Bring your own authenticator/authentication security in physical access control systems

This work focuses on providing an efficient methodology for threat modelling of complex systems in their architectural design phase. The methodology, architectural threat analysis, along with new concepts for Bring Your Own Device (BYOD), specific to access control systems are provided. Scenarios based on the definitions of these new concepts, Bring Your Own Authenticator (BYOAuthenticator) and Bring Your Own Authentication (BYOAu- thentication), have been incorporated as the basis of an architectural threat analysis for the usage of mobile devices in Physical Access Control Systems (PACS). Throughout the conduct of such an analysis, a combination of different threat mod- elling tools, namely attack trees and STRIDE threat lists, have been considered in an iterative fashion. The resulting detailed, step-by-step analysis, reveals high-level threats and relevant mitigation considerations. The study contributes to secure-by-design concept by providing an efficient and re- peatable high-level architectural threat analysis methodology, as well as reusable BYOD terminologies, BYOAuthenticator and BYOAuthentication, including scenarios based on them. Architectural constructs based on these scenarios for a PACS, involving BYOD and biometrics, followed by their threat analysis, is a first and can be considered as a foundation for future studies.