Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

The anatomy of an access control reader: a cybersecurity perspective

Jones, Peter, Williams, Lowri and Anthi, Eirini 2026. The anatomy of an access control reader: a cybersecurity perspective. Journal of Cybersecurity 12 (1) , tyag008. 10.1093/cybsec/tyag008

[thumbnail of tyag008.pdf]
Preview
 PDF - Published Version
Available under License Creative Commons Attribution.
Download (2MB) | Preview

Abstract

Access control readers are the first line of defence for organizations to restrict access to their facilities to the people who are supposed to be there. Such readers represent a major investment for organizations and are replaced every 7–10 years. The choice of reader and credential made at the time the system was designed and installed may be vulnerable to an array of attacks, such as credential cloning and data transmission exploits, which would allow a threat actor to pass through an entrance undetected. Once the threat actor has entered the building, the people and/or assets that the organization are responsible for are at risk. Access control readers have a number of interfaces based on different technologies that may be attacked to learn more about the configuration and other features of the device. This information may then be used to craft an attack on a real system. To the best of our knowledge, this is the first paper that outlines the various technologies incorporated into these products and draws upon this data to present the first model of the contemporary access control reader. The model is then further developed by considering the cybersecurity implications of each of the technologies found in an access control reader. Finally, based on known attack vectors, the model may be used as a risk assessment framework for readers and credentials. From this foundation, a series of further research topics are then proposed.

Item Type: Article
Date Type: Published Online
Status: In Press
Schools: Schools > Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Publisher: Oxford University Press
ISSN: 2057-2085
Date of First Compliant Deposit: 18 March 2026
Date of Acceptance: 18 February 2026
Last Modified: 19 Mar 2026 09:15
URI: https://orca.cardiff.ac.uk/id/eprint/185831

Actions (repository staff only)

Edit Item Edit Item
Altmetric
Dimensions
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University IT