Close
0%
0%

KeyRing

Wearable token providing seamless & secure authentication

Similar projects worth following
The KeyRing is a wearable open source/hardware token which removes the daily hassle of authenticating yourself to the various systems you use (house, car, phone, computer, websites, etc.) in addition to greatly increases the security of these authentication methods.

Security has always been a delicate balance between difficulty of bypassing and convenience. Think of all the various authentication "tokens" you use throughout the day. House keys, car keys, & numerous passwords to your gadgets & websites. These all provide little in the means of security while also tending to be inconvenient and cumbersome to use/remember. The AuthBand is a wearable open source/hardware token which aims to solve the aforementioned daily authentication problem.

Important features & differentiators from existing products

  • Does not require a smartphone
    • everything you need for authentication is contained within the KeyRing
  • Simple & secure asymmetric authentication
  • Possible future applications to mobile payments
    • Originally was going to use a Java Smartcard IC so that it would be possible to run apps like Visa PayWave but found them very closed off & hard to get.

System Overview

Communication

A Bluetooth Low Energy module provides low power communication with the authentication systems.

Security

A crypto module is a tamper resistant module that securely & efficiently carries out cryptographic operations. They also usually have secure memory for storing sensitive data such as keys. In this project, a crypto module will be used to generate a public/private key pair & when challenged by an authentication system, use the stored private key to generate the valid response.

User Input

Accelerometers & gryoscopes are used to capture user inputs such as tap gestures or hand waves. These gestures are used to determine if a user wants to do an action (i.e. unlock the door).

Future

I haven't really touched upon the usage case details much in the write up because it is a whole additional project/movement in itself but it is crucial in my opinion. It is important to not only move to a public key cryptography solution but also to take he security critical authentication processes out of the hands of manufacturers, web designers, etc., & move them to one main authentication entity (depicted as Public Key Server in the video below). This serves two purposes: solves the public key infrastructure issue & it remedies the all too often problem of companies implementing security systems incorrectly. Anyway that is my rant for now, more on that later...

  • 1 × BLE nRF8001 Bluetooth Low Energy Module
  • 1 × Atmel ATECC108A Atmel CryptoAuthentication
  • 1 × Microcontroller Low power microcontroller to handle exchange between BLE & crytpo modules
  • 1 × Accelerometer
  • 1 × Gryoscope

  • New year, new attempt

    Chris Finn04/12/2016 at 00:43 0 comments

    Another year & yet again this project has fallen to the wayside. Revamping it for this year, moving away from the wristband & focusing on a sleek ring that's sole functionality is authentication. I already have the microcontroller I want to use, testing key generation this month.

  • Evaulation kit

    Chris Finn08/16/2015 at 13:05 0 comments

    The evaluation kit has arrived! This next week I plan on generating an ECC key on the device & writing a simple program that will retrieve the public key from the device, issue authentication challenges, receive the responses from the device, & determine if valid. Once this is complete, the next step is to implement this back-and-forth over a Bluetooth connection.

  • Crypto Module

    Chris Finn07/25/2015 at 18:49 0 comments

    After doing more research into the secure authentication IC marketplace, I have decided to move away from my original plan of a secure element -- essentially a tamper resistant microcontroller that usually runs some kind of JavaCard operating system. The advantage of the secure element implementation was that current JavaCard apps like Visa Paypass could be integrated into the project but I decided that the secure elements were to secretive & hard to get ahold of & more of a headache than I think they are worth. Also they introduce extra layers of complexity that I believe increase the probability of a security issue.

    What am I considering using now you might ask. Good question! Well, I wanted a small footprint, extremely low powered IC with anti-tamper mechanisms that is made to efficiently carry out Elliptic Curve Digital Signature Algorithm (ECDSA). Also two other vital features I was looking for were availability (no sense in finding the perfect chip if I can't get my hands on it) & a good & affordable dev kit. With these features in mind, my searching lead me to the Atmel ATECC108A. I think it is a perfect fit for the project & ordered the evaluation kit the other day. I should have some preliminary results up in about two weeks & if all goes well, I will get the dev kit (more expensive so wanted to use the much cheaper eval board first) & start building my first prototype!

  • So I'm back at it

    Chris Finn07/25/2015 at 18:30 0 comments

    I came up with this idea over a year ago & when the Hackaday Prize contest was launched around that same time, I was motivated to actually start looking into making my idea a reality. Although I was able to more concretely lay out my idea, I did not have the time or resources to being development. Now with the 2015 Hackaday Prize in full swing, I have decided to reapply myself to the project & make some good progress towards an idea I truly believe in.

  • Power Considerations

    Chris Finn08/21/2014 at 03:19 0 comments

    At first, I wanted to use NFC so that batteries would not be an issue but seeing as NFC is not making its way into US mobile devices as fast as I thought, BLE is a promising alternative. BLE is very convenient with its power usage & I am aiming to hopefully be able to have the finished product last for 2-3 years on its battery, possibly by employing flexible batteries (to be looked into!).

  • Heart-rate Analysis

    Chris Finn08/21/2014 at 03:14 0 comments

    There is a lot of work to be done in this department & it is pretty far out of my expertise but there is a surprising amount of projects out there which track heart rate. I will utilize these projects along with pattern matching algorithms in order to create a system to validate a user based upon their heart-rate.

  • Secure Element

    Chris Finn08/21/2014 at 03:06 0 comments

    Choosing a secure element is the toughest part of this project. All the popular ones, (NXP, Infineon, etc) are proprietary & go against the openness of the project & therefore can not be used. In order to keep the openness of the project, I have chosen to base my secure element design off of work done on cryptocores over at http://opencores.org/projects.

    The design should be very minimal as to keep the attack surface as small as possible. Also, best practices for side channel & tamper resistance will need to be included.

  • Bluetooth Module Selection

    Chris Finn08/21/2014 at 02:59 0 comments

    For the Bluetooth module, I decided upon the Nordic Semiconductors nRF8001. The nRF8001 is an affordable Bluetooth v4.0 low energy IC with the ability to run off of coin cell batteries for years. It also seems to be the most widely utilized in the community which will make it much easier to work with.

View all 8 project logs

Enjoy this project?

Share

Discussions

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates