Department of Computer Science and Engineering

CS 179i: Project in Computer Science / Networks

All of you are familiar with the card-based access control systems employed in BCOE

There is a PC-based central controller which has a database of allowable entry doors for every valid card-ID, and has hard-wired connections to each card reader and remote-controlled door lock in the building
When a person wants to pass through one of its controlled doorways (to enter the building, or a particular CS lab, say), they swipe their card in the reader and wait for the system to respond with a red light (failure/denial) or green light (door open)
Meanwhile, the number encoded on the card is transmitted from the card reader to the central controller and checked against the database. If it recognizes the card as valid for this doorway at this time, the controller releases the electric doorlock and illuminates the green light; otherwise it illuminates the red light.

In recent years, access control system have redesigned their hardware to use remote modules (in charge of few nearby doorways) connected to the central controller by powered Ethernet. Here are several examples:

This one says nothing about encrypting the Etherent traffic
Many others say they use encryption for their Ethernet traffic (like OpenSSL for this and 128-bit AES for this).

In some cases, it appears that the remote modules can function independently for short periods of time. However, the time between updating the database until the new policy becomes active is usually a few seconds.

Now suppose you wanted to modify such an access control system to allow people to run an app on their smart phone instead of swiping a magnetic card. What would it take to make this change while providing "equivalent security" to an existing magnetic card-based system?

Just as today's card-based system gives each user a serial number (recorded on their personal magnetic card), the smart phone app would include a unique serial number for each user. We can protect that serial number with some sort of PIN, which is "good enough" compared to the plain-text serial number on an easily-copied magnetic card.
The system semantics merely say that a person who presents a valid serial number to the access control system can enter the controlled doorway. Thus, it shouldn't matter whether the number is presented via card swipe or WiFi as long as we can determine that the phone is at the same physical location as the door. Let's assume the smart phone app talks to the access control system through an encrypted connection, so its serial number will not be exposed to eavesdroppers in the same area.
In general, verifying the physical location of a device is a hard problem if your solution must be strong enough to beat a determined attacker. However, since magnetic cards are so easy to copy, I think the bar is pretty low in this application. Thus the main issue seems to be what to do if the user is confused and tries to open a door in the next hallway or on the next floor, rather than the one in front of them.

To solve the confusion problem, we need the door to provide some feedback during the process.

For example, it would be possible for the access control system to command the red/green lights on the requested door to blink in a pseudorandom pattern and require the user to type that pattern into their phone app.

We can even use a few basic networking techniques to provide some protection against a (weak) attacker

Make sure the server to which the smart phone app must connect is on a private network, behind a NAT gateway. That way, a user can't easily connect to the server from far away to let a friend into the building without giving him/her a copy of the app (or equivalently, a copy of the magnetic card).
Look for ways in whcih the access control system to detect and log other nearby network activity that occurs at the same time as a door-opening transaction.

You do not need to have physical access to an real access control system to do this project. Just assume you are responsible for the additional software that runs on the central controller and a smart phone, including the design of the application layer protocol.

To test the application, you will need to write a secondary application that acts like a remote module. Arrange for several copies of the remote module application to execute on different PCs in a CS lab, where they display a window that displays the room number it controls, shows the status of the door ("LOCKED" or "UNLOCKED"), and wheter the red and green lights on the card reader are on or off. The remote modules should be connected with your server and wait for it to send them commands. Meanwhile, your smart phone app would need to establish a connection to the server and request the opening of a specific door, then carry out your protocol.
Remember to check that your protocol is smart enough to prevent a "replay attack".