Unblock

Unlock and block access to your door with Unblock!

Comment

title

Idea

Our idea was to create a novel system that made the unsecure secure. Bluetooth connection is something that is normally easily spoofed or broken into as seen by recent hackings into new cars such as Teslas or Mercedes. However, Bluetooth also has its advantages in its locality and enabling quick pairing with mobile devices. In our project, we aimed to make a system that combines the benefits of Bluetooth while developing a way to securely manage the unlock transactions to offer convenience.

inspiration

Inspiration

Have you ever walked home with hands full of groceries, struggling to open the door? Have you ever wanted to protect your packages and deliveries from porch thieves? Have you ever wanted to securely invite your friends into your home from across the country? Unblock securely accomplishes this and more using a custom lock and your phone.

tech

What it Does

Unblock is a bluetooth based door lock system that turns your mobile phone into the key to seamlessly allow you to enter your home and other spaces while also allowing you to temporarily enable guests to enter as well.

By connecting to the internet, we enable the owner of a Lock to have control of their Lock from anywhere in the world, as well as authenticating users with a central database. However, connecting to the internet has its risk, so we employ a custom security protocol to prevent unauthorized access.

To protect the user from malicious attacks on the Lock we perform a custom protocol between the phone, Lock, and backend server. The phone initiates the lock/unlock process by connecting to the Lock via bluetooth and sending the lock/unlock information (include the user that is requesting the lock/unlock and which lock to target). The Lock acknowledges the request by sending the same information back with a nonce.

The phone then gets the request and nonce signed by the backend with it's the phone's user token and the backends's private key. The phone then gives the signed request back to the lock, which verifies the nonce and signature. The Lock then checks the user's permissions on the Lock. If the user has full permissions, the Lock locks/unlocks as per the request. If the user has partial permissions, the Lock sends a request to the owner of the Lock to confirm the access of the requesting user. If the user has no permissions, their request is dropped.

mobile

How we built it

Our project can be divided into 3 interconnected parts: a mobile app, server, and the physical hardware for the locking system.

On the hardware side, we constructed our bluetooth locking mechanism with an ESP-32 microcontroller linked to a bluetooth sensor. In addition, we used servo motors to power the door unlock and opening functions, as well as a buzzer to indicate a door opening or closing.

We built the mobile app using a combination of React Native and Expo Go, as a way for our app to build cross platform without needing to write code for both iOS and Android separately.

Finally, our security logic was contained in our server, which handled verification of a user and ensured that our lock is not vulnerable to being spoofed or replay attacks. We wrote the backend server using the Express.js framework and hosted it through an AWS EC2 instance.

Challenges

One of the most challenging aspects of our project was working with the Bluetooth Low Energy (BLE) framework and enabling communication between our mobile devices and the lock system. We faced storage limitations on the ESP32 module itself that forced us to reconsider and modify how we implemented the code for the hardware. This process also involved a great deal of trial and effort in figuring out how to implement the scan and connect for bluetooth devices.

In addition, we wanted our lock to be very secure as it is intended to lock sensitive locations like homes, so we came up with a complex system of handshakes between phone, server, and lock that added many layers of communication over the network, passing authentication tokens and adding other values to provide verification to guarantee that only the owner of a lock has the capability to unlock it.

Accomplishments

Throughout the 36 hours of this hackathon, we managed to build a complex service involving a mobile application, a backend server, and a hardware locking system where each piece needed to be able to communicate with each other in order for the entire system to work as a whole. We are proud of having overcome the key challenges described above: figuring out how to establish a bluetooth connection with our ESP32 hardware module and designing a secure system to manage the unlocking process for our users.

What we learned

We learned about a variety of technologies across the tech stack, from low level hardware interfaces for Arduino to using various cloud services such as Firebase to host our database and set listeners for triggering events when new data is added.

On the technical side, we learned about the many challenges of working with the resource limitations of hardware and the difficulty of using protocols like Bluetooth LE, which proved to be more challenging than initially expected.

What’s next

There is still much that can be expanded upon with Unblock. One immediate fix we would make is to use a bigger Arduino with more onboard storage to avoid the many storage woes we faced during the hackathon.

We also want to implement the following features -Owners can configure the security and access of their locks -Owners can toggle between a "passive" and an "active" security modes -Passive mode automatically opens the door when the user is close enough to the lock -Active mode requires a confirmation on the phone to open the door -Further security improvements to the unlocking protocol

Share this project:

Updates