Enabling HSPD-12 and Biometrics to Secure the Pentagon and Mark Center

AMΑσφάλεια

30 Νοε 2011 (πριν από 5 χρόνια και 9 μήνες)

1.654 εμφανίσεις

Interagency Advisory Board
Meeting Agenda, Tuesday, November 1, 2011
1. Opening Remarks (Mr. Tim Baldridge, IAB Chair)

2.FIPS 201-2 Update and Panel Discussion with NIST Experts
in Q&A Session (Bill MacGregor and Hildy Ferraiolo, NIST)

3.Securing Mobile Devices for Government Specific Apps
(Debb Blanchard, Verizon)

4.Enabling HSPD-12 and Biometrics to Secure the Pentagon
and Mark Center (Derek Nagel and Roger Roehr, PFPA)

5.An Example of Enabling HSPD-12 in Multi-Tenant Building by
Operating a PACS Platform as a Service (Tom Corder,
Bridgepoint Systems)

6.DoD PIV-I Update (Paul Grant, DoD)

7. Closing Remarks (Mr. Tim Baldridge, IAB Chair)
33
Pentagon Force Protection Agency
Pentagon Force Protection Agency
Privilege Management Program
Enabling HSPD-12 and Biometrics to Secure the
Pentagon and Mark Center


1 November 2011
PFPA Project Integration Directorate
HSPD-12 Team
34
Pentagon and NCR Environment
• The Pentagon is the world’s largest flat office building
– 6.7 Million SqFt, 17.5 miles of corridors
– Manage 10,116 parking spaces
• NCR buildings occupied by 87,000 DoD employees in 28 major
buildings and 76 other locations

25,000 Assigned Personnel
35
HSPD-12 Program Goals
• Use CAC and PIV (from other Federal agencies) for
permanent access and PIV for visitor entry

• Automate back end processes (FICAM) and use digital
signatures for;
– Door Access request
– Parking request
– Visitor sponsorship
– Escort pick up of visitors

• Add biometric authentication of people entering the
Pentagon and the Mark Center

• Upgrade PACS equipment to support PIV
36
HSPD-12/PMP Training, Education & Awareness

• Education & Awareness Plan
• PFPA Intranet and internet
• Flyers, posters, brochures, and other multi-media
• HSPD-12 email: PFPAHSPD-12@pfpa.mil

• Kiosk and awareness videos
• Building circulars
• Pentagon Police Department roll calls
37
MARK Center
Enrollment PMP
May 2011
38
Iris capture

Fingerprint Capture
Mark Center turnstile
August 2011
39
40
• Mixture of legacy and PIV compliant equipment
• 7,100+ PACS readers
– Installing Oct 11 – Apr 12 multi-technology magstripe
and PIV readers
• 2,100+ PACS panels
– Approximately 700 panels upgraded, remaining to be
upgraded in FY12
• Turnstile upgrade
– Coridor 5
– Pentagon Athletic Center
Pentagon Physical Access
Control System upgrade
Pentagon HSPD-12 entrance
September 2011
41
New entrances designs
42
43
Identity Credential Access management
(ICAM)
PMP
Authentication
Proofing and
Vetting
Roles
Identity
• Place of Birth
• Date of Birth
• Name
• Biometrics
Credential
• CAC
• PIV
• TWIC
• US Armed Services
Identification Card
• Alternative Card
Access
• What
• Where
• When
44
Integration Road Map For Privileges

HSPD-12
FIPS-201
SP 800-76
SP 800-73, SP 800-78
SP 800-79, SP 800-87
SP 800-103
Authorization
Sponsor, Background Check, Security Clearance
Identity
Name, Place of Birth,
Parent Names,
Biometrics,
DOB
Credentials
PIV, Building & Visitor passes, SSN,
Licenses. Vehicle Hang Tags
Accounts
Physical Access, Logical Access, Visitor Escort,
Parking, Authorizing Agent
Access Control
Building and Door Access, Parking Lots and Spot, Logical
SP 800-116
Audit &
Investigations
PMP Design & Impelmentation
45
46



Hand
Geometry
Factor of Identity
Unique
Non repudiation
4 Digits
PIN
6 Digits
PIN
8 Digits
PIN



Card Read




Card Read with
Cryptography




Fingerprint



Iris
47
design inspiration
48
Developing Authentication Requirements
High Security = CAC + PIN + Biometric
Restricted Areas
Medium Security = CAC + Biometric
Perimeter
Low Security = CAC
Suites

49
Choosing Biometric Modality
• Standards based
• Interoperable
• Store the reference image not
the template
• For speed we chose stored on
device biometrics solutions







50
Why Multimodal Biometrics?









25,000 People Enter Daily
People can not enroll using either iris or
fingerprint approximately 0.01% (1% x 1%) or 3
People who can not enroll using fingerprints approximately 1% or 250
People who can not enroll using iris approximately 1% or 250










5800 people enrolled 0% failure to enroll in at least one biometric
PMP Enrollment screen
51
FOR OFFICIAL USE ONLY -
Dissemination Governed by
Distribution Statement E

52
Integrated Biometrics Turnstile
Concept
Fingerprint Biometric
Reader Entry
Iris biometric reader
Card Only
Reader Exit
Employee exits
turnstile, uses CAC
Employee enters
turnstile, uses CAC
and biometric
Prototype testing
March 2011
53
Tested with 3 groups of 10 people
• Internal staff
• External staff
• Light duty officers

Each group conducted 6 tests with 100
card read per a test.

Turnstile
• Card only
• Card + Finger
• Card + Iris
• Card + user choice Iris or Finger
ADA portal
• Card only
• Card + user choice Iris or Finger





When user are given a choice of
biometric the total authentication
time is only increased by 3 sec.

54
Turnstile Testing
55
Lessons Learned
• HSPD-12 works!!!
• Go to vendors with a plan
• Virtualization works!!!
• Test, Test, Test
• Enrollment is where trust starts
• Document current process and why
• Define, Define, Define new process
• Be a change agent but listen to critics
• Offer a straw man process for review
• Listen to the end user

Senior Leadership buy in is critical

• Don’t Ever Give UP!!!!

56
Contact Info

Derek Nagel
Pentagon Force Protection Agency
Project Integration Directorate
Access Control Branch Chief
derek.nagel@pfpa.mil

703-681-3122

Roger Roehr
Pentagon Force Protection Agency
Project Integration Directorate
HSPD-12 Physical Security Engineer
Contract Support
roger.roehr.ctr@pfpa.mil

703-681-3169
57
Pentagon Force Protection Agency
Protecting Those Who
Protect Our Nation