Using U2F for Door Access Control Systems #Security
Darell Tan at irq5.io writes a detailed article about securely implementing electronic door access control systems.
I was looking at trying to securely implement a door access control system. This usually involves some kind of card that you tap at a reader and the door unlocks.
Because it uses NFC, the NFC reader and electronics can be located safely on the inside, leaving no exposed DIY electronics on the outside for attackers to fiddle around with. A lot of DIY projects work, but they are just not secure.
MIFARE Classic cards are commonly used for this purpose because they are very inexpensive. They are factory-programmed with a unique identifier stored in sector 0, which is read-only. However, you can easily buy “UID 魔术卡” (UID “magic cards”) that allow their sector 0 to be modified and rewritten. This essentially enables you to create clones of any valid card.
We should not rely on the card’s UID for authentication, and here I would like to discuss about solving that.
FIDO Universal 2nd Factor (U2F) is an open standard that is used for, as its name suggests, performing two-factor authentication (2FA). It is a standard that governs hardware devices to be the second factor (i.e. “something you have”). These devices work similarly to a smart card, and are available in several convenient form factors: card, token or key fob.
Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.