https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
    • Latest videos
    • Product Guides
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
    • Product Guides
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE Expo
    • Calendar of Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Public Safety


Locked But Is It Secure?

Locked But Is It Secure?

The most commonly used and least expensive method to control access to any facility's building perimeter and interior space is by use of mechanical locks
  • Written by Sean A. Ahrens, CPP, CSC
  • 1st June 2007

The most commonly used and least expensive method to control access to any facility’s building perimeter and interior space is by use of mechanical locks and keys. The lock and key is a simplistic methodology that is used today even in the most sophisticated access control systems. The methodology requires a lock, or mechanism that controls access. Access to the lock is authenticated by a credential or key that affirms the right to enter.

Historical perspective

Locks date back some 4,000 years ago to the ancient Egyptians, who developed a crude lock constructed of wood and other weaker materials. The ancient Romans developed the “warded” lock that involved a key inserted into the lock, with a center post within the lock aligning the key cuts to the corresponding “wards.” One of the biggest drawbacks to the warded lock was that it was relatively easy to pick.

In 1778, Robert Baron developed the lever tumbler lock involving multiple levers that had to be aligned simultaneously for the lock to operate. It could also be defeated by picking, but doing so required greater time and skill. In 1848, Linus Yale Sr. developed the pin tumbler lock, which was refined by his son in 1861, and is the basis for pin tumbler locks used today.

Pin tumbler locks

The pin tumbler works in a simple fashion. The lock itself has a number of individual driver pins, which are spring-loaded and correlate to the “biting” of the correct key. When a key with the correct biting is inserted into the lock, the pins align with the shear line, thus allowing the plug to turn and a bolt or latch to retract.

One of the advantages of a pin-tumbler lock is that it is possible to subdivide access to a grouping of doors by providing change keys within a master keying system. These levels of security ensure that change keys, which represent the lowest hierarchy of keying in a key system, will not be able to open doors that a person does not have access rights to. In turn, although change keys within a keying system may not operate all doors, a single key, called a grand master, great grand master or GMK key, can be used to open any door that is keyed within its level.

Locking threats

The most recognized threat to any type of lock and keyway is lock picking. Lock picking involves opening a lock without the key and without damaging the lock. In movies, the thief attempting to gain access to a lock unzips his “little black bag” and quickly gains access to a room or area by “picking” the lock. The reality is that lock picking is an art form; knowing how to pick a lock does not mean that you will be able to gain access to a lock quickly.

A more recent threat emerged in 2002. AT&T Labs Research released a white paper widely thought to reveal closely guarded locksmith secrets. The paper describes the theory of how to reverse-engineer a change key to make a master key for a pin tumbler lock. As we have learned, the change key can open fewer doors than the master key, which is capable of opening all doors associated with that specific master. This by itself is a great threat, but would still require a specific degree of knowledge and probably could only be carried out by a locksmith or equivalent.

The greatest threat to a mechanical lock and keyway would be if there were ways to manipulate a lock quickly without tools, without specific knowledge about locking systems and, finally, if this information were readily available, say on the Internet.

The reality of lock bumping

This hypothetical threat is a now a reality. The greatest threat to the pin tumbler lock is called “lock bumping.” It is a topic that has moved to the forefront as a result of the Web and media, and the prevalence of lock bumping information in mainstream media presents a potential security threat that legitimate users may not be aware of.

Some sources believe this technique was mastered in the 1970s, while others believe it occurred around the same time that the AT&T’s white paper was released.

Lock bumping is a type of lock picking that applies Isaac Newton’s third law of motion, “for every action, there is an equal and opposite reaction.” Lock bumping is reportedly so easy that children have successfully opened a pin tumbler style lock using the method. Persons wishing to bump a lock would either purchase the appropriate lock manufacturer “bump key” or “999 key” legally from an online retailer, or make it themselves. It is called a “999 key” because all biting(s) are cut to nine, the lowest or deepest biting value on a key. Once purchased or created, the key is inserted into the lock and is gently tapped with an instrument, generating force. The energy is transferred down the key, and with nowhere to go, it is transferred into the driver pins, which control the plug movement. The pins are driven upward, thereby creating a momentary gap between the shear line, allowing the plug to turn. Bumping a lock can be done in seconds. There are no special tools needed, and the most common online retailers sell sets of bump keys for less than $10. Worse, online tutorials can teach someone how to make their own bump key using tools readily available from many hardware stores.

Why is bumping a legitimate threat?

  • No knowledge or skill is needed to manipulate a lock using the bumping or rapping method.

  • Bump keys for all manufacturers are sold on the Internet.

  • The deterrent value has decreased, allowing a pin tumbler lock to be opened in a matter of minutes as opposed to a longer delay with conventional lock picking methods.

  • The use of the World Wide Web further promulgates this idea, which broadens the number of people who know about the threat, thereby creating more potential adversaries.

  • Other ramifications may include insurance coverage. Without a way to prevent forced entry, an insurance company would conclude that the lock was left unsecured and would associate this with negligence, which could be used by some insurance companies to exclude a loss on their policies.

Potential solutions

  • It might be time for a re-key for your organization. First, evaluate your keying system. If you determine that the locks used are susceptible to lock bumping, evaluate going to a more secure keyway.

  • Re-keying is expensive, so start from the outside of your facility and move inward. In some instances, a high security keyway can be blended with existing keying systems.

  • Consider re-keying or adding access control with door monitoring, in lieu of a mechanical lock, to all perimeter doors as well as other doors located internally that could present a security risk.

  • Identify if your locks are equipped with an Interchangeable Core (IC). Some ICs are compatible with higher security keyways that should reduce some costs.

  • When setting up your keying system, keep control of your grand master key and sub-compartmentalize master keys so fewer doors are affected by the loss of a single key.

  • Secure the master key with a digital key system or by “sealing” grand master keys that will identify usage and return dates. People who need to have master or grand master keys should have their key rings welded to reduce the ease of key duplication.

Ensure that all high-security keys have the words “Do not duplicate” on them. Legitimate locksmiths will honor and turn away persons who are attempting to have a high security or standard pin tumble key duplicated. However, for this reason, if a high security grand master key is lost, the whole system will have to be re-keyed to ensure security.

About the Author

Sean Ahrens, CPP, CSC, is a senior security consultant with Schirmer Engineering. He has more than 16 years of experience in the security industry, 11 of them as a practicing consultant. He has been responsible for providing security threat and risk analysis, contingency planning, loss prevention and force protection design and planning for private, public, state and governmental organizations. He can be reached at (847) 272-8340 or via e-mail at [email protected].

Tags: Public Safety

Most Recent


  • crisis
    Navigating crises with confidence: Five ways strategic plans support crisis response
    Some crises are short-lived, barging through our lives and routines, and before we can get a sense of what’s happened, we’re left dealing with the aftermath. But many crises build slowly, with many early warning signs, and once they’vehit their breaking point, panic and uncertainty overwhelm the ability of leaders to think clearly and mitigate […]
  • Electric scooter
    Research highlights safety tradeoffs of electric scooter speed limiters
    Since the first shared electric scooter program was launched in the United States five years ago, they’ve swarmed cities across the country due to their inexpensive cost, clean energy output and versatility as a last-mile transportation option. As their popularity has grown, regulating their usage on public roadways and streets has arisen as a complex […]
  • zero trust
    Zero trust is a great strategy but a terrible name
    The monthly town hall meeting was going well until they got to the agenda item called “zero trust.” What was to be a routine request for additional funding to implement a zero-trust environment quickly became one of confusion and misunderstanding. Trust in government at all levels has continued its downward spiral over the years. So, […]
  • Bloomberg Philanthropies announces $25K funding opportunity for 20 asphalt art projects
    Street and asphalt art is a proven way to beautify otherwise bland roadways while simultaneously making them safer. An initiative announced Tuesday by Bloomberg Philanthropies aims to bring more art to North American streets through another round of its Asphalt Art Initiative. Twenty individual grants of $25,000 each will be distributed to selected communities beginning […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 10 reasons why local governments should outsource all IT: Post pandemic view
  • How governments can keep employees safe as they return to work
  • Preventing cyber-attacks needs to be a priority for local governments
  • Building community and officer wellness through data sharing

White papers


5 reasons why Plan Examiners need Objective Trapeze

30th May 2023

7 Permitting & Licensing Fails Slowing Community Growth

24th May 2023

The Secret Ingredient to Local Government Employee Retention

23rd May 2023
view all

Webinars


How to Centralize and Build a Grants Management Process at your Organization

24th May 2023

Making Permitting Easier: What We’ve Learned Helping America’s Largest Cities Improve Their Permitting Process

16th May 2023

Digital Property Tax Collection: Tales from the Trenches of Modernization

16th May 2023
view all

PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

GALLERIES


Gallery: Annual index ranks America’s top performing cities; most are in the West

30th May 2023

Gallery: Top 10 American cities for seasonal and summer jobs

25th May 2023

Gallery: 10 of America’s most affordable cities

9th May 2023
view all

Twitter


AmerCityCounty

5 reasons why Plan Examiners need Objective Trapeze dlvr.it/Sptl5z

30th May 2023
AmerCityCounty

Navigating crises with confidence: Five ways strategic plans support crisis response dlvr.it/SptVKN

30th May 2023
AmerCityCounty

Gallery: Annual index ranks America’s top performing cities; most are in the West dlvr.it/SpszdK

30th May 2023
AmerCityCounty

2022 Crown Communities Award winner: Miami-Dade County Clerk of Courts’ jury selection system dlvr.it/SphCBk

26th May 2023
AmerCityCounty

Gallery: Top 10 American cities for seasonal and summer jobs dlvr.it/SpdFWy

25th May 2023
AmerCityCounty

How to leverage digital tools to drive innovation in government dlvr.it/Spcktb

25th May 2023
AmerCityCounty

With many cities facing a fiscal cliff as ARPA funding ends, debt ceiling debate continues on Capitol Hill dlvr.it/SpZLph

24th May 2023
AmerCityCounty

7 Permitting & Licensing Fails Slowing Community Growth dlvr.it/SpYqBS

24th May 2023

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.