|Access control system|
|New version including sound, video and LDAP authentication|
Managing access control to a laboraroty in educational environment has always been an issue.
Many systems exist, from a simple numeric code that is shared by every user, to most sophisticated biometric authentication like finger print scaners. Options available could include camera to record who is crossing the door, card with proximity reader, card with swipe reader, etc.
A numeric code access would be simple and cheap, but it means sharing the code, which could easily be given to unauthorized users. Changing the code and making known of the change would be a problem.
Card systems would be a solution, although one could hands his card to some unauthorized user. But managing the cards is a problem. Every new user must be given a card, the card must be authorized in the system. Lost cards must be canceled and a fine should be put on the user. Card systems are of a non-negligible price.
Biometric systems would be another solution, but still every new user must be authorized with the system. Biometric systems are even more expensive than card systems.
In a Computer Science department, there is one resource that every user has, it's an account on the servers, protected by a username and password. But none of the above system can integrate well with the username and password already existing for each user.
If we could re-use an old machine, with a little bit of electronic and few components, we could develop a control access system for only a fraction of the price of the build-in card system. This system would take full advantage of the existing username and password, as it would be the authentication used to grant access. Each new user on the server will have an account created, and will be able to access the secured room, in one single registration operation.
Security wise, it is quite safe, as a user would not be likely to share a password that gives access to all his files, emails, and maybe thesis work.
This new version includes an audio interface for visually impaired users, taking video instead of still pictures and authentication to an LDAP directory.
Few minor bugs were corrected.
It has been ported to FreeBSD 6.3.
The user interface is different whether the user is entering or exiting the secured room.
When exiting, the user presses a button to unlock the door.
When entering the secured room, the user will have either to enter his username and password, or simply press on the Enter key of the keyboard. Depending on the time of the day, it may be decided that a simple access is provided, while a stricter access control is implemented at night and during holiday.
The door will then close and relock automatically.
If the door is forced open, or kept open for a too long time, an alarm will ring.
If the sound interface is installed, there are different key-click sounds when typing the user name and the password, there are audible messages to inform of the username that has been typed, and when the password is rejected. A buzzer sound is heard when the door is unlock.
The overall project has been implemented with user security concern. In any case the system should be fail safe, that is the door is unlocked.
Using a magnetic lock (an eletro-magnet) is the first step in security. The electro magnet is only active (locking the door) when there is power provided; in case of power failure, the electro-magnet will be inactive and the door will be naturally unlocked.
After the computer has finished the boot sequence, all relays are open (they close for a short period during boot sequence). The way the cabling is done, when the relay 2 is open, the magnetic lock receives no power, so it is unlocked.
The program locks the magnetic lock only after the configuration file has been safely read, major initializations have been done and all signal handlers have been set-up.
In case of failure, or is the program is aborted with a kill(1), the door is unlocked before the program exits.
Warning: a KILL signal will stop the program in any current state, this signal cannot be caught, so there is no way to unlock the door before the program exits when this signal is used.
The door opens to the outside, once it is unlocked, users case push on the door to exit the secured room in case of emergency.
Despite testing, the program could fail and the door remains locked. An emergency switch has been installed inside the secured room, to interrupt the power supply of the magnetic lock. As the computer running the system is located inside the secured room, and for the same reason, a key switch has been installed outside of the secured area, this switch allows interrupting the power supply to the magnetic lock. Both switches act on a purely electric way, they do not interact with the program or the relay card.If the door is opened using one of the switches, most probably the alarm will ring as the program will detect that the door has been forced open.
|Contact us: Olivier Nicole||Last update: Feb 2008|