Locks#

When we talk about physical security, locks are perhaps the first example that comes to mind. These unassuming devices, spanning a spectrum of types and technologies, play a pivotal role in preventing unauthorized entry, securing valuable assets, and upholding the integrity of spaces. From traditional mechanical locks to cutting-edge electronic systems, the evolution of locks reflects a constant pursuit of enhancing security measures as thieves, burglars and industrial criminals get better at breaking them! In this article, we’ll take a look at the diverse landscape of locks, exploring various types, their mechanisms, and their strategic applications within modern physical security programs.

Mechanical Locks#

Mechanical locks constitute a huge percentage of physical security measures implemented today. Even with all the technology available, a simple lock is often the best way to deter a casual attacker. Modern mechanical locks are the product of literally centuries of design evolution and embody simplicity, reliability and cost efficiency - making them a preferred choice for numerous applications. Key types of mechanical locks include:

  • Pin Tumbler Locks - One of the most common and enduring types of locks, pin tumbler locks operate through a series of pins that align when the correct key is inserted, allowing the lock to turn and grant access.

  • Cylinder Locks - These locks feature a cylindrical core that houses the locking mechanism. They offer versatility and can be found in various forms, including the popular Euro cylinder used in many residential and commercial doors.

  • Padlocks - Padlocks offer portability and versatility, used in applications where a secure but removable locking solution is needed. They come in various designs, including combination locks and keyed padlocks.

  • Deadbolts - Deadbolts are known for their sturdiness and resistance to forced entry as well as their extreme simplicity. They extend farther into the door frame compared to traditional locks, making them robust against kicking and other physical attacks.

Electronic Locks#

The advent of electronics has ushered in a new era of locks that integrate advanced technologies, offering heightened security and management capabilities. In many cases, the primary benefit of an electronic lock is its ability to grant access to multiple individuals without having to produce many keys. Common types include:

  • Keypad Locks - Keypad locks allow access through the input of a predefined numeric code. This eliminates the need for physical keys, enhancing convenience and the ability to change access codes frequently. One major drawback is that if the same code is used for a prolonged period, the number of people who know the code tends to multiply – and sometimes the “used” keys get visibly worn down (this significantly reduces the difficulty associated with guessing the key combination!)

  • Biometric Locks - Biometric locks employ unique biological features such as fingerprints, retinal scans, or facial recognition to grant access. These locks offer a high level of security and are often used in environments where stringent access control is necessary, but some with some drawbacks which we’ll discuss shortly.

  • Smart Locks: Leveraging the power of the internet and mobile devices, smart locks enable remote access control and monitoring. Through mobile apps, users can grant access to individuals, receive alerts, and monitor entry logs.

  • Proximity Card Locks: Proximity card locks utilize RFID technology to grant access to individuals carrying authorized proximity cards or fobs. This technology offers convenience and can be integrated into building management systems, with chips often embedded in an individual’s ID card.

Keyless Entry Systems#

Keyless entry systems are a newer development of lock systems - they encompass a range of mechanisms that eliminate the reliance on traditional physical keys. In theory, these systems not only enhance convenience but also provide elevated security, however in practice, there have been numerous high-profile vulnerabilities affecting keyless entry systems (especially for cars) in recent years. Keyless systems include:

  • Access Control Cards: Access control cards, often integrated with RFID technology, are issued to authorized personnel. The cards are swiped or tapped against a reader to grant access.

  • Mobile Phone Access: Leveraging the ubiquity of smartphones, some access control systems allow users to gain entry by presenting their mobile device to a reader, usually through Bluetooth or NFC technology.

  • Remote Access Management: Keyless entry systems frequently include remote access management capabilities. This means that administrators can modify access permissions, deactivate lost cards, or grant temporary access remotely, offering real-time control.

Locks for Devices#

The domain of physical security extends beyond doors and buildings to encompass devices, gadgets, and equipment themselves. Not surprisingly, there are specialised locks for this too! Locks designed for devices provide an added layer of protection, particularly in settings where the portability and value of these items necessitate safeguards:

  • Kensington Locks: Commonly used to secure laptops, Kensington locks consist of a cable attached to a lock that can be looped around a secure fixture. These locks deter opportunistic theft by preventing unauthorized removal of the device.

  • Cable Locks: Similar to Kensington locks, cable locks are versatile and can be used to secure various devices, including projectors, monitors, and other equipment. They serve as a deterrent against casual theft in public or shared spaces.

  • Equipment Enclosures: For larger devices or equipment, enclosures (sometimes called cages) with integrated locks protect against tampering, theft, or unauthorized access. These enclosures can be customized to fit specific devices and environments.

Lock Bypassing Techniques#

While locks are designed to thwart unauthorized entry, understanding potential vulnerabilities is crucial for designing comprehensive security strategies. We won’t go into detail on how to bypass a lock, but we’ll note that some common lock bypassing techniques include lock picking, bumping, and impressioning. Organizations should remain vigilant and consider factors such as lock quality, installation methods, and supplementary security measures to counter these vulnerabilities.

Biometrics#

Biometrics encompasses the measurement of distinct biological attributes or processes with the overarching aim of identifying individuals based on these distinctive and unalterable measurements. Among the well-recognized biometric factors, fingerprints stand out as the most familiar. Fingerprint readers have garnered prevalence over the years, integrated into laptops, mobile devices, and even standalone USB devices, exemplifying the practicality of biometric authentication for personal devices.

Expanding beyond fingerprints, a realm of biometric possibilities includes the retina or iris of the eye, hand geometry, and facial features. The utilization of these attributes for authentication entails a dual-step process: enrollment and subsequent authentication. During enrollment, the biological factor’s image is captured and converted into a numerical representation. When an individual seeks authentication, the reader scans the presented feature, and the computer undertakes a comparison between the read numerical value and the stored database value. Successful matches result in granted access. Given the inherent uniqueness of these biological traits, only the rightful individual should ideally gain access.

While biometrics augments security, it’s essential to acknowledge that no security measure is without flaws. Firstly, some biometric measures and markers can be replicated to deceive a sensor (some facial recognition systems can be tricked with a realistic mask!), and in certain instances, the biometric itself might be transformed into a numerical format that could be exploited in software attacks. Secondly, some biometric markers may also real information about a person’s health – private information which they may not wish to disclose.

Thirdly, biometric sensors are not perfect even when used as intended. False accept and reject rates are critical metrics within the realm of biometric authentication systems which measure these scenarios - The false accept rate (FAR) signifies the probability that the system erroneously identifies an unauthorized individual as authorized, granting them access. Conversely, the false reject rate (FRR) represents the likelihood of the system failing to recognize an authorized individual, denying them access. Achieving a delicate equilibrium between these rates is pivotal: a high FAR compromises security, while a high FRR results in user frustration and potential security vulnerabilities due to workarounds. A measure known as the crossover error rate (CER) describes the point where the false reject rate (FRR) and false accept rate (FAR) are equal - the goal is to strike a balance that ensures both robust security and user convenience, one side or other of the CER.

Fail Open vs. Fail Closed Locks#

In the design and implementation of locking systems, a critical consideration is the lock’s behaviour during power or system failures. Locks can either fail open or fail closed, and the choice between these options involves striking a balance between security and safety.

In the event of a power failure or system malfunction, fail-open locks automatically release, allowing unrestricted access. These locks prioritize safety over security and are often used in environments where rapid egress is critical, such as fire exits. However, fail-open locks can potentially be exploited by unauthorized individuals – if an attacker can force a failure, they can bypass the lock. Fail-closed locks, on the other hand, maintain their locked state during power failures or system glitches. This enhances security but requires additional safety measures to ensure prompt egress during emergencies. These locks are typically favoured in high-security settings where unauthorized access is a significant concern – however careful attention is needed since many emergency situations (such as a fire) also have a high likelihood of causing a power outage, a potentially deadly combination if this leads to a building-wide lockdown.

Final Words#

Locks, in their myriad forms and functions, serve to guard entrances, spaces, and assets, utilising a blend of mechanical ingenuity and technological prowess. From traditional mechanical locks that have stood the test of time to electronic locks that seamlessly merge security with convenience, the evolution of locks reflects a constant drive to create barriers against unauthorized access. The integration of keyless entry systems and remote access management ushers in an era of adaptable security that meets the demands of the modern world but also presents new methods which could be used to bypass them.