Wireless Badge Authentication System

Published on June 2016 | Categories: Documents | Downloads: 46 | Comments: 0 | Views: 320
of 12
Download PDF   Embed   Report

Comments

Content

Wireless Badge Authentication System
Project Proposal
Ankit Jain - Veer Dedhia TA: Justine Fortier ECE 445 - Senior Design September 18, 2013

1

Table of Contents 1.0 Introduction 1.1 Statement of Purpose 1.2 Objectives 1.2.1 Goals 1.2.2 Functions 1.2.3 Benefits 1.2.4 Features 2.0 Design 2.1 Block Diagrams 2.1.1 Badge (transmitter) 2.1.2 Authenticator 2.2 Block Descriptions 2.3 Performance Requirements 3.0 Verification 3.1 Testing Procedures 3.2 Tolerance Analysis 4.0 Cost and Schedule 4.1 Cost Analysis 4.1.1 Labor 4.1.2 Parts 4.1.3 Grand Total 4.2 Schedule

2

1.0 Introduction 1.1 Title - WBAS In power station control rooms, physical security is well enforced, but cyber security is lacking. There exists a need for role-based access control (RBAC) to consoles, such that more assurance is given that only authorized agents are controlling our power grid. However, most security measures that might allow this (passwords, USB crypto-cards, etc.) would add extra overhead for the operators’, in the form of memory or time. The overall goal of this project is to create a badge-based RBAC system that would allow operators to authenticate to consoles quickly, while minimizing any effects on workflow. This would be done using a wireless system, where the authentication occurs when the operator walks up to a console. 1.2 Objectives 1.2.1 Goals - Implement power efficient form of wireless transmission between user’s transmitter and console’s receiver - Implementation of a security protocol to reliably ensure authenticity of badge and identity 1.2.2 Functions - Wireless communication between user’s transmitter and console’s receiver - User’s transmitter powered by button cells (active transmitter) - Handshaking between transmitter and receiver - Console used to activate different items (light, media system, etc.) - Only displays for correct user 1.2.3 Benefits - Customer can enforce fine-grained access control for critical consoles - Limited impact on workflow (no password to remember) - Modular design allows for future security extensions (adding in passwords, biometrics, etc.) 1.2.4 Features - Secure authentication of badge/user with receiver - Wireless data transfer between badge and receiver - Security by something you have

3

2.0 Design 2.1 Block Diagrams High-Level System Layout

2.1.1 Badge (transmitter)

2.1.2 Authenticator(plus authentication system?)

2.2 Block Descriptions High-Level System Layout Badge This unit will be responsible for identifying the user, along with communicating with the authenticator to ensure appropriate security access. Authenticator This unit will be responsible for interpreting the data from the user’s badge and handling the security properly to ensure proper authentication in the system.

4

Badge Power source This unit will be responsible for providing the necessary power to all of the other components of the Badge module. RF transceiver This unit will be responsible for transmitting unique ID badge data to the authenticator to be processed and decrypted in order to identify user. Processing unit This unit will be responsible for parsing the Authenticator’s RF messages, performing cryptographic operations (hashing, etc.), and formatting RF responses. It will interface with the RF module to receive and transmit messages. It will interface with the data unit to retrieve stored information (such as id or keys) and possibly to write temporary values. Data (Identity) This unit will be responsible for storing and retrieving information on each security badge. This will encompass unique identities for each badge, any necessary keys/certificates for security protocols, and temporary data storage for processing. Authenticator Power source This unit will be responsible for providing the necessary power to all of the other components of the Authenticator module. RF transceiver This unit will be responsible for handling the RF communication between the authenticator and the badge. Processing unit This unit will be responsible for parsing the Badge’s RF messages, performing cryptographic operations (more intensive than on Badge), and formatting RF responses. It will be sending out an initial pairing signal at specified intervals to begin the authentication protocol. This unit will interface with the RF transceiver to receive and send messages. It will also interface with the RBAC Database to check roles and allowed accesses. Data (RBAC Database) This unit will be responsible for holding the information about the Authenticator, such as unique identities, keys/certificates, and temporary data storage. It will also primarily contain the access control database, which tells the processing unit which users have what access. 2.3 Performance Requirements High-Level System Layout Badge ● Should communicate with an Authenticator within 3 feet (+/- 6 inches) ● Can complete a secure authentication protocol with a valid Authenticator ● Will fail the protocol with an invalid receiving device ● Should be resistant to security threats, such as replay and man-in-the-middle attacks

5

● ● ● ● Badge ● ●

Authenticator Should authenticate a valid badge within a distance of 3 feet (+/- 6 inches) Should not authenticate a valid badge beyond a distance of 3 feet (+/- 6 inches) Should not authenticate any non-registered device Should be resistant to security threats, such as replay and man-in-the-middle attacks

Power source Supplies 3.3V to RF Transceiver Supplies 5V to Processing Unit RF transceiver Utilizes 3.3V from Power source Xbee Series 1 operating at 50 mA Outputs power at ~1 mW Processing unit Utilizes 5V from power source Be able to perform cryptographic operations, such as hashes and encryption Parse RF messages from Authenticator through the RF transceiver module Send RF messages to Authenticator through RF transceiver module Read/write memory in the data module Generate cryptographically secure random numbers Data (Identity) Be able to read data from permanent memory (keys, hashes, etc.) Be able to read/write data from temporary memory

● ● ●

● ● ● ● ● ●

● ●

Authenticator Power source ● Supplying constant 9V to PU ● Supplying constant 3.3V To RF Transceiver RF transceiver Utilizes 3.3V from Power source Xbee Series 1 operating at 50 mA Outputs power at ~1 mW Processing unit Use 9V from power source Will use a voltage regulator to ensure constant voltage source Be able to perform cryptographic operations, such as hashes and encryption/decryption Parse RF messages from Badge through the RF transceiver module Send RF messages to Badge through RF transceiver module

● ● ●

● ● ● ● ● 6

● ● ●

Read/write memory in the data module Authenticate valid badges against database Generate cryptographically secure random numbers Data (RBAC Database) Read/write storage for authentication protocol (keys, hashes, etc.) Read/write storage for RBAC Database (which badge has access to what resource)

● ●

7

3.0 Verification 3.1 Testing Procedures Badge Power source ● Attach power source to an oscilloscope and a digital multimeter ● Check to ensure that there is low ripple on output and that multimeter is consistent in voltage reading RF transceiver (Xbee) Set up Authenticator Xbee to transmit constant string Set up Badge Xbee to receive data Interpret Xbee received data using Arduino Display data on computer and verify a match Processing unit Check cryptographic operations (give input, check output) Check random number generator (verify no patterns) Send message through RF transceiver, verify correctness Receive simulated RF message, verify correct parsing Simulate Authenticator messages, check authentication protocol Data (Identity) Write 0 bytes to all of memory (clear everything) Read memory and verify contents Write sentinel bytes to random sections of memory Read back and verify contents

● ● ● ●

● ● ● ● ●

● ● ● ●

Authenticator Power source ● Attach power source to an oscilloscope and a digital multimeter ● Check to ensure that there is low ripple on output and that multimeter is consistent in voltage reading RF transceiver (Xbee) Set up Badge Xbee to transmit constant string Set up Authenticator Xbee to receive data Interpret Xbee received data using Arduino Display data on computer and verify a match

● ● ● ●

8

Processing unit ● Check cryptographic operations (give input, check output) ● Check random number generator (verify no patterns) ● Send message through RF transceiver, verify correctness ● Receive simulated RF message, verify correct parsing ● Simulate Badge messages, check authentication protocol Data (RBAC Database) Write 0 bytes to all of memory (clear everything) Read memory and verify contents Write sentinel bytes to random sections of memory Read back and verify contents Add badge identities, verify contents

● ● ● ● ●

3.2 Tolerance Analysis Our tolerance analysis will be based on the proximity of the badge to the authenticator. Our accepted proximity is meant to be 3 feet, and we’re going to allow a tolerance of +/- 6 inches. We will test this through the RSSDI pin of the Xbee module. This pin is used to determine the signal strength, and we can use it to track proximity. When our system unlocks, we will record the maximum proximity that keeps it unlocked, and see if it is in our acceptable range of 3 feet +/- 6 inches.

9

4.0 Cost and Schedule 4.1 Cost Analysis 4.1.1 Labor Name Ankit Jain Veer Dedhia TOTAL 4.1.2 Parts Item Xbee 1mW Wire Antenna - Series 1 Arduino Duemilanove Quantity 2 2 Unit Price $22.95 $19.95 $9.38 $15.00 $1.10 $0.50 $0.50 Total Cost $45.90 $19.95 $9.38 $30.00 $4.40 $0.50 $0.50 $110.63 4.1.3 Grand Total Labor Parts Total $30,000 $110.63 $30,110.63 Hourly Rate Total Hours Invested $40.00 $40.00 150 150 300 Total = Hourly Rate * 2.5 * Total Hours Invested $15,000.00 $15,000.00 $30,000.00

Pomona Case Enclosure 1 (Badge) Custom PCBs Button Cell Batteries Voltage Regulator (5V) Voltage Regulator (3.3V) Total 2 4 1 1

10

4.2 Schedule
Week 9/16 - 9/22 Tasks Finish proposal Model security protocol for badge authentication Define method of wireless transmission 9/23 - 9/29 Initial design of wireless transmission circuit for badge Initial design for Authenticator processing unit (PU) (Arduino) 9/30 - 10/6 Design Review Final design of wireless transmission circuit for badge 10/7 - 10/13 Define power circuitry for Authenticator Final design for Authenticator PU (Arduino) 10/14 - 10/20 Initial design of power circuitry for Badge Testing of Authenticator PU (simulated) 10/21 - 10/27 Initial design for Badge PU Get initial PCB printed Testing of Badge PU (simulated) Individual Progress Reports 10/28 - 11/3 Final design for Badge PU Review designs to confirm requirements are met + PCB Design Approved 11/4 - 11/10 Implement Authenticator PU Implement Badge PU on initial PCB Mock-up demos 11/11 - 11/17 Interface and test wireless transmission modules with PUs Final PCBs printed and integrated Package Authenticator 11/18 - 11/22 Integrate power systems Package Badge Responsible Member Ankit+Veer Veer Ankit Ankit Veer Veer Ankit Ankit Veer Ankit Veer Ankit Ankit Veer Ankit + Veer Ankit Veer

Veer Ankit Ankit + Veer Ankit Veer Veer Ankit Veer

11

11/23 - 12/1 (Thanksgiving Break)

Prepare Demo

Ankit

Prepare Presentation 12/2 - 12/8 Demo Presentation 12/9 - 12/12 Final Paper Checkout

Veer Ankit Veer Ankit + Veer Ankit + Veer

12

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close