Print Email Facebook Twitter Physical Location of Smart Key Activators Title Physical Location of Smart Key Activators: A Building Security Penetration Test Author Bullée, Jan Willem (University of Twente) Montoya Morales, A.L. (University of Twente) Junger, M. (University of Twente) Hartel, P.H. (TU Delft Cyber Security) Date 2018 Abstract Purpose – When security managers choose to deploy a smart lock activation system, the number of units needed and their location needs to be established. This study presents the results of a penetration test involving smart locks in the context of building security. We investigated how the amount of effort an employee has to invest in complying with a security policy (i.e. walk from the office to the smart key activator) influences vulnerability. In particular, the attractiveness of a no-effort alternative (i.e. someone else walking from your office to the key activators to perform a task on your behalf) was evaluated. The contribution of this study relates to showing how experimental psychology can be used to determine the cost-benefit analysis (CBA) of physical building security measures.Design/methodology/approach – Twenty-seven different ‘offenders’ visited the offices of 116 employees. Using a script, each offender introduced a problem, provided a solution and asked the employee to hand over their office key.Findings – A total of 58.6% of the employees handed over their keys to a stranger; no difference was found between female and male employees. The likelihood of handing over the keys for employees close to a key activator was similar to that of those who were further away.Research limitations/implications – The results suggest that installing additional key activators is not conducive to reducing the building’s security vulnerability associated with the handing over of keys to strangers.Originality/value – No research seems to have investigated the distribution of smart key activators in the context of a physical penetration test. This research highlights the need to raise awareness of social engineering and of the vulnerabilities introduced via smart locks (and other smart systems). Subject Building layoutBuilding ManagementDistance decaySmart keySecuritySocial engineering To reference this document use: http://resolver.tudelft.nl/uuid:cb2eb4bb-b829-442c-b2ca-8fa77da04f8e DOI https://doi.org/10.1108/JCRE-05-2017-0014 ISSN 1463-001X Source Journal of Corporate Real Estate, 20 (2), 138-151 Bibliographical note Accepted Author Manuscript Part of collection Institutional Repository Document type journal article Rights © 2018 Jan Willem Bullée, A.L. Montoya Morales, M. Junger, P.H. Hartel Files DOCX 41371677_Physical_Locatio ... final.docx 1.26 MB Close viewer /islandora/object/uuid:cb2eb4bb-b829-442c-b2ca-8fa77da04f8e/datastream/OBJ/view