AccessControl

This is a page about door entry systems with the aim of providing more flexible access options for users of shared semi-public spaces like social centers. It touches briefly of various solutions but focused mostly on the idea of using a computer and remote triggering from mobile phones with caller ID.

AccessControlExperiment

Background to access control issues and methods

I thought other spaces might be interested in the solutions we've implemented at the rampART relating to access issues.

Traditional lock and key

Like most places, we started with normal locks and keys but soon grew to dislike them. Not everyone can have keys and the few that have them are put in the unenviable position of being 'gate keepers'.

Keys can be copied once you give or loan them out. They propagate by themselves. All your keys are identical and if one person losses theirs you must replace everybody's which is likely to cost a fortune, especially if you are using security locks.

Too many keys creates security risks but having too few places a lot of responsibility and power on the key holders. Who gets the keys? Who can they let in or loan the keys to? Who should be refused? Can the keyholders be around to provide access for all that need it?

Other systems may not solve all the issues or answer the difficult questions but they can certainly help.

Combination Padlocks

We've avoided combination padlocks generally. They are great for cupboards but generally no use for normal doors which you want to remain locked most of the time while allowing those beyond them to be able to get out. They might be good for gates where you can reach the chain and padlock from both sides (but weld the padlock to the chain and the chain to the gate, or it will eventually go missing).

Remember that these things can be quite easy to pick (but padlocks are generally crap anyway). Having a limited number of combinations (<1000 in some cases), anyone with enough time on their hands will eventually be able to open the lock.

Code locks

Mechanical push button code locks were the answer to our prayers and cost about 25/30 pounds on ebay http://search.ebay.co.uk/search/search.dll?sofocus=bs&sbrftog=1&catref=C6&from=R10&satitle=push+code+lock&sacat=-1%26catref%3DC6&sargn=-1%26saslc%3D3&fsop=1%26fsoo%3D1&coaction=compare&copagenum=1&coentrypage=search (upto 60 in the shops).

You can give people the code in person (or even over the phone if need be). Codes do propagate (even more easily than keys are copied), getting passed on thoughtlessly or maliciously. However you can change the codes on a regular basis to limit the problem. We gave out codes during weekend long gatherings so everyone could get in at will and then changed the codes after the event. However, they are quite a pain to change and since each lock can only have one code, whenever we changed the code we had to find a way to inform all those who had need for the new code, all the different groups using the space, a nightmare.

These locks are not generally made for external use. Although they are very robust and pretty weather proof the actual latch mechanism isn't that brilliant. We found it was possible to make a hybrid system whereby the mechanical codelock operates a homemade electrical switch activating the release of an electric door strike. We did this because we had fitted a intercom door entry system and needed a way to include/bypass the codelock but it had the added advantage of using a much more robust mechanism.

RFID locks

Changing the codes on the mechanical code locks (and informing everyone of changes) proved to be annoying so we installed electronic keypad locks with RFID. This allowed us to give regular users a keyfob which opens the door - no code to remember! Unlike a key, it can not be copied (easily). Also, unlike a key, if one is lost we just disable that one without effecting everyone else and without the cost of replacing the whole set.

We can also create and give out passcodes instead of keyfobs if need be (and you can give them to people over the phone in emergencies). These are great for visitors (who tend to forget to return fobs). And because you can have more than one code in use at a time, you can revoke individual codes without effecting everyone. For example, we might have a weekend long gathering of twenty people and give them all one code but at the same time we might have a couple of people staying as guests for a week and they can have a different code. At the end of the gathering we can delete one code and leave the other active until the guests leave.

This system might sound like it would be expensive but it's not. The rfid keypads plus a set of fobs cost under twenty pounds at the moment (~16 pounds on ebay including postage http://search.ebay.co.uk/search/search.dll?sofocus=unknown&sbrftog=1&from=R10&satitle=rfid+door&sacat=-1%26catref%3DC6&sargn=-1%26saslc%3D3&fsop=1&fsoo=1 (with 5 or 8 keyfobs, normally a pound each)) plus the electric door strike which you should be able to track down for no more than a tenner. In all, it's about the same cost as a mechanical push button lock but loads more flexible.

When compared to a normal yale lock etc it's obviously more expensive initially but once you've cut a set of keys for everyone and then had to replace them when one goes missing, you'll soon appreciate the savings and the additional functionality.

Time/Date authorisation with remote triggering

History of the idea

The RFID system is great but I wanted to be able to grant entry to specific people, or groups of people, on specific days/times. Such as system would significantly reduce the security issues inherent in having giving all users of the building 24/7 access. For example, we need to provide somebody with access every tuesday evening but we know from past experience that this person takes the piss if given a code or keyfob that grants permanent access.

Other examples would be regular or one-off meeting/gatherings/convergences where you want to be able to grant large groups of people access but without the security implications of having given a bunch of strangers complete access to the building at all other times.

I looked at various possible solutions and it was obvious that a computer would be needed to check access permissions against dates and time etc but I wasn't sure what input/authentication device would be best for the task.

As previously mentioned we currently use RFID keyfobs and pin codes. The keyfobs are great because they can't (easily) be copied like keys and can be individually revoked, but PIN codes are not so good as they don't need to be copied to be passed on. However, if PIN codes could be combined with time based permissions then they would be very useful. For example, give all members of the samba band a PIN code that works every wednesday during the hours of practice and then they don't have to worry about how to knock loud enough for somebody inside to hear them and let them in if they arrive late and drumming has started.

However, while our all-in-one RFID/code locks are dirt cheap, they can't be interfaced with a computer in the way that would be necessary to add time based permissions. So what would we use as the input device for authentication? You need one for everydoor you wish to provide access control on and while ideal the stand alone RFID readers are not cheap. I looked at other options such as USB keypads (which are dirt cheap), magnetic card readers and even fingerprint scanners (which would be amusing) but then by accident I hit on what seems could be a pretty nifty solution.

Remote trigger via phone

I was worrying about an incident (quite common) when nobody was around to let somebody in and I was phoned and asked for access. I was miles away so could not help but this led me to think that it would be great to be able to remotely trigger the door release via a phone call.

Mobile phone door release hardware hack

My first thought was that I could take an old mobile phone and wire it up to the door release so that when the phone was rung, it would trigger the door strike. In it's simplest form the phone number would be kept secret and people needing access would phone a member of the collective then that person would ring the secret number and the door would unlock.

CallerID as authentication

I realised that the mobile phone hack idea can be pretty sophisticated, using callerID as the basis for checking authorisation. All you need is a phone that allow you to assign different ringtone profiles to different caller groups. Then you set it up so the people you want to be able to open the door use a ringtone profile that uses the vibrate function and then wire up the vibrate mechanism so that it operates the door latch relay. Callers which are not in that list will not trigger the vibrate and will not be able to open the door.

This sounded pretty cool but I then realised that this idea could be taken much further and incorporate the time based access control features I've been wanting to add.

Computer based system using Asterisk

You need to involve a computer if you want the level of sophistication required for time based authorization but I was concerned about the interfacing and programming complications. Then I realised that the open source asterisk PBX system would be perfect, not only providing the framework for the phone based elements but also capable of scripting the time/date authorization and triggering external scripts which could interface with the door release.

At it's simplest and cheapest, the only additional hardware required, apart from an old computer to run asterisk on, would be some some 5v switching relays and a parallel port plug.

Asterisk would look for incoming calls on specific numbers (probably one for each door required) and then check the time, day and caller ID against an approval list. If there was a match then asterisk would launch a shell script which triggered the required output port and that would trigger the relay and the door release. There would be no charge for the user making the call as the call is actually never answered.

If no match for permission was found then asterisk could either forward the call to a member of the collective (which would incur a cost to both the caller and the social center) or just play a message which might include another phone number for a collective member. The final approach would result in a cost for the caller but not the social center.

The system would be very flexible. For example, it could be programmed so that any caller ID would trigger the door release on certain dates/times. This would be perfect for regular meetings of semi public groups such as the samba band or radical reading group etc. It could also be programmed only to provide that wide open access AFTER the door has been opened by one of the facilitators of such an event.

Alternatives to Asterisk

Asterisk provides the perfect and obvious framework for the phone stuff, but might not be the best choice for doing the actual authorization checks against callerID and time/date. Asterisk dialplans are quite hard to learn and new callerIDs and permitted hours may need to be added quite often. The admin needs to be simple enough that all members of the collective can do it without the danger of fucking up anything else.

It would be possible to create the admin function entirely in asterisk and provide the admin interface as a phone based menu. eg. you call a phone number dedicated to admin, enter a PIN when challenged, choose the appropriate admin option from a menu read to you, enter the callerID and time/date info you wish to add or delete, then press something else to confirm or edit those changes. However, another possibility might be to provide simple web based admin to a database of access rules. You could probably get asterisk look at the database but I don't know how to do that so I figured a better way might be to use a web application for the whole authorisation function.

(Looks like the DACS suite would make this task easy http://metalogicsoftware.ca/dacs/man/dacs_acs.8.html http://dacs.dss.ca/man/index.html http://dacs.dss.ca/tips.html#TIME_BASED_ACCESS)

This would allow the use of a wide variety of programming environments including PHP or Pearl scripts and more importantly it would allow the authorisation to take place on a separate box from the one running asterisk. This is important as it means the phone line (note: you don't actually need a phone line if you use free VoIP numbers) and the asterisk box can be physically in a completely different place than the door system. It also means that the door system can run on very very low spec, low power and low cost equipment such as a 486 laptop with no working battery or screen.

When asterisk receives a call to a number assigned to a door, it calls up a webpage and passes the callerID as a parameter in the URL. The webpage is hosted on a webserver running on the low spec box at the door and it runs a script which checks the callerID and date/time against it's database before allowing or refusing entry. Updating the system would be a simple mater of updating the database via a password protected online form of some kind.

Interestingly, this system allows all the telephony side of things, the asterisk box, dialplans etc, to be shared by multiple projects without any duplication. In fact, it could utilise the blasterisk system already in place.

Hardware for computer interface with electric door strike

There are no doubt several ways this could be done including off the shelf devices designed to do exactly this, operate a door from a PBX system. However, the cheapest way would be to build an interface utilising the parallel printer port as a digital output and using a few simple components to make a simple relay board. Alternatively, you could save the time and effort and just buy one off ebay http://search.ebay.co.uk/search/search.dll?from=R40&_trksid=m37&satitle=PC+relay+unit for about twenty quid.

Software to control the interface

When using the LPT port as digital output, control is as simple as sending a character to the printer. If you only have one door to consider then you can literally just print something and you will probably trigger the output you are using. However, you might as well get it right and address the specific bit.

Somebody on one of the IRC hacklab channels wrote this simple C code to control the port. http://rafb.net/p/L1ty2T48.html

This 'parapin' project looks handy http://parapin.sourceforge.net/

Remote ethernet relay control

As described above we are looking at a system that has a single asterisk box somewhere (perhaps even in a different building or even a different country), which talks to a low spec computer near the door which operates a relay via the printer port to open the door. If you want to open more than one door and they are not close to each other then you have two possibilities, either run long wires from the relays to the doors or have more than one computer.

This got me thinking. If you choose do to the authentication check on the asterisk box then the computers don't have much to do apart from trigger the relay and yet they have to be on all the time. That's quite a waste of energy even if they are old laptops with no screens. How about using ethernet print servers instead?

These use very little power, are dirt cheap and easy to find for free. In theory the LPT relay boards should work on these but the question is how do you communicate with them. I tried searching the net for others that had used them this way but failed to find anything at first so I chatted with a couple of people to see if it sounded possible. Later, somewhat reassured, I did some more searches and hit gold, a webpage describing a way to turn on your coffee maker via ethernet using old print servers! http://www.tekkies.co.uk/index.php?option=com_content&task=view&id=17&Itemid=28

Now I know it is possible I think this is quite an exciting development. It opens ups all kinds of crazy remote control options which I'd not have considered worth the effort before.

Here is another person who has done it http://www.doktor-andy.de/joomla/index.php?option=com_content&task=view&id=40&Itemid=52&lang=en. And I found this related but different use of stand alone print servers for remote monitoring. ie. inputs http://www.hometoys.com/htinews/jun04/articles/drake/drake.htm

Problems with phones for authentication

Problems I can foresee with this system are that no everyone has a mobile phone and they would need credit to make a call even if they were then not charged for that call. Also, it assumes that people with mobile phones have a charged battery. However, I think these problems could be partially solved by placing a phone handset at the front door which links to asterisk and either have those calls forward to a member of the collective or use some kind of pin code system to deal with this eventuality. Others have pointed out that people could use a call box but I don't think that particularly realistic as you'd either need an extra person to stand by the door waiting for the call to trigger the release, or have a time delay on the release so that the person making the call has time to get from the call box to the door.

People might start phoning somebody they know to have 24/7 access and asking them to open the door for them remotely. This is probably not a significant problem as hopefully anyone who is given 24/7 access is probably fairly trustworthy and responsible.

Another problem is that callerID's can be spoofed so all somebody needs to do is ask a member of the collective for their phone number and then spoof it to gain access at anytime. With this in mind it might be best to use a secret phone number for 24/7 access or incorporate a pin code challenge for callerIDs which grant 24/7 access. However, while callerID is easy to spoof, it's probably not a major security issue as other means of gaining malicious entry as easier, eg. following other people through the door, entering the premises during more public open hours then hiding till later or just forcing the door open.

There are also privacy and security issues to consider as you are keeping phonenumbers in a database somewhere. However you could conceivable store just the first eight or nine numbers rather than the full eleven.

Advantages over other authentication methods

The ability to remotely activate the door for people can not be provided by other methods.

You don't need to supply the key, keyfob, swipe card etc. as the user already has the phone (probably).

Users are unlikely to loan others the 'key' as it is their phone, generally considered more valuable than even their wallets/purse.

No need to add additional authentication device for each door. There is only ever one, the asterisk box - just assign additional VoIP numbers.

No problem figuring out how to utilise multiple authentication devices on a single computer.

Other possible authentication methods

Fingerprint locks

I really liked the idea of having the first biometric squat. It appeals to my sense of irony but probably wouldn't go down well with others so I've not done it. However, these fingerprint scanners are cheap, less than thirty quid in the high street and can be had for a tenner on ebay. The software is an issue, generally windows only. They are designed to automatically provide passwords for websites requiring authentication so you just create a password protected webpage that calls a script that open the door - simple.

I have doubts that you can easily have more than one fingerprint reader on one computer which would probably be a pain if you wanted these things on more than one door. You'd probably have to have one computer for each door which is pretty crap.

The first generation of these scanners could be fooled with fake prints taken from the greasy latent prints left on the device from the previous user. Newer versions require the user to swipe their finger over the scanner and so can't be fooled that way.

As for the privacy issues that some people might worry about with biometric devices, the truth is that these cheap consumer finger print scanners are actually very simplistic. They don't really store and compare fingerprints at all, they only store a something like 5 points on an x-y axis which represent swirls or dead ends on your finger print. It's like storing just the initials of your name.

Bluetooth proximity

While looking at newer and more exotic methods we should perhaps mention bluetooth. It would be easy to rig up a computer with a bluetooth dongle to identify the proximity of a pre-aproved bluetooth device by the door and trigger the door release. Unfortunately, while most modern mobile phones have bluetooth, some do not. Nether-the-less, this method is very cheap and will become more viable as bluetooth becomes standard on all phones.

Useful links

Electric door strikes

M1lock and M1ALock @ £8.25 (Exc VAT) http://www.magneticlocks.co.uk/acatalog/Door_Strikes.html

Dorcas range of budget low cost Electric Strikes http://www.secure2000.co.uk/dorcas-electric-strikes.html

LPT output control

Parallel port interfacing made easy: Simple circuits and programs to show how to use PC parallel port output capabilities http://www.epanorama.net/circuits/parallel_output.html#circuithow

Linux I/O port programming mini-HOWTO http://www.faqs.org/docs/Linux-mini/IO-Port-Programming.html

Using the Computer to Switch Power http://hinespot.net/circuit.php

Online example http://vitsch.net/projects/lightcontrol/