up throughput and might anger some users, false positives feed into the suspicions people have about the efficacy of Biometrics. (Is this really reading my fingerprint?)

For locksmiths, it is bad enough that their keys are being supplanted by credentials. But biometrics now threaten to supplant the credential.

Well not exactly, since the reliability and efficiency of biometrics is greatly enhanced with dual authentication, meaning using the biometric template (your fingerprint) with a unique PIN or credential.

There are several different ways to deploy biometrics:

  • The fingerprint is scanned and tested against a database of biometric templates of enrolled valid users (1: many)
  • A credential with a copy of the individual’s biometric template embedded on the credential is presented to the reader, then the finger is placed on the scanner. (1:1)
  • The finger template has been enrolled into the biometric device along with a matching PIN code, and both are required in order to gain access.

So in one situation the fingerprint replaces both the PIN and the credential which is single authentication. In the next situation, the fingerprint takes the place of the PIN (dual authentication), and in the last situation the fingerprint takes the place of the credential (also dual authentication).

The fingerprint is non-transferable and therefore affords the higher level of security over a memorized PIN or credential that could be shared.

The sorority had determined that they wanted to provide that enhanced protection to their students. They knew that:

  • Keys can be lost, loaned or copied.
  • Credentials can be lost or loaned out.

When the security on a frat or sorority house is too extreme, you find the hardware bypassed, vandalized or doors propped.

Offering an amenable solution to the students makes it easier for them to maintain the security of their house.

 

Cansec Zodiac

The sorority management also set forth its own set of requirements. Besides being biometric, the system had to:

  • Be in budget
  • Not require a network connection or PC to manage or to operate
  • Remain locked and continue to operate in a power failure
  • Hold up under the adverse conditions present in a dorm environment.

The Cansec Zodiac system which includes power supply and provision for battery backup met items 1 through 4. So far the system has held up, so we can tentatively report it has met item 5 as well.

Interesting but not PC Factoid: It has been statistically verified that women as a group are harder on electronic devices, somehow bringing out the weaknesses in cell phones and laptops and so forth.

Our own observations indicate that fraternities are far more destructive to doors and locksets than the sororities. And we have the service calls to prove it.

The Zodiac 250 is standalone, requiring only low voltage power and connection to an electric locking device. Programming is typical for an electronic access control, meaning that it is not intuitive, but it does not require in house factory training either.

Once we demonstrated the enrollment process to the individuals at the sorority who would be responsible for system management, they quickly learned it, and a good time was had by all as they enrolled all their sisters.

They each enrolled two fingers in case of a “bad nail day” and selected their own PIN numbers.

Unlike their debit cards or laptops, the PIN is not such a top secret, since unlike credit cards and computers, a PIN is not enough to get you through the door.

CANSEC offers several models of the Zodiac. With one version, which we’ve previously reported on to faithful Locksmith Ledger followers, the reader provides a Weigand output so it can be retrofitted to any network based electronic access control which uses this type of reader or keypad.

In the nearly six months since the Delta Bio system has been deployed we had only two callbacks. The first was to adjust the door closer which was the original one and had not been replaced as part of the installation.

The second was over a weekend, and I was able to ask the den mother a few questions and determined a housekeeper had unplugged the power supply in order to use a vacuum cleaner. We only used the receptacle specified by the den mother, and I told her repeatedly that the power supply must not be unplugged. It was not in an obvious location where the residents were likely to mess with it, but of course the housekeeper had not been clued in.

It must have taken a several days for the back up battery to finally deplete to the point where the Zodiac stopped working.

I told den mother to re-plug and then crossed my fingers hoping that this was it, and this would revive the system. It did and she was so pleased that she called me back and we provided several locksets, and rekeyed the entire facility.

Cansec Systems offers an all-in-one stand-alone Zodiac kit to get your system started. The kit includes the Zodiac 250 reader, a door control module, power supply board, transformer and an enclosure to hold these components.

More information: www.cansec.com.

 

To read additional Locksmith Ledger articles about biometrics, visit http://tinyurl.com/fingerprint312

Loading