A Secure and Sustainable Transition from Legacy Smart Cards to Mobile Credentials in University Access Control Systems
Date
Supervisor
Item type
Journal Article
Degree name
Journal Title
Journal ISSN
Volume Title
Publisher
MDPI AG
Abstract
A secure and sustainable building access control system plays a vital role in protecting organisational assets worldwide. Physical access management at Auckland University of Technology (AUT) is still primarily done through traditional card-based authentication. The system is susceptible to replay and cloning attacks because the conventional Mifare Classic credentials employ outdated Crypto1 encryption. Such weaknesses provide significant threats in laboratories, engineering testing facilities, and research and technological areas that require strict security procedures. To overcome the above issues, we propose a secure and sustainable university building access control system using mobile app credentials. This research grounded a thorough risk analysis of the university’s current infrastructure, mapping potential operational continuity threats. We analyse card issuance records by identifying high-risk areas such as restricted laboratories and evaluating the resilience of the current Gallagher–Salto system against cloning and replay attacks. We quantify the distribution and usage of cards that are vulnerable. To evaluate the risks to operational continuity, the system architecture is examined. Additionally, a trial implementation of the Gallagher Mobile Connect platform was conducted, utilising cloud registration, multi-factor authentication (PIN or biometrics), and books. Pilot implementation shows that mobile-based credentials improve user experience, align with AUT’s environmental sustainability roadmap, and increase resilience against known attacks. Results have shown that our proposed mobile credentials can improve the system performance up to 80%.Description
Source
Information, ISSN: 2078-2489 (Print); 2078-2489 (Online), MDPI AG, 16(12), 1073-1073. doi: 10.3390/info16121073
Publisher's version
Rights statement
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).