Multi-Factor Authentication For Physical Access:- An IoT-Cyber Security project

An Arduino Based Cyber Security project for Multi-Factor authentication for improving physical access

This is the most basic implementation of cyber security and IoT mixed project. The idea here is to address the inefficiency and failure probability of already existing access control measures implemented for governing physical access to sensitive locations

Photo by Danielle Rice on Unsplash

Why ?😕

For a long time, access to sensitive locations is controlled in these ways

• RFID based ID card, which once tapped on the reader, grants access to the facility
• Fingerprint scanner which is a good security measure but becomes slow as its database storing fingerprint data increases and also there are ways to bypass fingerprint scanner.
• Pin-based inputs give access to the sensitive location once the correct pin is entered but again it is vulnerable if proper security measures are not taken like brute force protection or improper pin length policy.
• Cameras/facial recognition is being increasingly adopted these days for access control mechanisms but is slow and vulnerable to various security problems.

Each one of these has some or the other problem. Fixing security loopholes is one solution but new ones keep on arising every day. In this case, instead of having one access control measure, why not implement 2 or more controls at one point.

How❓

Its most basic implementation is possible by using Arduino. Though the initial implementation is effortless, the real challenge would be to modify the default code to solve our aim of providing better security. While this blog will cover the part of getting things up and working, the next one would be focused on adding security features to the code.

Let's start!!

Materials Required

• Arduino Uno (Or any other appropriate board)
• RFID sensor (mrfc522)
• Keypad
• Jumper cables
• LED (optional)
• Buzzer (optional)

Flow Chart

Fig:- Flow chart for the project

Flow of our program will be as follows

• User is asked for a PIN.
• If the user enters incorrect pin, then start again
• If the correct pin is entered then activate the RFID sensor and look for card inputs
• If incorrect card corresponding to pin is entered, then start the entire process again
• If correct card input is given, then grant access to facility

This will be the most basic flow of our project.

Let's build!!

Before taking a straight dive into building a working model, let us understand the libraries associated with the modules that we are going to use. To keep things simple, we are going to use RFID and a keypad for our authentication purpose which will give you basic understanding of how to implement things. If you are interested in making this project then you are free to use and customize the code I am using. Also, this project can be scaled and modified to use different authentication supporting modules as well.

Libraries required to build this project are

• Keypad.h
• MRFC522.h (RFID library)
• SPI.h (Serial peripheral interface library for communicating with peripheral devices)

I will be using Arduino IDE and I suggest you use this as well. Libraries mentioned above might not be present by default so you can download them easily by going to Sketch>Include Library > Manage Libraries. Here library manager opens and you can search for libraries given above and install them. Now lets look at programming part and let us understand the flow. First keypad input will be provided, if correct then it unlocks RFID module and then RFID is checked.

Code for working of this project

Above code is long but does the job. To understand it in a better way,

• we are first initializing all the integers and modules required for this project.
• Then comes the setup() function in which we are telling Arduino that what is connected to which pin number and what will be the initial states of those peripherals
• After this is void Loop() function which houses our real code. In this first we are activating keypad and looking for inputs. Once input is received, it is then checked for correctness. If pin provided is correct then we are setting RFID_mode to 1 which will activate RFID function
• Once RFID function is activated, it will check for cards recursively. Once card is detected over the sensor, then its contents are copied and compared with already registered cards. If correct card is provided then access is granted.

Making Connections and Circuit Diagram

1st, enter correct pin which unlocks rfid sensor indicated by yellow led (pin 6). Then RFID sensor scans for registered rfid card which will light up the green LED (pin 3) if correct card is provided. If you are planning to implement this on door, then replace green led with RELAY or Magnetic Lock or Servo.

6111746025645410163.mp4

Done? Is this justified? 🙈

No, its not done. I mentioned in the very beginning that this will have involvement of cyber security. As of now, our code is too basic and Vulnerable. Problems identified by me are

• Keypad pin visible as is in the code
• RFID sensor spits out card data on serial monitor
• Ability to add new cards
• To implement hashing for storing pin
• Bruteforce protection missing for keypad entries

In the next blog, I am going to address these issues and other security issues if I find them. Stay tuned for the part 2 of this.