Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
projects:rfid_door_lock [2016/10/06 01:10] jayd |
projects:rfid_door_lock [2016/12/06 11:09] (current) dolf |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| - | Ryan from a small BPO in Dumaguete asked Project NightOwl, a technology incubator and hacker space at Foundation University, Dumaguete, to develop an RFID-based authentication and authorization method for a single door to their data center. Since NightOwl already started doing this for their own lab, extending it to a BPO where the internet infrastructure is already provisioned by Foundation University, is feasible. This is an ideal project for NightOwl to take on, since it involves R&D and prototyping based on knowledge and experience already partially obtained. It also provides the students of FU with an ideal opportunity to get working experience in a product development project for a real client, including the whole project management, quality control and documentation process. Lastly, the client is very interested in the concept of the NightOwl incubator/hacker-space and is happy to support it by providing some additional budget that can be used to buy additional tools/materials for NightOwl. | + | Pacific Business Services in Dumaguete City inquired with Project NightOwl, a technology incubator and hacker space at Foundation University, Dumaguete City, to develop an RFID-based authentication and authorization system to secure access to their office space. Since NightOwl had already started working on this to secure access to the lab space, extending the existing project to matching the requirements or commercial application is the logical next step. |
| + | |||
| + | This is an ideal project for NightOwl to take on as it involves Research & Development as well as prototyping based on knowledge and experience present within the team. It also provides the students of Foundation University with an ideal opportunity to get working experience in a product development project for a real client, including the whole project management, quality control and documentation process. Lastly, the client is very interested in the concept of the NightOwl incubator/hackerspace and is extending support by providing additional budget that can be used to buy tools/materials for the NightOwl space. | ||
| + | |||
| + | Since this project will be used as part of a commercial operation the quality standards are set much higher than for any prototyping done for internal use. Details are important and bugs are to be solved promptly. Code quality and security are important aspects. | ||
| + | |||
| + | Project requirements: | ||
| + | * Use only Open Source Software (OSS/FOSS) | ||
| + | * Any software created as part of the project is to be released publicly under an OSS license | ||
| + | * To ensure that the system can easily be extended at the university the same RFID cards are to be used | ||
| + | * Include safety measures in case of calamities | ||
| + | |||
| + | ===== Backlog ===== | ||
| + | * [[projects:rfid_door_lock:backlog:change_reader|Users want to use their FU-issued ID cards for access control]] | ||
| + | * [[projects:rfid_door_lock:backlog:arduino_ethernet|The communication between the doors and the server needs to be done through the network]] | ||
| + | * [[projects:rfid_door_lock:backlog:encryption|The webapplication needs to use encryption to make it more secure]] | ||
| + | * [[projects:rfid_door_lock:backlog:testing|We want to create a testing setup to assure product quality]] | ||
| + | * [[projects:rfid_door_lock:backlog:gorups|Users need to be divided into groups with different permissions]] | ||
| + | * [[projects:rfid_door_lock:backlog:backup_power|Each door needs to have a backup power supply in case of power failure]] | ||
| + | * [[projects:rfid_door_lock:backlog:credentials_cache|Each door needs to contain a cache of recently allowed cards in case of communication failure with the server]] | ||
| + | * [[projects:rfid_door_lock:backlog:powerful_servo|The door lock mechanism needs to be more powerful in order to minimize technical difficulties with the servo]] | ||
| + | * [[projects:rfid_door_lock:backlog:multiple_doors|Different doors/locations need to be controlled from the same application]] | ||
| + | * [[projects:rfid_door_lock:backlog:new_housing|The users want a smaller and nicer looking housing on the doors with access control]] | ||
| + | * [[projects:rfid_door_lock:backlog:different_lock|Users want to leave the room without worrying about the door properly locking]] | ||
| - | Since this project will be used in functioning company where security is essential, the quality standards of this project must be much higher than would be allowed internally at NightOwl. Details are important and bugs should be solved promptly. Code quality and security are important aspects. | ||
| - | Client requirements: | ||
| - | * Open Source as much as possible | ||
| - | * Secure | ||
| - | * Use same ID cards as FU | ||
| ===== Project Scope and Requirements ===== | ===== Project Scope and Requirements ===== | ||
| - | The overall goal is to provide a secure, easy to use and extensible integrated system of hardware and software for a locking mechanism, RFID based authentication, database based authorization and a web-based management application of these components, including an auditing trail. The system should be built securely to prevent un-authorized access and tampering, and be extensible so additions to the software and hardware may be made later on, both for that location, and for other locations. | + | The overall goal is to provide a secure, easy to use and extensible integrated system of hardware and software for a locking mechanism, RFID based authentication, database driven authorization and a web-based management application of these components, including an audit log. The system should be built securely to prevent unauthorized access and tampering, and be modular so additions to the software and hardware may be made at a later point. Last but not least safety measures have to be developed to ensure safe operation during emergency situations including, fires, flooding or earthquakes. |
| ==== Software ==== | ==== Software ==== | ||
| - | * Use existing open source software as much as possible | + | * Make use of existing open source software (do not reinvent the wheel) |
| * Devise a plan for security updates of the used software | * Devise a plan for security updates of the used software | ||
| * A secure and simple web-application is needed that provides: | * A secure and simple web-application is needed that provides: | ||
| * Authentication management (register and remove ID's) | * Authentication management (register and remove ID's) | ||
| - | * Authorization management (record which users are allowed to do what) | + | * Authorization management (record which users are allowed to do authenticate at specific door locks) |
| - | * Audit trail (show who accessed which resources when) | + | * Audit log (show who accessed which resources at what time) |
| * Employ rigid testing and CI practices to ensure code quality | * Employ rigid testing and CI practices to ensure code quality | ||
| - | * Ensure user's privacy by not providing any information about cards and users to unauthorized user | + | * Ensure user's privacy by not providing any information about cards and users to unauthorized users |
| - | * Regular backups | + | * Backup & Restore functionality |
| ==== Hardware ==== | ==== Hardware ==== | ||
| - | * A secure lock that is tamper proof from the outside | + | * A secure lock that is tamper proof from the outside and inside |
| * An RFID scanner that has the same frequency as the FU cards (13.56Mhz) | * An RFID scanner that has the same frequency as the FU cards (13.56Mhz) | ||
| - | * A network connected controller that is capable of handling authentication, authorization and serving the webapplication | + | * A network connected controller that is capable of handling authentication, authorization and serving the web application |
| + | * Include a method to open the door quickly from the inside in case of power failure or other calamities | ||
| ==== Possible future additions ==== | ==== Possible future additions ==== | ||
| * Authentication and authorization from other sources (LDAP/AD, centralized databases, etc) | * Authentication and authorization from other sources (LDAP/AD, centralized databases, etc) | ||
| * Centralized authentication and authorization database in case of multiple readers | * Centralized authentication and authorization database in case of multiple readers | ||
| - | * Touch screen interface to the authentication/authorization/audit-trail management application | + | * Touch screen interface to the authentication/authorization/audit-log management application |
| {{:projects:design.png?300|}} | {{:projects:design.png?300|}} | ||
| Line 48: | Line 67: | ||
| Below are the actually required materials for the client. In agreement with Ryan we will later on add extra materials or some equipment to add to our own supply. | Below are the actually required materials for the client. In agreement with Ryan we will later on add extra materials or some equipment to add to our own supply. | ||
| - | ^ Item ^ Links ^ Comments ^ Price (USD) ^ Quantity ^ Total ^ | + | ^ Item ^ Links ^ Comments ^ Price (USD)^ Quantity^ Total^ |
| - | |Raspberry Pi 3 or alternative controller | http://ph.rs-online.com/web/p/processor-microcontroller-development-kits/8968660/ | | 40.95 | 2 | 81.90 | | + | |Raspberry Pi 3 or alternative controller | http://ph.rs-online.com/web/p/processor-microcontroller-development-kits/8968660/ | | 45.00| 2| 90.00| |
| - | |Role of 3D printing filament| https://www.olx.ph/item/3d-printer-filaments-3-0mm-ID6NmZy.html?p=7&h=866709ada5#866709ada5| |25.87 | 1| 25.87 | | + | |Role of 3D printing filament| https://www.olx.ph/item/3d-printer-filaments-3-0mm-ID6NmZy.html?p=7&h=866709ada5#866709ada5| | 30.00.00| 1| 30| |
| - | |5.1V, 1 Output, Micro USB Plug In Power Supply, 2.5A, 13W Official Raspberry Pi Power Supply | http://ph.rs-online.com/web/p/plug-in-power-supply/9098135/| | 9.63| 2 | 19.26 | | + | |5.1V, 1 Output, Micro USB Plug In Power Supply, 2.5A, 13W Official Raspberry Pi Power Supply | http://ph.rs-online.com/web/p/plug-in-power-supply/9098135/| | 12.50| 2| 25.00| |
| - | |RFID Reader | https://www.sparkfun.com/products/10126|13.56-MHz | 29.95| 2 | 59.90 | | + | |RFID Reader | https://www.sparkfun.com/products/10126|13.56-MHz | 35.00| 2| 70.00| |
| - | |Servo | https://www.sparkfun.com/products/9347 | Use the same or stronger as we have at the lab | 13.95 | 2 | 27.90 | | + | |Servo | https://www.sparkfun.com/products/9347 | Use the same or stronger as we have at the lab | 15.00| 2| 30.00| |
| - | |Lock | Dumaguete City,Citi Hardware Store | Lock for a good quality lock, not tampering from the outside, no key outside, possible to interface with servo | 31.08| 1 | 31.08 | | + | |Lock | Dumaguete City,Citi Hardware Store | Lock for a good quality lock, not tampering from the outside, no key outside, possible to interface with servo | 35.00| 1 | 35.00| |
| - | |IFixit Pro Tech Toolkit | https://www.ifixit.com/Store/Parts/Pro-Tech-Toolkit/IF145-307-1 | | 110 | 1| 110 | | + | |IFixit Pro Tech Toolkit | https://www.ifixit.com/Store/Parts/Pro-Tech-Toolkit/IF145-307-1 | | 110.00| 1| 110.00| |
| - | ^Total USD ^ ^ ^ ^ ^ 356^ | + | |Contribution to NightOwl | | | 205.00| 1| 205.00| |
| - | ^Total PHP ^ ^ ^ ^ ^ 17166^ | + | ^Total USD ^ ^ ^ ^ ^ 595.00^ |
| - | + | ^Total PHP ^ ^ ^ ^ ^ 28940.00^ | |
| - | ===== Milestones ===== | + | |
| - | ^ Milestone ^ Title ^ Comments ^ Due date ^ | + | |
| - | | 1. | Draft proposal | discuss and get ok from client. Include budget and planning. | | | + | |
| - | | 2. | Final proposal | | | | + | |
| - | | 3. | Security and privacy evaluation | All physical and electronic vulnerabilities identified and addressed | | | + | |
| - | | 4. | RFID reader and controller design | | | | + | |
| - | | 5. | Management application design | | | | + | |
| - | | 6. | Testing plan | Requirements for testing the system and judge it successful | | | + | |
| - | | 7. | First prototype | Both hardware and software developed and installed | | | + | |
| - | | 8. | First prototype tested and design adjusted | After proper testing, adjust design according to test results | | | + | |
| - | | 9. | Final prototype | Final prototype developed and installed | | | + | |
| - | | 10. | Test period for final prototype completed and evaluated | After a trial period for the customer, evaluate the prototype and adjust design | | | + | |
| - | | 11. | Final version developed and installed | | | | + | |
| - | ===== Work breakdown ===== | + | |
| - | Milestone 1 | + | |
| - | * Research existing (open source) tools and software for reading RFID tags | + | |
| - | * Roughly research different protocols, standards and tools for RFID communication and authentication, resulting in a list with short description of the tools | + | |
| - | * Research rough list of required tools and materials | + | |
| - | * Finalize our list of requirements | + | |
| - | * Make a material list and budget | + | |
| - | * Make a project planning (dates on the milestones) | + | |
| - | * Finalize this project proposal | + | |
| - | * Discuss proposal with client | + | |
| - | * Discuss client requirements | + | |
| - | + | ||
| - | Milestone 2 | + | |
| - | * Adjust proposal | + | |
| - | * Discuss proposal with client and get final OK | + | |
| - | + | ||
| - | Milestone 3 | + | |
| - | * Evaluate potential physical attack vectors (tampering with the hardware) | + | |
| - | * Evaluate potential local software attack vectors | + | |
| - | * Evaluate potential remote software attack vectors | + | |
| - | * Evaluate potential privacy flaws | + | |
| - | * Make software security management plan (signaling and updating security updates) | + | |
| - | + | ||
| - | Milestone 4 | + | |
| - | * Study different standards and protocols regarding RFID/NFC authentication | + | |
| - | * Research the possibilities for the connection of the controller to the door lock | + | |
| - | * Research different libraries for RFID-reader/controller communication | + | |
| - | * Research different hardware components, their functioning and available libraries and tools | + | |
| - | * Create a technical design for the RFID reader, it's controller and the lock | + | |
| - | + | ||
| - | Milestone 5 | + | |
| - | * Research different open-source authentication and authorization packages supporting RFID | + | |
| - | * Make a technical design of the management software | + | |
| - | + | ||
| - | Rest: | + | |
| - | * Get a final OK for the the designs | + | |
| - | * Order parts | + | |
| - | * Start writing software | + | |
| - | * Make a software and hardware testing plan | + | |
| - | * Install first prototype | + | |
| - | * Train the client on use of the prototype | + | |
| - | * Test first prototype | + | |
| - | * Adjust design, hardware and software according to test results | + | |
| - | * Install final prototype | + | |
| - | * Let user evaluate the system for a while | + | |
| - | * Evaluate the system with the user in a feedback session | + | |
| - | * Create the final version based on the client's feedback | + | |
| - | * Install and test the final version | + | |
| ===== Design ===== | ===== Design ===== | ||
| Line 127: | Line 84: | ||
| * Controller | * Controller | ||
| * Authentication and Authorization protocols and software (See also {{ :projects:privacy-preserving_authorized_rfid_authentication_protocols.pdf | the article on Privacy Preserving Authorized RFID Authentication Protocols}}) | * Authentication and Authorization protocols and software (See also {{ :projects:privacy-preserving_authorized_rfid_authentication_protocols.pdf | the article on Privacy Preserving Authorized RFID Authentication Protocols}}) | ||
| - | * Management webapplication | + | * Management web application |
| * Security and privacy | * Security and privacy | ||
| - | * | ||
| ===== Progress ===== | ===== Progress ===== | ||
| - | We made a 3D design for the connection between the servo and the lock, and a design for the mounting of the servo to the door. The files can be found on https://github.com/Waterspace/servo-lock-mount. If you click on the stl files, github shows you an interactive 3D view of the model. | + | * Students have started on the code side of the management and authentication application. |
| - | + | * We made a 3D design for the connection between the servo and the lock, and a design for the mounting of the servo to the door. The files can be found on https://github.com/Waterspace/servo-lock-mount. If you click on the stl files, github shows you an interactive 3D view of the model. | |
| - | The model has been printed, and after some tweaking, a heat gun and superglue we got it to fit! So now we need to create a casing for the electronics and hook everything up! | + | * The model has been printed, and after some tweaking, a heat gun and superglue we got it to fit! So now we need to create a casing for the electronics and hook everything up! {{:projects:servo_lock_mount.jpg?400|}} |
| - | + | * The code for the current arduino version [[https://github.com/Waterspace/arduino-rfid-lock|can be found on github]]. | |
| - | {{:projects:servo_lock_mount.jpg?400|}} | + | |
| - | + | ||
| - | The code for the current arduino version [[https://github.com/Waterspace/arduino-rfid-lock|can be found on github]]. | + | |
| ===== Interesting links ===== | ===== Interesting links ===== | ||
