Risk adaptive hybrid RFID access control system

Dynamic environments pose a challenge for traditional access control models where permissions are granted or revoked merely based on predefined and static access policies making them incapable of dynamically adapting to changing conditions. Risk adaptive access control models have been gaining more attention in the research community as an alternative approach to overcome the limitations of traditional access control models. Radio Frequency Identification (RFID) is an emerging technology widely utilized in both physical and logical access control systems because of its contactless nature, low cost, high read/ write speed and long distance operation. Serverless RFID system architecture offers better availability assurance and lower implementation cost, while access rights management is easier in server-based architecture. In this study, we continue to build on our previous research on the privacy and security of RFID access control systems without a backend database in order to overcome its limitations. We propose a hybrid design for a risk adaptive RFID access control system; that is, dynamically alternating between two access control modes, online (server-based) and offline (serverless), to adapt to the level of risk depending on rule-based risk scenarios and current risk value. The proposed design combines features of both serverless and risk adaptive access control systems. Copyright (C) 2015 John Wiley & Sons, Ltd.