Final part needed is how PC can open Abloy electric lock. Abloy sells separate unit for this but it costs a lot. In my case my home control PC authenticates Yubikeys and knows "better" (than Abloy unit) if doors should be opened. In a same time it can control Burglar alarm system, lighting etc. So what I needed was a way to attach Abloy remote control to my backend PC. And that's exactly what I did!
I selected Audon Electronics UDIN-8R as interface between PC and Abloy. It is USB-driven relay unit. It supports both Windows and Linux and can be controlled simply via virtual comport.
1: Abloy remote control uses 3V battery
2: These two devices needs to be fitted together...
3: There is 4 buttons in Abloy-remote - they are now wired from 4 relays
(1 common, 4 outputs)
4: 3-volts is regulated from USB 5-volts and fed into Abloy-remote.
All 4 buttons are wired into relays.
5: UDIN 8-relay USB-device has now it's own Abloy remote. Notice hole for the led
keskiviikko 11. maaliskuuta 2009
lauantai 7. maaliskuuta 2009
New server for reading Yubikey
My current implementation uses Windows server for reading Yubikey on a front door. I have implemented several security features but I think I need more robust solution for securing keyboard capture.
I believe I have to change Design Rational Decision #1 and Decision #2.
My biggest concern is how I make sure USB on a front door can't be used as an attack vector to get into my system. My new idea is to use another low-end PC for capturing keystrokes and send them into local network as UDP broadcast. Message is seen by the Home Control server, which does validation, opens a door, plays messages etc. There is no need to encrypt messages cause Yubikey itself creates one-time-passwords -- Once used, you can't use it again. I have seen many ideas of using Yubikey for physical access and I believe this kind of approach could be useful more generally.
I found neat Gadget Computer from my closet. It is very small, low power PC. Only disk is missing, I ordered 2.5" SSD drive for that. My plan is install very light weight linux distribution on it and run code like this :
I'll let you know when this is done - Now I'm waiting for SSD IDE to arrive.
PS. If you have any suggestion for linux distro please comment. My current plan is to install Debian.
I believe I have to change Design Rational Decision #1 and Decision #2.
My biggest concern is how I make sure USB on a front door can't be used as an attack vector to get into my system. My new idea is to use another low-end PC for capturing keystrokes and send them into local network as UDP broadcast. Message is seen by the Home Control server, which does validation, opens a door, plays messages etc. There is no need to encrypt messages cause Yubikey itself creates one-time-passwords -- Once used, you can't use it again. I have seen many ideas of using Yubikey for physical access and I believe this kind of approach could be useful more generally.
I found neat Gadget Computer from my closet. It is very small, low power PC. Only disk is missing, I ordered 2.5" SSD drive for that. My plan is install very light weight linux distribution on it and run code like this :
while (1) ( inp=read_standard_input; send_udp_broadcast(inp) )
I'll let you know when this is done - Now I'm waiting for SSD IDE to arrive.
PS. If you have any suggestion for linux distro please comment. My current plan is to install Debian.
Tags:
dr,
status:Planning,
yubikey
torstai 5. maaliskuuta 2009
Physical lock installation
EC101 was installed today. My old lock was was not in a good shape so it caused some troubles - Had to fix that first. I was glad to notice they use E-INK technology in a display.
Tags:
state:Done
maanantai 2. maaliskuuta 2009
Long USB cables
Maximum length of USB cable is 5 meters. It might be too short from your PC to the front door. In my case I needed 8 meters. Before installing I did testing with different kind of setups. Passive 5 meter cable worked but when I extended that, it started to fail. I installed 5 meter active USB cable (it uses 5V of USB to "repeat" signals) and 3 m passive extension. This works just fine, but adding 1 meter extension makes it fail again.
Later I found another option, "Newlink USB 1.1 CAT5E Booster". They promise to extend limit to 50 meters. I bought and tried it out with 20 meters ethernet cable. Works just fine! I'm not using it in my project but this is good to know, if you need to use Yubikey from far away from PC.
PS. This device uses ethernet cable, but it's just a cable. This device has nothing to do with ethernet. If it would, that would possibly provide another neat way to capture Yubikey-logon directly from network traffic...
Later I found another option, "Newlink USB 1.1 CAT5E Booster". They promise to extend limit to 50 meters. I bought and tried it out with 20 meters ethernet cable. Works just fine! I'm not using it in my project but this is good to know, if you need to use Yubikey from far away from PC.
PS. This device uses ethernet cable, but it's just a cable. This device has nothing to do with ethernet. If it would, that would possibly provide another neat way to capture Yubikey-logon directly from network traffic...
Tags:
yubikey
Tilaa:
Blogitekstit (Atom)