Authors : Ifeanyichukwu Uchechukwu Akpara; Otugene Victor Bamigwojo; Lawrence Anebi Enyejo; Gamaliel Ibuola Olola

Volume/Issue : Volume 11 - 2026, Issue 3 - March

Google Scholar : https://tinyurl.com/4yyu6sf2

Scribd : https://tinyurl.com/yc2h4wth

DOI : https://doi.org/10.38124/ijisrt/26mar1769

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Secure and verifiable attendance management systems are essential in institutional environments where identity assurance, authorization control, and audit accountability are critical. Conventional attendance solutions based on manual registers, static RFID identifiers, or standalone biometric systems suffer from replay vulnerabilities, cloning risks, weak authorization enforcement, and non-verifiable logging mechanisms. This study proposes and experimentally validates a Secure NFC-Based Attendance System integrating mutual authentication using nonce-based protocols, a Role-Aware Access Control (RAAC) model, and a cryptographically verifiable audit trail framework. The RAAC model extends classical RBAC by incorporating contextual constraints such as time and locationinto a formally defined authorization function, ensuring context-sensitive privilege enforcement and preventing unauthorized role activation. Audit integrity is guaranteed through hash-chain logging, where each record is cryptographically linked to its predecessor, constant-time authorization complexity, and scalable throughput exceeding operational benchmarks. Security analysis confirms strong resistance against replay, relay, cloning, privilege escalation, and log tampering attacks. The results establish that robust cryptographic authentication, formalized authorization logic, and verifiable audit mechanisms can be integrated without compromising real-time performance. The framework provides a scalable and compliance-ready solution for secure attendance management in academic and enterprise environments.

Keywords : Secure NFC Authentication; Role-Aware Access Control (RAAC); Hash-Chain Audit Logging; Tamper-Evident Systems; Performance–Security Trade-Off

References :

1. Avoine, G., Ferreira, B., & Lauradoux, C. (2017). Security and privacy in RFID systems. IEEE Security & Privacy, 15(1), 44–51.
2. Bellare, M., & Yee, B. (1997). Forward integrity for secure audit logs. Technical Report, University of California, San Diego.
3. Bertino, E., Bonatti, P. A., & Ferrari, E. (2001). TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security, 4(3), 191–233.
4. Cachin, C., & Vukolić, M. (2017). Blockchain consensus protocols in the wild. Proceedings of the 31st International Symposium on Distributed Computing.
5. Crosby, S. A., & Wallach, D. S. (2009). Efficient data structures for tamper-evident logging. USENIX Security Symposium Proceedings, 317–334.
6. European Parliament & Council. (2016). Regulation (EU) 2016/679 (General Data Protection Regulation). Official Journal of the European Union.
7. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3), 224–274.
8. Francillon, A., Danev, B., & Capkun, S. (2011). Relay attacks on passive keyless entry and start systems in modern cars. NDSS Symposium Proceedings.
9. Haber, S., & Stornetta, W. S. (1991). How to time-stamp a digital document. Journal of Cryptology, 3(2), 99–111.
10. Hancke, G. P. (2005). A practical relay attack on ISO 14443 proximity cards. University of Cambridge Computer Laboratory Technical Report.
11. Haselsteiner, E., & Breitfuß, K. (2006). Security in near field communication (NFC). Workshop on RFID Security.
12. Hu, V. C., Kuhn, D. R., & Ferraiolo, D. F. (2015). Attribute-based access control. Computer, 48(2), 85–88.
13. ISO/IEC. (2013). ISO/IEC 27001:2013S Information security management systems — Requirements. International Organization for Standardization.
14. ISO/IEC. (2018). ISO/IEC 14443-1/2/3/4: Identification cards — Contactless integrated circuit cards — Proximity cards. International Organization for Standardization.
15. Jain, A. K., Ross, A., & Nandakumar, K. (2016). Introduction to biometrics. Springer.
16. Jalloh, M. S., & Bamigwojo, O. V. (2023). Data-driven decision support systems for enhancing manufacturing productivity. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 10(2), 440-449.
17. Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394.
18. Khan, M. A., Alvi, A. N., & Malik, M. I. (2020). Design and implementation of automated attendance management systems. International Journal of Advanced Computer Science and Applications, 11(4), 112–119.
19. Kuhn, D. R., Coyne, E. J., & Weil, T. R. (2010). Adding attributes to role-based access control. Computer, 43(6), 79–81.
20. Ratha, N. K., Connell, J. H., & Bolle, R. M. (2001). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3), 614–634.
21. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47.
22. Sanmori, M. T. (2024). AI-Driven Functional Independence Prediction and Assistive Technology Optimization to Reduce Medicare Expenditures Among Older Adults in the United States. International Journal of Scientific Research and Modern Technology, 3(11), 186–205. https://doi.org/10.38124/ijsrmt.v3i11.1295
23. Schneier, B., & Kelsey, J. (1999). Secure audit logs to support computer forensics. ACM Transactions on Information and System Security, 2(2), 159–176.
24. Stallings, W. (2018). Cryptography and network security: Principles and practice (7th ed.). Pearson.
25. Usoro, S. O. & Amunigun, A.A. (2024). Public–Private Partnerships in Strengthening Rural Food Supply Chains: A Financial and Operational Model for Federal Collaboration, Int J Sci Res Sci Eng Technol, vol. 11, no. 2, pp. 645–659, Mar. 2024, doi: 10.32628/IJSRSET2512186.
26. Usoro, S. O., Galadima, E. R., & Adogwa, O. H. (2025). Cold Chain Logistics Optimization: Integrating IoT and Data Analytics to Reduce Post-Harvest Loss in the United States Perishable Food Supply Chain: A Case Study of Dole Food Company International Journal of Scientific Research in Science & Technology, vol. 12, no. 2, pp. 1452–1468, https://doi.org/10.32628/IJSRST251263207