Smart lock protocol
Rick van Rein
rick at openfortress.nl
Fri Mar 13 09:31:09 EDT 2015
Hi Simon,
> First off, Thanks for all your ideas!
Your idea inspired me. I’m assuming this is a hobby project, as you probably gathered.
> The only problems with Kerberos are
> 1) it requires the user to have internet on his phone
There are many ways of bypassing that…
- you could use Bluetooth
- you could use a display and a QR-encoded link
> 2) the phone must contact the server and obtain tickets every time it wants to lock/unlock the door which adds delay (not sure how much). A solution would be to have a phone app get a new ticket say every 15 minutes. This would probably drain battery though.
In fact, you don’t have to renew every 15 minutes; it is up to the KDC policy how long a ticket will last. You could set it to whatever time is desirable to you, not necessarily the common 1 day that is used for desktop tickets. But yes, a ping-pong with the KDC is required, see suggestions to connectivity above. The packets are hundreds of bytes only, so many mechanisms are available to use.
> 3) makes the process dependent on a central server meaning if my server goes down my friends and I can't access our homes. Pretty sure they'd be pissed off about that =).
Haha :) you might want to setup a redundant system if that is your main concern. That might be a bit steep for a hobby project… unless your friends adopt the same technology and you share space on each other’s servers. You don’t even need to trust your friends to do that; they could be running their own realm and simply grant you an account that also happens to work on your front door.
As for the access unlocker system, yeah that’s going to be vitally important, no matter what solution you’ll pick, duh :) but redundancy could be built around a separate system for your back door or balcony…?
> I think it would be better to just save all the authorized users on the lock itself and use public key cryptography. This is safer and offers better user experience I believe (faster response times). The downside is indeed that you cannot easily grant temporary access to your home or make changes to the authorized user list remotely.
I doubt you’ll get better response times from pubkey crypto than from Kerberos —that’d be a first— but compared to the slowness of mechanisms you shouldn’t notice the difference. And yes, pubkey crypto is the predictable way out. You’ll be managing trust if you choose long-term validations based on flimsy tests (as is common in default X.509 certificates) though.
-Rick
More information about the Kerberos
mailing list