Project

# Title Team Members TA Documents Sponsor
17 Multi-Party, Multi-Factor Authentication Lock
Akshay Sundaram
Noah Hill
Shelby Doty
Zhicong Fan design_document1.pdf
final_paper1.pdf
other1.PNG
other2.jpg
other3.jpg
photo1.jpg
proposal1.pdf
video
**Multi-Party, Multi-Factor Authentication Lock**

Team Members:
- Shelby Doty (sdoty4)
- Noah Hill (noah5)
- Akshay Sundaram (akshay5)

**Problem**

Governments and government agencies, banks, hospitals, or companies may have rooms, safes, or vaults requiring controlled access to protect their contents. These areas and their contents are prone to physical security attacks such as severance of critical cables, theft of communication equipment, or theft of data servers. Existing methods to protect physical systems from malicious insiders include auditing, job rotation, and separation of duties. Auditing access to a restricted area is reactive and does not prevent unauthorized access from occurring. Job rotation and separation of duties only limit prolonged access to certain areas or physical systems.

**Solution**

Multi-factor authentication (MFA) is an electronic authentication method used to grant an individual access to an application or place only after successfully presenting multiple factors for verification purposes. Multi-party authorization (MPA) requires multiple individuals to authorize access to an application or place. An example of multi-party authorization usage occurs in banks when one accesses a lockbox. This requires both a bank official and the lockbox owner to act together to open the lockbox.

This project is the implementation of an electronic lock mechanism that provides a proactive approach to physical access control by employing both MFA and MPA methods. Access is granted only when a configurable number of individuals (multi-party) successfully authenticate with an inherence factor and a one-time token received via SMS text (multi-factor). The inherence authentication factor is a fingerprint. The mechanism is applicable to, for example, a lockbox in a bank. A bank lockbox already requires multiple parties to be present to gain access, however, the inherence authentication factor, the fingerprint, is not easily lost or misplaced as lockbox keys are.

**Features**

- The mechanism unlocks only when connected to WiFi

- SMS texts are sent to all enrolled users when the authentication process is initiated

- SMS texts are sent to all enrolled users when the system loses then regains power

- The number of enrolled users and parties required to successfully authenticate (thus, disengaging the lock) are configurable

**Functionality upon initial boot and configuration**

Upon receiving power, the system connects to WiFi and prompts for the following parameters to be configured:

- Number of users to be enrolled

- Number of successful user authentications required to disengage the lock

One by one, each user is prompted to scan a fingerprint and enter their phone number.

**Solution Components**

**Control unit / authentication verification:**

When a user attempts to authenticate with a fingerprint, the fingerprint module will attempt to verify the user’s identity and provide the ESP32 with the user's identity if successful, or inform the ESP32 an unsuccessful authentication attempt was made.

ESP32 uses Wi-Fi connectivity to provide the TCP client with the identity of the user that successfully authenticated via fingerprint or to notify of a failed authentication attempt.

In case of successful biometric authentication, ESP32 then awaits a one-time token sent via SMS to the user to be input on the tactile keypad. Access is granted/denied depending on whether the user inputs the correct token generated by the TCP client.

The ESP32 will control the LCD display and the servo motor for locking/unlocking.

**User interface:**

This subsystem consists of the fingerprint sensor module for gathering biometric data and an LCD screen to display warnings and instructions.

-AS608 Optical Fingerprint Sensor Module for storage of biometric data, fingerprint scanning and digital signal processing

-LCD2004 Character-Type Liquid Crystal Display for user feedback regarding system status, authentication success/failure messages, remaining successful authentications before unlock, etc.

-D72 Tactile Keypad for user to enter one-time token received via SMS

**Mechanical relay & lock status indicator:**

This system will be responsible for the following: indicate to the user when the lockbox is locked and unlocked via LED indicators and a speaker beeping noise, and open and close the locking mechanism using a servo. Additionally, there will be a magnetic contact switch that, when triggered, sends a signal to relock the lockbox. Servo for lock mechanism:

-Red and green LEDs (from ECE lab kit)

-Speaker (from ECE lab kit)

-SG90 9g Micro Servo

-Magnetic contact switch (NTE Electronics, Inc 54-637)

**Web app:**

-Connect to ESP32 microcontroller as a TCP client to send and receive signals and data. Additionally, store logs of authentication attempts with timestamps on the server. The micropython network module can be used in Python by connecting to a python socket.

-Initial setup will include connecting devices to the Wi-Fi network and storing initial configuration data. The web app can then authenticate data read after initial setup to send a lock or unlock signal to the controller. The application will also send SMS messages to the correct parties after fingerprint data has been authenticated.

-Application then sends the correct pincode to the ESP32 and the signal to wait for pincode authentication.

**Criterion For Success**

-Lock and unlock after all parties (at least 2) have been verified

-Data written and stored is accurate

-Works plugged in to outlet and/or with battery back-up power

-Easy to use and straight forward web application / web server

-Sends message to parties when verification has failed

VoxBox Robo-Drummer

Craig Bost, Nicholas Dulin, Drake Proffitt

VoxBox Robo-Drummer

Featured Project

Our group proposes to create robot drummer which would respond to human voice "beatboxing" input, via conventional dynamic microphone, and translate the input into the corresponding drum hit performance. For example, if the human user issues a bass-kick voice sound, the robot will recognize it and strike the bass drum; and likewise for the hi-hat/snare and clap. Our design will minimally cover 3 different drum hit types (bass hit, snare hit, clap hit), and respond with minimal latency.

This would involve amplifying the analog signal (as dynamic mics drive fairly low gain signals), which would be sampled by a dsPIC33F DSP/MCU (or comparable chipset), and processed for trigger event recognition. This entails applying Short-Time Fourier Transform analysis to provide spectral content data to our event detection algorithm (i.e. recognizing the "control" signal from the human user). The MCU functionality of the dsPIC33F would be used for relaying the trigger commands to the actuator circuits controlling the robot.

The robot in question would be small; about the size of ventriloquist dummy. The "drum set" would be scaled accordingly (think pots and pans, like a child would play with). Actuators would likely be based on solenoids, as opposed to motors.

Beyond these minimal capabilities, we would add analog prefiltering of the input audio signal, and amplification of the drum hits, as bonus features if the development and implementation process goes better than expected.

Project Videos