Smart lock protocol

Troy Benjegerdes hozer at hozed.org
Thu Mar 12 19:50:01 EDT 2015


I think this is brilliant, especially if you separate 'who you are' from
'which lock do you have access to' with LDAP, and then you can just point
your door lock at your home 'data furnace' Microsoft Active Directory 
server if you want to make it easy for home users, or to a cloud service,
or if you actually want something secure, a nice hardened embedded linux
box (or embedded openbsd?) server.

There are so many things that get simpler (and are more secure) than public-key
crypto if you can utilize the kerberos protocol and cross-realm trust.

Each lock gets a secret key known only to it, and the Kerberos server(s).



On Mon, Mar 09, 2015 at 03:00:24PM +0100, Simon Peeters wrote:
> Hi all,
> 
> I’m working on a electronics project to lock and unlock my door via my
> phone (with Bluetooth). It works well but it’s unsafe since I just send the
> lock and unlock command in cleartext, without authentication or encryption.
> I would like to add authentication to this so that only I can enter the
> house. I should be able to give friends/family access and revoke the access
> remotely (without being in Bluetooth range). I also would like to give
> other people (e.g. the cleaning lady) temporary access ("each Wednesday
> between 1pm and 5pm”). Since I would like to do this remotely I think I
> would need a server.
> 
> I remember the protocol Kerberos from my crypto class which seems like it
> would get the job done. I went to talk to two post-docs at the cryptology
> departement of the university where I study and they were convinced
> Kerberos was overkill in this situation. I’m not sure if they are correct
> though, since they didn’t seem to have a lot of experience with it. So my
> question is whether this really is overkill and whether another protocol
> would be a better fit for this?
> 
> Thanks in advance!
> 
> Simon
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 
----------------------------------------------------------------------------
Troy Benjegerdes                 'da hozer'                  hozer at hozed.org
7 elements      earth::water::air::fire::mind::spirit::soul        grid.coop

      Never pick a fight with someone who buys ink by the barrel,
         nor try buy a hacker who makes money by the megahash



More information about the Kerberos mailing list