Ryan and Syed are competitive Rubik's cube solvers and know a lot about twisty puzzles in general. Once, we were talking in a group and the topic of twisty puzzles came up. Henry, upon hearing the fact that 3x3 cubes have over 43 quintillion different combinations, thought that cubes could make an excellent way to perform authentication.
What it does
Using a camera, pictures of a cube's faces are taken, which generates an encryption key to secure a 2FA keychain. A Python-based CLI is used to interface with the device. From there, you can add 2FA codes or decrypt codes. We use asymmetric encryption to secure the keychain and encrypt the private key with AES using the pattern from the cube. Decryption is always performed on the scanner to preserve the integrity of the 2FA secret.
To scan the cube, we use a Python application to read in images from a camera, where we use OpenCV to scan for the individual pieces and colours on the cube which construct the cube in the code space.
How we built it
We used Firebase's Python SDK to store the keychain and communicate between the client and the scanner. The device itself is made from a display, a camera and LED lights, with an Arduino and Raspberry Pi to manage automated movement. Since we had issues getting the Raspberry Pi to control our 16x2 LCD, we relayed instructions to an Arduino video serial.
Challenges we ran into
Henry - Bashing it all together and trying not breaking firebase
Andrew - Everything tbh
Ryan - Figuring out how OpenCV works
Syed - Also figuring out how OpenCV works
Accomplishments that we're proud of
We constructed our first fully functional hardware hack, overcoming several barriers that came about as a result of inexperience. Over time we adapted to our tools and learned appropriately, which allowed us to complete to a satisfactory degree. To us, that is a great accomplishment.
What we learned
We learned a great deal about the tools we used in the making of the project (listed above). We also developed our teamwork skills in task delegation and other matters.
What's next for Cube Factor Authentication
- A desktop application that uses a webcam, or mobile app that uses a phone camera
- Professionally designed scanner unit (something better than cardboard box)
- Ability to use different puzzles (higher order cubes, pyraminxes, megaminxes, etc.)