Here we explain the design of the project and different scenarios in functionality and implementation.
Raspberry Pi:
● Simulating the GUI of the lock (reporting it's state) and the user interface of the phone application
● Connected to WiFi with a dongle
Atmel WINC1500, SAMD21 microcontroller and CryptoAuthentication Chips:
● Emulating the lock hardware itself
● Authenticates user
● Connects hardware to Wi-FI
Parse Cloud Platform:
● Stores login information each time a user attempts to change the lock state
Raspberry Pi:
Raspberry Pi emulates both the phone app and lock interface.
Raspberry Pi emulates both the phone app and lock interface.
The code for GUI and user interface is written in Python. It is built using the Tkinter Python packages. The app has a database for valid usernames and passwords. Whenever a user enters his username + password, the code checks the database to see if it is valid. If the information is valid, the code sends authentication request to lock, i.e. atmel chip (see atmel chip and security design). Upon authentication, the lock notifies the user with a authentication message and then, user can lock/unlock the door. Note that the connection between the Raspberry Pi and atmel chip is via a Wi-Fi dongle.
Another feature of the user interface is the adding a temporary username and password for a limited time. Say, you want to give a temporary key to a guest or a friend that can be used for a limited time only. If you are a Master User (Master Users are the ones who have priority access to the lock which are indicated in the database), you can grant a temporary key (username and password) for another user. This option adds flexibility and the ease of use to the Smart Lock.
Another important component of the system is the Cloud. Every attempt for login is pushed to the parse which is a cloud for storing informations and databases. In this way, valid users can keep track of all attempts for logins and their actions. The information that are pushed into the parse are username, validity of user, the status of the lock, creation date and time, update date and time.
The following is the user interface designed on Raspberry Pi
Authentication and Security Design:
Authentication process in the smart lock project has two parts: Client and Server.
The client is the mobile application that is simulated in Raspberry Pi Using python. The server is the lock itself implemented using atmel SAM D21 with winc1500 extension board and ATECC508A crypto chip.
The client compiles intermedia key that is calculated using hash function on the 32 bytes secret key of the crypto chip and 32 bytes fixed challenge in the software (using same calculation as server to generate “temp key”). The intermedia key then uses SHA-256 to hash with a random number to generate a 32 byte host MAC. The host MAC, random number and fixed challenge are then sent to the server over TCP socket.
The server has its secret key hardcoded in the crypto chip. The WINC1500 operates on station mode that connects to the same access point as the client. The server receives the fixed challenge, random number and host MAC from the client, and uses the fixed challenge, the secret key and a randomization parameter to generate a temp key. The temp key generation function is done inside the crypto chip so the secret key and randomized fixed challenge is never exposed outside the device. The host’s random number is then hashed with the temp key using SHA-256 to generate response MAC. The server then compare the host MAC with the response MAC. If two MACs are equal, the client will be authenticated and the door can be unlocked by user, server then will send a greeting message back to client. Otherwise the door will remain locked and server will send a false authentication message back to the client. The server also tracks the fair amount of random numbers that have been sent by the client, so the repeat random number will be invalid for the authentication.
Following is the Block Diagram of secure authentication process.