Hackerspace security system brings RFID, video feedback, and automatic doors

rfid-hackerspace-door-lock

[Will] has been hard at work on a replacement system for his Hackerspace’s RFID door lock. The original is now several years old and he’s decided to upgrade to a much more powerful processor, adding some bells and whistles along the way.

The control box seen above is the exterior component of the system. It’s a telephone service box like you’d find on the back of most houses in the US. They had a few of these lying around and they are a perfect choice because… well… they’re meant to be locking enclosures that brave the elements. [Will] made the jump from an Arduino which has run the locks for the last three years to a Raspberry Pi board. This gives him a lot of extra power to work with and he took advantage of that by adding a vehicle backup LCD screen for visual feedback. You can see it giving the ‘Access Granted’ message he used during testing but the demo video after the break shows that they plan to do some image scripting to display a head shot of the RFID tag owner whenever a tag is read.

There are several other features included as well. The system Tweets whenever a tag is read, helping the members keep tabs on who is hanging out at the space right now. It also patches into a sliding door which one of the members automated using a garage door opener motor.

Comments

  1. truebassb says:

    Very nice design but when it comes to reliability it’s a whole different thing.

    • illwill says:

      so far its been rock solid for the month that it has been running. Only issues I have run into is using the google talk python stuff, it doesn’t seem to stay online reliably. Other than that the door code runs perfect.

      • truebassb says:

        It’s not that it’s not gonna run as it should but it has quite a few flaws to have acceptable reliability.

        I understand it’s a system for fun-first,but i will just state my opinion so you get food for thought,i design alarm systems for quite a few years now so i hope you’ll find a few ideas of mine helpful.

        The first that comes to my mind is that the Rasberry is very weak to be the heart of a Security System.

        The least you can do is add a secondary metal box for the Pi so to work both as a shield against physical tamper and as a Faraday cage against electromagnetic interference and keep as much of the wiring in it if possible.

        As it is if you do an electrical discharge near the box it’s gonna crash and a badwilling person can do serious damage to a hackerspace,and you might not be able to find out signs of forced entry.

        For the best reliable result i would suggest to add a compact secondary system based either on microcontroller and relays or just on a small microcontroller to handle the locking-unlocking and all the basic features and put that in a well protected insulated enclosure and at a hidden place,then use the Pi for all the other features such as the headshot and the RFID.

        The system must be designed so each vital feature will work independently even after you destroy either the main unit or take out any sensor or subsystem.

        You can also add an independent dialer system to call you everytime there’s motion where it should’t when the hackerspace is closed,but use mechanical switches and combined sensors,PIR is a joke,trust me.

        • Alex says:

          Circumventing security using EMP, really?

          More likely scenario: Someone smashes a window and steals all the tools and computers, completely ignoring the gray plastic box on the wall.

          • Alex says:

            Wait… Their shop door doesn’t even face the outside. It’s inside a big fancy facility.

          • truebassb says:

            Yes,last time i checked i was not kidding.

            NESIT unfortunately has been vandalized before,it proves it’s an accessible site no matter where it is.
            Whoever will get in there to steal would probably already know of what’s inside aswell about the security measures,otherwise they wouldn’t even try break and enter it in the first place.

        • SDC says:

          We have an RFID system at Bloominglabs and among other things we have motion sensors about, however they are of the PIR ‘joke’ variety (you use what you have). Of course it’s always great to make things better if you can, so are there perhaps some specific motion detectors you would recommend? Good points overall and ultimately yes you do have to consider all the possible ways your system can be subverted including the physical of course.

          • truebassb says:

            If you don’t want to swim deep into solutions check dual technology sensors with Microwave + PIR,you can easily defeat one but those two together is not much convinient,anyone seeing them will prefer to try a physical tamper. The only problem is usually a cheap one is within the 30-40$ range.

            You can also keep the PIRs you have and add pressure,proximity,or multispot beam sensors in different places where possible and where would not be visible.

            For the doors prefer mechanical microswitches placed at the top,you can combine them with reed switches if they are already present,it’s something i do on purpose. You can wire one as NC and the other as NO and the opposite contacts on each as a secondary tamper.

  2. Tom the Brat says:

    Egad, what a mess! That looks like I wired it.

  3. Dosx says:

    I just think it is down right beautiful considering all the stuff ya packed in there.
    I would’ve probably done abit more on cable control but it’s not final right so all is well in the world.

    Nice build!

  4. We’re currently working on something similar for our Hackerspace. Some good ideas here.

  5. Michel says:

    I just think it’s an awesome build!

  6. movax says:

    Very nice! I plan to do something similar, but I’m using some HID RP15s I picked up for a song from eBay. I tried doing my own kernel space driver for the RPi GPIOs (reading Wiegand data), but I think it’ll actually be easier (and still cheaper) to just rig up a MCU as a I2C slave that raises an interrupt pin whenever it finishes a Wiegand read, and then the RPi just queries it. Saves me trouble of worrying if the RPi misses a bit due to pre-emption or something.

  7. fartface says:

    100% insecure. the ONLY thing that should be in that box is the display and reader. everything else needs to be in a secure location All I need to do is bust the box off the wall and short wires to gain access from his design.

    • rasz says:

      why bust that metal temper proof box when you can just break LCD and get inside through the hole :)

    • Yup, had the same thought. Seems very, VERY easy to break in given that all components are on the insecure side of the door…

    • illwill says:

      good luck trying to rip the box open/off the concrete wall, then finding the correct wires, with out setting off :
      A.) the tamper button which emails alert and pictures from IP cam
      B.) the actual burglar alarm which you have 10 seconds to disarm
      C.) shorting the whole thing out

      • eldorel says:

        Well since they were so nice as to POST PHOTOGRAPHS OF THE INSIDE ON THE INTERNET, I can sit here and figure out the correct wires at my leisure.

        Additionally, One of the major rules of security is “physical access” == “compromised”.
        If they can touch it, they can suborn it.

        • illwill says:

          OK, which wires are they?

          • Doihn says:

            Instead of arguing why not accept defeat? This design IS insecure, never, never, never put the brain on the outside! The project is really nice, and it would be fairly easy to fix this security flaw, just move box on the inside and run cabels to the LCD and RFID unit?

          • illwill says:

            Not arguing, If someone wants in, they’re going to get in.

            See response below regarding the wiring. This is temporary.

          • Doihn says:

            Thats true, but theres no reason to make it any easier.. Not that the average criminal would try to hack the access system, they’d probably use force. But when you do re-run the wires, I’d definitely recommend only placing screen+reader on the outside and keep the RPI etc on the inside.

          • openmakersdaily says:

            >Not arguing, If someone wants in, they’re going to get in.

            Then save this rpi for another more useful project and replace the door with a curtain.

            >See response below regarding the wiring. This is temporary.

            Temporary how? hours? days? No, you said it was months. That’s just enough to let anyone study/steal that box. It has power supply, wires to the lock, so I just have to disconnect everything to prevent tweeting and connect the psu to the electronic lock.

            This design is neglecting every basic secure access control rule. Change it asap. Don’t be lazy and run new wires.

  8. doodad says:

    Wouldn’t the system be more secure with all the hardware inside your space with the display and RFID reader in a remote box outside the locked door? A plastic box with access to power and your door strike/latch will keep the honest upstanding folks out.

    • Rick says:

      I agree. This is a really cool project but putting the brains of this device inside the building would make more sense from a security standpoint. It seems like it wouldn’t be that difficult to do either. At least he has a tamper switch in place though.

      • illwill says:

        This is for short term, we are moving to a bigger space in the next few months, didn’t want to re-run wires, and with the added security features I think its reasonably safe. Anyone who succeeds in trying to bypass 1 parts still has the other features to overcome, and less than 10 minutes to figure it out before someone shows up.

  9. Eirinn says:

    I don’t get it and here’s why: RFID is a wireless tech.

    The only thing that should be visible from the outside is a door. No boxes no panels no nothing. You swipe the card on a marked spot on the door and the box on the OTHER side takes action. This way it’s impossible for anyone to know what type of security is used besides the fact that it’s wireless. The only thing presented is a blank un-featured door with a marking.

    Then the only way to get through is to bring a sledgehammer or find another way in.

  10. jpnorair says:

    It looks pretty good. One area for future improvement is to use a more powerful RFID reader mounted on the other side of the wall.

    • not needed. Such readers are just passive interfaces. The wiegand interface just spits serial number bits and has no intelligence. you can leave that on the outside and pleaaaaaaase fit this box inside your hackerspace before it disappears or is hammer-crushed after this internet invitation to steal/destroy it.

      Letting this box outside of the protected room is NONSENSE, and the “temporary” argument is totally invalid.

      Security is not related to any device, but to global system design. This is a cool mess of wire, but is a total crap when it comes to security.

      Again, if you say it’s temporary, I’ll answer that I don’t care.

      FIX THAT NOW, or keep known as the worst security designer of the internet for the rest of your life.

  11. Sugapes says:

    At the very worse someone might just take the box with him without even trying to get inside. That person will walk away with a nice enough hardware bounty of an PI, an LCD, an RFID reader, and a bunch of other cool stuff just for a few seconds of trouble of ripping the stuff out of the wall…

  12. Looks awesome indeed, like the access granted animation, bit like the alien movies ;). Regarding remarks in first post. Well you could add a microcontroller but don’t see much difference with a gpio pin to a transistor to a relais that supplies voltage to a doorlock. Or doing gpio to microcontroller to transistor to relais to doorlock. You said using emp or a high voltage discharge on the case would crash your raspberry pi. It won’t open the door because when it reboots it’s not going to turn on a certain gpio pin for fun. Again as the pi is only 30 bucks once you finished the case and it’s all nice you can just pour some resin into the box thereby waterproofing and sealing the whole thing against that attack ;). And you really think a guy that needs to steal even knows what emp is ;) IMHO you have a zillion more odds that he’ll be smashing a window or breaking the door or even just bang a hole in the wall instead…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,591 other followers