# Title Team Members TA Documents Sponsor
17 Multi-Party, Multi-Factor Authentication Lock
Akshay Sundaram
Noah Hill
Shelby Doty
Zhicong Fan design_document1.pdf
**Multi-Party, Multi-Factor Authentication Lock**

Team Members:
- Shelby Doty (sdoty4)
- Noah Hill (noah5)
- Akshay Sundaram (akshay5)


Governments and government agencies, banks, hospitals, or companies may have rooms, safes, or vaults requiring controlled access to protect their contents. These areas and their contents are prone to physical security attacks such as severance of critical cables, theft of communication equipment, or theft of data servers. Existing methods to protect physical systems from malicious insiders include auditing, job rotation, and separation of duties. Auditing access to a restricted area is reactive and does not prevent unauthorized access from occurring. Job rotation and separation of duties only limit prolonged access to certain areas or physical systems.


Multi-factor authentication (MFA) is an electronic authentication method used to grant an individual access to an application or place only after successfully presenting multiple factors for verification purposes. Multi-party authorization (MPA) requires multiple individuals to authorize access to an application or place. An example of multi-party authorization usage occurs in banks when one accesses a lockbox. This requires both a bank official and the lockbox owner to act together to open the lockbox.

This project is the implementation of an electronic lock mechanism that provides a proactive approach to physical access control by employing both MFA and MPA methods. Access is granted only when a configurable number of individuals (multi-party) successfully authenticate with an inherence factor and a one-time token received via SMS text (multi-factor). The inherence authentication factor is a fingerprint. The mechanism is applicable to, for example, a lockbox in a bank. A bank lockbox already requires multiple parties to be present to gain access, however, the inherence authentication factor, the fingerprint, is not easily lost or misplaced as lockbox keys are.


- The mechanism unlocks only when connected to WiFi

- SMS texts are sent to all enrolled users when the authentication process is initiated

- SMS texts are sent to all enrolled users when the system loses then regains power

- The number of enrolled users and parties required to successfully authenticate (thus, disengaging the lock) are configurable

**Functionality upon initial boot and configuration**

Upon receiving power, the system connects to WiFi and prompts for the following parameters to be configured:

- Number of users to be enrolled

- Number of successful user authentications required to disengage the lock

One by one, each user is prompted to scan a fingerprint and enter their phone number.

**Solution Components**

**Control unit / authentication verification:**

When a user attempts to authenticate with a fingerprint, the fingerprint module will attempt to verify the user’s identity and provide the ESP32 with the user's identity if successful, or inform the ESP32 an unsuccessful authentication attempt was made.

ESP32 uses Wi-Fi connectivity to provide the TCP client with the identity of the user that successfully authenticated via fingerprint or to notify of a failed authentication attempt.

In case of successful biometric authentication, ESP32 then awaits a one-time token sent via SMS to the user to be input on the tactile keypad. Access is granted/denied depending on whether the user inputs the correct token generated by the TCP client.

The ESP32 will control the LCD display and the servo motor for locking/unlocking.

**User interface:**

This subsystem consists of the fingerprint sensor module for gathering biometric data and an LCD screen to display warnings and instructions.

-AS608 Optical Fingerprint Sensor Module for storage of biometric data, fingerprint scanning and digital signal processing

-LCD2004 Character-Type Liquid Crystal Display for user feedback regarding system status, authentication success/failure messages, remaining successful authentications before unlock, etc.

-D72 Tactile Keypad for user to enter one-time token received via SMS

**Mechanical relay & lock status indicator:**

This system will be responsible for the following: indicate to the user when the lockbox is locked and unlocked via LED indicators and a speaker beeping noise, and open and close the locking mechanism using a servo. Additionally, there will be a magnetic contact switch that, when triggered, sends a signal to relock the lockbox. Servo for lock mechanism:

-Red and green LEDs (from ECE lab kit)

-Speaker (from ECE lab kit)

-SG90 9g Micro Servo

-Magnetic contact switch (NTE Electronics, Inc 54-637)

**Web app:**

-Connect to ESP32 microcontroller as a TCP client to send and receive signals and data. Additionally, store logs of authentication attempts with timestamps on the server. The micropython network module can be used in Python by connecting to a python socket.

-Initial setup will include connecting devices to the Wi-Fi network and storing initial configuration data. The web app can then authenticate data read after initial setup to send a lock or unlock signal to the controller. The application will also send SMS messages to the correct parties after fingerprint data has been authenticated.

-Application then sends the correct pincode to the ESP32 and the signal to wait for pincode authentication.

**Criterion For Success**

-Lock and unlock after all parties (at least 2) have been verified

-Data written and stored is accurate

-Works plugged in to outlet and/or with battery back-up power

-Easy to use and straight forward web application / web server

-Sends message to parties when verification has failed

Covert Communication Device

Ahmad Abuisneineh, Srivardhan Sajja, Braeden Smith

Covert Communication Device

Featured Project

**Partners (seeking one additional partner)**: Braeden Smith (braeden2), Srivardhan Sajja (sajja3)

**Problem**: We imagine this product would have a primary use in military/law enforcement application -- especially in dangerous, high risk missions. During a house raid or other sensitive mission, maintaining a quiet profile and also having good situational awareness is essential. That mean's that normal two way radios can't work. And alternatives, like in-ear radios act as outside->in communication only and also reduce the ability to hear your surroundings.

**Solution**: We would provide a series of small pocketable devices with long battery that would use LoRa radios to provide a range of 1-5 miles. They would be rechargeable and have a single recessed soft-touch button that would allow someone to find it inside of pockets and tap it easily. The taps would be sent in real-time to all other devices, where they would be translated into silent but noticeable vibrations. (Every device can obviously TX/RX).

Essentially a team could use a set of predetermined signals or even morse code, to quickly and without loss of situational awareness communicate movements/instructions to others who are not within line-of-sight.

The following we would not consider part of the basic requirements for success, but additional goals if we are ahead of schedule:

We could also imagine a base-station which would allow someone using a computer to type simple text that would be sent out as morse code or other predetermined patterns. Additionally this base station would be able to record and monitor the traffic over the LoRa channels (including sender).

**Solutions Components**:

- **Charging and power systems**: the device would have a single USB-C/Microusb port that would connect to charging circuitry for the small Lithium-ion battery (150-500mAh). This USB port would also connect to the MCU. The subsystem would also be responsible to dropping the lion (3.7-4.2V to a stable 3.3V logic level). and providing power to the vibration motor.

- **RF Communications**: we would rely on externally produced RF transceivers that we would integrate into our PCB -- DLP-RFS1280,,, .

-**Vibration**: We would have to research and source durable quiet, vibration motors that might even be adjustable in intensity

- **MCU**: We are likely to use the STM32 series of MCU's. We need it to communicate with the transceiver (probably SPI) and also control the vibration motor (by driving some transistor). The packets that we send would need to be encrypted (probably with AES). We would also need it to communicate to a host computer for programming via the same port.

- **Structural**: For this prototype, we'd imagine that a simple 3d printed case would be appropriate. We'd have to design something small and relatively ergonomic. We would have a single recessed location for the soft-touch button, that'd be easy to find by feel.

**Basic criterion for success:** We have at least two wireless devices that can reliably and quickly transfer button-presses to vibrations on the other device. It should operate at at *least* 1km LOS. It should be programmable + chargeable via USB. It should also be relatively compact in size and quiet to use.

**Additional Success Criterion:** we would have a separate, 3rd device that can stay permanently connected to a computer. It would provide some software that would be able to send and receive from the LoRa radio, especially ASCII -> morse code.