Final part needed is how PC can open Abloy electric lock. Abloy sells separate unit for this but it costs a lot. In my case my home control PC authenticates Yubikeys and knows "better" (than Abloy unit) if doors should be opened. In a same time it can control Burglar alarm system, lighting etc. So what I needed was a way to attach Abloy remote control to my backend PC. And that's exactly what I did!
I selected Audon Electronics UDIN-8R as interface between PC and Abloy. It is USB-driven relay unit. It supports both Windows and Linux and can be controlled simply via virtual comport.
1: Abloy remote control uses 3V battery
2: These two devices needs to be fitted together...
3: There is 4 buttons in Abloy-remote - they are now wired from 4 relays
(1 common, 4 outputs)
4: 3-volts is regulated from USB 5-volts and fed into Abloy-remote.
All 4 buttons are wired into relays.
5: UDIN 8-relay USB-device has now it's own Abloy remote. Notice hole for the led
keskiviikko 11. maaliskuuta 2009
lauantai 7. maaliskuuta 2009
New server for reading Yubikey
My current implementation uses Windows server for reading Yubikey on a front door. I have implemented several security features but I think I need more robust solution for securing keyboard capture.
I believe I have to change Design Rational Decision #1 and Decision #2.
My biggest concern is how I make sure USB on a front door can't be used as an attack vector to get into my system. My new idea is to use another low-end PC for capturing keystrokes and send them into local network as UDP broadcast. Message is seen by the Home Control server, which does validation, opens a door, plays messages etc. There is no need to encrypt messages cause Yubikey itself creates one-time-passwords -- Once used, you can't use it again. I have seen many ideas of using Yubikey for physical access and I believe this kind of approach could be useful more generally.
I found neat Gadget Computer from my closet. It is very small, low power PC. Only disk is missing, I ordered 2.5" SSD drive for that. My plan is install very light weight linux distribution on it and run code like this :
I'll let you know when this is done - Now I'm waiting for SSD IDE to arrive.
PS. If you have any suggestion for linux distro please comment. My current plan is to install Debian.
I believe I have to change Design Rational Decision #1 and Decision #2.
My biggest concern is how I make sure USB on a front door can't be used as an attack vector to get into my system. My new idea is to use another low-end PC for capturing keystrokes and send them into local network as UDP broadcast. Message is seen by the Home Control server, which does validation, opens a door, plays messages etc. There is no need to encrypt messages cause Yubikey itself creates one-time-passwords -- Once used, you can't use it again. I have seen many ideas of using Yubikey for physical access and I believe this kind of approach could be useful more generally.
I found neat Gadget Computer from my closet. It is very small, low power PC. Only disk is missing, I ordered 2.5" SSD drive for that. My plan is install very light weight linux distribution on it and run code like this :
while (1) ( inp=read_standard_input; send_udp_broadcast(inp) )
I'll let you know when this is done - Now I'm waiting for SSD IDE to arrive.
PS. If you have any suggestion for linux distro please comment. My current plan is to install Debian.
Tags:
dr,
status:Planning,
yubikey
torstai 5. maaliskuuta 2009
Physical lock installation
EC101 was installed today. My old lock was was not in a good shape so it caused some troubles - Had to fix that first. I was glad to notice they use E-INK technology in a display.
Tags:
state:Done
maanantai 2. maaliskuuta 2009
Long USB cables
Maximum length of USB cable is 5 meters. It might be too short from your PC to the front door. In my case I needed 8 meters. Before installing I did testing with different kind of setups. Passive 5 meter cable worked but when I extended that, it started to fail. I installed 5 meter active USB cable (it uses 5V of USB to "repeat" signals) and 3 m passive extension. This works just fine, but adding 1 meter extension makes it fail again.
Later I found another option, "Newlink USB 1.1 CAT5E Booster". They promise to extend limit to 50 meters. I bought and tried it out with 20 meters ethernet cable. Works just fine! I'm not using it in my project but this is good to know, if you need to use Yubikey from far away from PC.
PS. This device uses ethernet cable, but it's just a cable. This device has nothing to do with ethernet. If it would, that would possibly provide another neat way to capture Yubikey-logon directly from network traffic...
Later I found another option, "Newlink USB 1.1 CAT5E Booster". They promise to extend limit to 50 meters. I bought and tried it out with 20 meters ethernet cable. Works just fine! I'm not using it in my project but this is good to know, if you need to use Yubikey from far away from PC.
PS. This device uses ethernet cable, but it's just a cable. This device has nothing to do with ethernet. If it would, that would possibly provide another neat way to capture Yubikey-logon directly from network traffic...
Tags:
yubikey
torstai 26. helmikuuta 2009
Physical door locking
You might ask how do I actually open the door lock? Yep, that's still under away. You see door opening in a video but the final part of implementation is not done yet. Sorry if I fooled you!
I have a good plan and it will be installed later this week.
In Finland there is only one lock vendor called Abloy. As they say on their web pages -- "million choices - One cylinder". What that means is that it's really easy just change current physical lock with the one that is battery operated and has radio controller remote.
I'm going to use Abloy model EC101 as a lock. It has following features
How about connecting Yubikey, PC and Abloy Remote together? Stay tuned...
I have a good plan and it will be installed later this week.
In Finland there is only one lock vendor called Abloy. As they say on their web pages -- "million choices - One cylinder". What that means is that it's really easy just change current physical lock with the one that is battery operated and has radio controller remote.
I'm going to use Abloy model EC101 as a lock. It has following features
- No modifications to standard Finnish door -- Replaces old lock
- Battery will last for 1,5 year
- Old key works as a backup
- Wireless control by using remote controller EC501
How about connecting Yubikey, PC and Abloy Remote together? Stay tuned...
Tags:
state:Started
keskiviikko 25. helmikuuta 2009
Security issues
My 13-year old son raised up a question of security. I have had thoughts on that but I believe it's worth of more thoroughly thinking.
What are use cases of the Black Hat visitor? What is impact of that threat?
Wow! We need to think how to make those "misuse cases" impossible.
Next we need to think about what are possible attack vectors. You must remember that Yubikey is acting as a keyboard and I'm using it in a way it's not meant to be used. What does open USB on a front door really mean?
This is a horror story what could happen if I'm not aware of security and don't find enough tricks to secure my system (maybe I will shut down this project if I get too afraid?) :
Mister Black Hat comes to my front door. He plugs a USB hub into my Yubikey socket. He sticks his USB drive and keyboard into the hub. With keyboard he hits Ctrl-ESC to get Start menu up, starts CMD.EXE and makes a wild guess: C is system, D is DVD... E is his own USB drive. He types command that copies all content to his USB drive or sends them to his internet site. Then he plugs USB drive to his own laptop, makes changes to setup, copies configuration files back to my server and opens the door with his own Yubikey ("Hello Black Hat, Welcome! Sorry, your voice box isn't configured yet but you are still welcome!").
This is a list of some of security features I have implemented (or will implement). They are listed in a table that shows Attack Vector ID form previous table and some features to work against those:
...or, to really nail it, should I setup another PC just for listening Yubikey and sending them as a UDP broadcast to Home Control server?
And finally: Did you find any other holes? Or did you find a better idea against some attack vector? Please, add a comment!
Use case / Threat | Impact |
---|---|
Crashing my Home control server (later HCS) | It's not nice but doesn't cause any big harm |
Getting copy of my HCS content | This is bad |
Wiping content of my HCS | Not so bad, I use Amazon S3 as a backup backend |
Getting copy, changing it and putting back to HCS | This is really bad. Hacker would have possibility to add his own Yubikey as authorized and get access to my house |
Wow! We need to think how to make those "misuse cases" impossible.
Next we need to think about what are possible attack vectors. You must remember that Yubikey is acting as a keyboard and I'm using it in a way it's not meant to be used. What does open USB on a front door really mean?
Attack Vector ID | Attack vector | Comment |
---|---|---|
AVN | Someone get access to HCS through internet connection | Bad problem |
AVM | Using mouse on a front door | It would be hard to get something useful to be done moving and clicking mouse blindly. Still I don't like the idea that someone would do that. |
AVK | Using keyboard on a front door | Uups, this is bad. Alt-F4 would stop my interactive app, Ctrl-Alt-Del, Alt+T would start TaskManager etc. Really bad. |
AVU | Sticking USB stick into front door socket | If my setup won't autostart anything, this is not so bad. But together with other holes this could turn into very big hole |
This is a horror story what could happen if I'm not aware of security and don't find enough tricks to secure my system (maybe I will shut down this project if I get too afraid?) :
Mister Black Hat comes to my front door. He plugs a USB hub into my Yubikey socket. He sticks his USB drive and keyboard into the hub. With keyboard he hits Ctrl-ESC to get Start menu up, starts CMD.EXE and makes a wild guess: C is system, D is DVD... E is his own USB drive. He types command that copies all content to his USB drive or sends them to his internet site. Then he plugs USB drive to his own laptop, makes changes to setup, copies configuration files back to my server and opens the door with his own Yubikey ("Hello Black Hat, Welcome! Sorry, your voice box isn't configured yet but you are still welcome!").
This is a list of some of security features I have implemented (or will implement). They are listed in a table that shows Attack Vector ID form previous table and some features to work against those:
Attack Vector ID | Feature |
---|---|
AVN | Firewall (HW based, both IN and OUT), hardened OS, very strict control of installed software |
AVM | My interactive app listening keyboard messages will set mouse position to the corner of the screen in 20 ms interval |
AVK | In windows there is a system call to disable all special keys (originally meant for screen savers). I'll use that. In a tight interval I'll make sure my APP has focus. My APP does nothing else that listens keyboard messages and sends Yubikey-keystrings to my actual application service sending UDP broadcasts. I'll run it under other apps control that will restart app if is ever stopped. |
AVU | Maybe I should find a registry trick, 3rd party app or some other way to disable USB drives? How about creating dummy virtual drives (SUBST) for all drive letters? ;-) |
...or, to really nail it, should I setup another PC just for listening Yubikey and sending them as a UDP broadcast to Home Control server?
And finally: Did you find any other holes? Or did you find a better idea against some attack vector? Please, add a comment!
Tags:
status:Planning,
yubikey
lauantai 24. tammikuuta 2009
Should I authenticate locally or from Yubico service?
Yubikeys are delivered with secret AES-key which is unreadable from the key. Same secret AES-key is stored both in Yubikey and Yubico's validation server. To be able to validate you have to have internet connection.
Because all code is open source, you can also run your own validation server. In that case you can reprogram Yubikey with your own secret AES-key and store that key locally into your own server. I had to make a decision which way to go.
DR-log:
Because all code is open source, you can also run your own validation server. In that case you can reprogram Yubikey with your own secret AES-key and store that key locally into your own server. I had to make a decision which way to go.
DR-log:
Question : | Using Yubico validation service or local? |
Alternative 1 | Yubico validation service
+ Very easy validation (for example simple http request) + No need to reprogram keys + Access can be provided also friends with Yubikey, even through webinterface - Needs internet connection - You have to trust Yubico to keep your AES secret and state of internal counters |
Alternative 2 | Running own validation server
+ Works also when internet connection is broken + No need to trust any 3rd side - Need to reprogram all keys. Same keys can't be used to logon any other Yubikey-enabled service |
Comments : | First of all I trust Yubico. Even if internet connections is lost, my PC can also die - I have to have also mechanical key and lock available for those situations. |
Decision #3: | I'll use Yubico authentication service |
Tags:
dr,
state:Done,
yubikey
perjantai 23. tammikuuta 2009
How to capture keystrokes?
Yubikey is the one and only one time password generator hardware that acts as a keyboard. It's great for application logins but for this kind of application it's not so good: My PC has to autologon, my application must be running in interactive mode or I must be able to capture all windows keystroke events. I'm not sure if windows even sends keystroke messages if you haven't logged in. So I needed a autologon solution.
DR-log:
(Just another Yubikey development idea: If Yubikey would act both as a keyboard and serial port, it could be used more robustly also in this kind of applications. It could even act as a "license dongle" sitting in back of a server, providing one time password through serial interface)
DR-log:
Question : | How to autologon into OS? |
Alternative 1 | Windows registry based autologon
+ Free + Unsafe -- Logon username and password is stored into registry uncrypted |
Alternative 2 | Commercial product: LogonExpert
+ Encrypts password + Robust solution + Ctrl+Alt+Del, a shutdown event, administrator’s banners, or any other window appearing before logon is bypassed automatically. |
Comments : | |
Decision #2: | LogonExpert |
(Just another Yubikey development idea: If Yubikey would act both as a keyboard and serial port, it could be used more robustly also in this kind of applications. It could even act as a "license dongle" sitting in back of a server, providing one time password through serial interface)
Tags:
dr,
state:Done,
yubikey
torstai 22. tammikuuta 2009
Backend hardware and OS
My home control is based on self-written event-driven rule-based engine, communicating with tens of microcontroller based nodes using CAN. It's windows application that runs as a service.
For hardware I have selected S635F Fanless MiniPC, with 2G memory and 60 GB SATA flash SSD.
I'm running Windows Server 2003 Web Edition. Security has been hardened as it's sitting in internet, behind a firewall of course. It provides mobile and web UI to monitor and control home equipments.
DR-log:
For hardware I have selected S635F Fanless MiniPC, with 2G memory and 60 GB SATA flash SSD.
I'm running Windows Server 2003 Web Edition. Security has been hardened as it's sitting in internet, behind a firewall of course. It provides mobile and web UI to monitor and control home equipments.
DR-log:
Question : | What OS? |
Alternative 1 | Windows
+ I have more knowlegde programming windows + Yubikey needs interactive application, not "system level" application. I know how to capture keystrokes robustly under windows - Need to constant security updates |
Alternative 2 | Linux
+ Considered more robust OS + Could be run on lower resources |
Comments : | I just know windows better and it has never failed since 2004 when I started to run SmartPirtti. |
Decision #1 : | Windows |
Tags:
dr,
state:Done
tiistai 20. tammikuuta 2009
Design Rationale
I will use Design Rationale methodology to record design decisions. All DR-decisions are tagged with label "dr". If you would like to follow decisions made, please be aware that you read in order starting from the oldest one. All earlier decision can and will have an effect to later ones. It is a good practice to record system design process using DR. If you later change your design you can always get back to Design Rationale documentation and check if that change would have had impact for later decisions.
Other tags used:
- dr = Design Rationale decision
- state:Planning = This feature is under planning
- state:Started = Implementation has been started
- state:Done = This feature has been implemented
- yubikey = Yubikey related
Tags:
dr
sunnuntai 18. tammikuuta 2009
SmartPirtti - What?
This blog is about my physical Access Control using USB Yubikey. I have links to my SmartPirtti blog and image library but they are in Finnish. Short description follows: I have implemented CAN based home automation system into my house. Everything (HW/SW) is "self-made" but still robust and professionally manufactured. I consider SmartPirtti as my "real life test lab" for intelligent home control.
In this Yubikey-project I can benefit some features of the SmartPirtti. For example I can control lighting, switch relays (for example to open the door), play voice messages or integrate to burglar alarm system.
Tilaa:
Blogitekstit (Atom)