Containerized attribute‑based access control system using digital keys

Abstract

The Containerized Attribute-Based Access Control System (ABACS) using Digital Keys provides an efcient means of granting or revoking access to users in residential and commercial buildings. Majorly used credential technologies show an absence of encryption capabilities, performance challenges and present a lack of proper scalability. The proposed system, ABACS, ofers a container-based access control solution with enhanced security, scalability and performance, via a userfriendly management, and a convenient mobile application. ABACS system Authentication, integrity, and confdentiality are guaranteed using multiple security methods, including a Trusted Execution Environment (TEE) for safe digital key encryption, and the Transport Layer Security (TLS) protocol for secure channel communication, supported by a digital certifcate. Performance is achieved through the use of the Constrained Application Protocol (CoAP) for embedded system internet communication, and the Near-Field Communication (NFC) channel for quick digital key sharing. Access control and user management is achieved using the Attribute-Based Access Control (ABAC) model deployed on-premise. ABACS applies the principles of containerization to enable modularity, service isolation, and horizontal scalability, critical features for supporting large-scale system distribution. ABACS efectively mitigates major attack vectors, including man-in-the-middle, replay (both internet and NFC), credential cloning, and unauthorized mobile access through a combination of per-session nonces, TLS/DTLS-secured channels, tamper-aware embedded controllers, and backend-enforced policies. These layered protections ofer stronger guarantees compared to prior systems, many of which overlook or partially address such threats. Performance evaluations confrm ABACS’s backend is both scalable and responsive. In sequential request handling, ABACS processes requests at least ten times faster than iPACS. Under concurrent load, it maintains more than double the throughput, demonstrating robust system efciency and supporting real-world multi-user environments. In terms of user-friendliness, ABACS delivers a streamlined and intuitive mobile experience. Users register and authenticate with minimal efort through biometric and login credentials, avoiding the friction of manual security code entry or reliance on physical Radio-Frequency Identifcation (RFID) cards. This modern design improves usability and adoption while maintaining strong security guarantees