My current implementation uses Windows server for reading Yubikey on a front door. I have implemented several security features but I think I need more robust solution for securing keyboard capture.
I believe I have to change Design Rational Decision #1 and Decision #2.
My biggest concern is how I make sure USB on a front door can't be used as an attack vector to get into my system. My new idea is to use another low-end PC for capturing keystrokes and send them into local network as UDP broadcast. Message is seen by the Home Control server, which does validation, opens a door, plays messages etc. There is no need to encrypt messages cause Yubikey itself creates one-time-passwords -- Once used, you can't use it again. I have seen many ideas of using Yubikey for physical access and I believe this kind of approach could be useful more generally.
I found neat Gadget Computer from my closet. It is very small, low power PC. Only disk is missing, I ordered 2.5" SSD drive for that. My plan is install very light weight linux distribution on it and run code like this :
while (1) ( inp=read_standard_input; send_udp_broadcast(inp) )
I'll let you know when this is done - Now I'm waiting for SSD IDE to arrive.
PS. If you have any suggestion for linux distro please comment. My current plan is to install Debian.
Ei kommentteja:
Lähetä kommentti