Skip to content
@All-Your-Locks-Are-Belong-To-Us

All Your Locks Are Belong To Us

Using FIDO for Electronic Locking Systems

Using FIDO2 In Electronic Locking Systems 🔐

Unlocking an electronic access reader using a FIDO2 hardware authenticator

This group is a result of the 2021/22 Hot Topics in Secure Identity Research seminar and the 2022 Behavioral Authentication and Physical Access Management seminar at the Hasso-Plattner-Institute (HPI).

FIDO2 in the context of Electronic Locking Systems

In the 2021/22 winter semester, we evaluated whether FIDO2 can be used not only for authentication in the web, but also for authentication offline in electronic locking systems.

This organization holds the changes we made to existing tools in order to build a working proof of concept. It uses a Solo 2 hacker edition as the FIDO2 authenticator, an ACR-122U NFC reader, a Raspberry Pi 3B+, and some status LEDs. The access rights are written onto the authenticator using a custom web application and Chromium.

Proof of concept consisting of a Solo 2, ACR-122U and Raspberry Pi

Repository Overview

We modified the following components of the Solo 2 firmware and tools to include the necessary CTAP 2.1 features:

To test our firmware changes and simulate a lock, we developed a small suite of tools for FIDO2. Even though the CTAP2.1 standard specifies DEFLATE (RFC 1951) for large blob compression, Chromium uses GZIP (RFC 1952). Therefore, we added GZIP compression to the libfido2 for now. We filed a bug report for Chromium to address this behavior.

Finally, we write access rights onto a FIDO2 authenticator using a small web application. The dependencies we used did not support the newest FIDO2 features, so we added them.

Implementing a FIDO2 Relying Party on microcontrollers

In the 2022 summer semester we built upon the previous project and implemented a FIDO2 library for microcontrollers called libmicrofido2.

The library was inspired by libfido2 and we ran it on the AVR ATmega1284P, the nRF52480 and the ESP32-C3FN4 microcontrollers.

With this library, the existing structure from the previous semester can be used on microcontrollers, thus the access control can be implemented on electronic door cylinders.

Unlocking an electronic locking cylinder using a FIDO2 hardware authenticator

Repository overview

To implement the libmicrofido2, we modified various other libraries and integrated them into the library.

To test and develop the application, the previously mentioned fido2-debug-client was used. To create FIDO2 access rights with the CTAP 2.1 largeBlob extension, the webauthn-updater was used.

Pinned Loading

  1. libmicrofido2 libmicrofido2 Public

    Minimal FIDO2 library for microcontrollers

    C 16 6

  2. fido-authenticator fido-authenticator Public

    Forked from trussed-dev/fido-authenticator

    FIDO authenticator Trussed app.

    Rust

  3. webauthn-updater webauthn-updater Public

    Demonstration of writing data to a FIDO2 authenticator using WebAuthn and the CTAP 2.1 largeBlob extension. 🖥️

    Python 1 2

  4. fido2-debug-client fido2-debug-client Public

    A small suite of tools for FIDO2 using the libfido2. Also contains a simulator for an electronic lock that reads and validates access rights. 🔓

    C 2

Repositories

Showing 10 of 21 repositories
  • .github Public
    All-Your-Locks-Are-Belong-To-Us/.github’s past year of commit activity
    1 0 0 0 Updated Jul 1, 2024
  • solo2-cli Public Forked from solokeys/solo2-cli
    All-Your-Locks-Are-Belong-To-Us/solo2-cli’s past year of commit activity
    Rust 0 Apache-2.0 31 0 0 Updated Oct 19, 2022
  • libmicrofido2 Public

    Minimal FIDO2 library for microcontrollers

    All-Your-Locks-Are-Belong-To-Us/libmicrofido2’s past year of commit activity
    C 16 6 6 1 Updated Aug 31, 2022
  • webauthn-updater Public

    Demonstration of writing data to a FIDO2 authenticator using WebAuthn and the CTAP 2.1 largeBlob extension. 🖥️

    All-Your-Locks-Are-Belong-To-Us/webauthn-updater’s past year of commit activity
    Python 1 MIT 2 0 1 Updated Aug 11, 2022
  • libfido2 Public Forked from Yubico/libfido2

    Provides library functionality for FIDO2, including communication with a device over USB or NFC.

    All-Your-Locks-Are-Belong-To-Us/libfido2’s past year of commit activity
    C 0 166 0 0 Updated Aug 10, 2022
  • fido2-debug-client Public

    A small suite of tools for FIDO2 using the libfido2. Also contains a simulator for an electronic lock that reads and validates access rights. 🔓

    All-Your-Locks-Are-Belong-To-Us/fido2-debug-client’s past year of commit activity
    C 0 MIT 2 0 0 Updated Aug 10, 2022
  • cb0r Public Forked from quartzjer/cb0r

    Minimal Zero-Footprint CBOR Decoder in C

    All-Your-Locks-Are-Belong-To-Us/cb0r’s past year of commit activity
    C 1 Unlicense 13 0 0 Updated Jul 27, 2022
  • Monocypher Public Forked from LoupVaillant/Monocypher

    An easy to use, easy to deploy crypto library

    All-Your-Locks-Are-Belong-To-Us/Monocypher’s past year of commit activity
    C 0 83 0 0 Updated Jul 20, 2022
  • tinf Public Forked from jibsen/tinf

    Tiny inflate library (inflate, gzip, zlib)

    All-Your-Locks-Are-Belong-To-Us/tinf’s past year of commit activity
    C 0 Zlib 23 0 0 Updated Jul 20, 2022
  • aes_gcm Public Forked from anibali/aes_gcm

    AES-GCM encryption with AVR support

    All-Your-Locks-Are-Belong-To-Us/aes_gcm’s past year of commit activity
    C 0 2 0 0 Updated Jul 20, 2022

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…