Department of Computer Science and Engineering
CS 179i: Project in Computer
Science / Networks
Spring 2014
Suggested Topic: Adding Smart Phones as an alternative to magnetic cards for
door access systems
- Background on card-based access control systems
- All of you are familiar with the card-based access control
systems employed in BCOE
- There is a PC-based central controller which has a
database of allowable entry doors for every valid card-ID, and has
hard-wired connections to each card reader and remote-controlled door
lock in the building
- When a person wants to pass through one of its
controlled doorways (to enter the building, or a particular CS lab,
say), they swipe their card in the reader and wait for the system to
respond with a red light (failure/denial) or green light (door open)
- Meanwhile, the number encoded on the card is transmitted
from the card reader to the central controller and checked against the
database. If it recognizes the card as valid for this doorway at this
time, the controller releases the electric doorlock and illuminates the
green light; otherwise it illuminates the red light.
- In recent years, access control system have redesigned
their hardware to use remote modules (in charge of few nearby doorways)
connected to the central controller by powered Ethernet. Here are
several examples:
- This
one says nothing about encrypting the Etherent traffic
- Many others say they use encryption for their Ethernet
traffic (like OpenSSL for this
and 128-bit AES for this).
- In some cases, it appears that the remote modules can
function independently for short periods of time. However, the time
between updating the database until the new policy becomes active is
usually a few seconds.
- Now suppose you wanted to modify such an access control
system to allow people to run an app on their smart phone instead of
swiping a magnetic card. What would it take to
make this change while providing "equivalent security" to an existing
magnetic card-based system?
- Just as today's card-based system gives each user a serial
number (recorded on their personal magnetic card), the smart phone app
would include a unique serial number for each user. We can protect that
serial number with some sort of PIN, which is "good enough" compared to
the plain-text serial number on an easily-copied magnetic card.
- The system semantics merely say that a person who presents
a valid serial number to the access control system can enter the
controlled doorway. Thus, it shouldn't matter whether the number is
presented via card swipe or WiFi as
long as we can determine that the phone is at the same physical
location as the door. Let's assume the smart phone app talks to
the access control system through an encrypted connection, so its
serial number will not be exposed to eavesdroppers in the same area.
- In general, verifying the physical location of a device is
a hard problem if your solution must be strong enough to beat a
determined attacker. However, since magnetic cards are so easy to copy,
I think the bar is pretty low in this application. Thus the main issue
seems to be what to do if the user is confused and tries to open a door
in the next hallway or on the next floor, rather than the one in front
of them.
- To solve the confusion problem, we need the door to
provide some feedback during the process.
- For example, it would be possible for the access
control system to command the red/green lights on the requested door to
blink in a pseudorandom pattern and require the user to type that
pattern into their phone app.
- We can even use a few basic networking techniques to
provide some protection against a (weak) attacker
- Make sure the server to which the smart phone app must
connect is on a private network, behind a NAT gateway. That way, a user
can't easily connect to the server from far away to let a friend into
the building without giving him/her a copy of the app (or equivalently,
a copy of the magnetic card).
- Look for ways in whcih the access control system to
detect and log other nearby network activity that occurs at the same
time as a door-opening transaction.
- What work needs to be done.
- You do not need to have physical access to an real access
control system to do this project. Just assume you are
responsible for the additional software that runs on the central
controller and a smart phone, including the design of the application
layer protocol.
- To test the application, you will need to write a
secondary application that acts like a remote module. Arrange for
several copies of the remote module application to execute on different
PCs in a CS lab, where they display a window that displays the room
number it controls, shows the status of the door ("LOCKED" or
"UNLOCKED"), and wheter the red and green lights on the card reader are
on or off. The remote modules should be connected with your server and
wait for it to send them commands. Meanwhile, your smart phone
app would need to establish a connection to the server and request the
opening of a specific door, then carry out your protocol.
- Remember to check that your protocol is smart enough to
prevent a "replay attack".