We really wanted to hack our MBTA cards for free rides. (wonk wonk)
Jokes aside, radio frequency identification (RFID) systems have been successfully applied in areas of manufacturing, supply chain, transportation, and healthcare. However, RFID is notoriously insecure. Coupled with the trend of increased usage of RFID locks to secure our homes - dormitories in particular - we wanted to ensure that our homes are safer and more secure by adding layers of security.
As such, we came up with a SMS verification linked with the RFID reader. The reader would send an authentication request to whatever contact that was in the data of the RFID card, and would send an SMS to the phone number. The user would then verify that they are using the card, opening the door, or would reject the auth request, denying access to whatever the RFID card was attempting to gain access to, and notifying the user that the card has been compromised. This would prevent the ill usage of duplicated cards, as they would still contain the same contact info.
We also created the the prototype for implementing security on the card itself. In effect, we created the default state of the RFID card circuit as not complete. There would be a button that the user holds to complete the circuit, allowing current to be induced in the circuit, transmitting the data to the reader. This would prevent any transmission of data to unwanted RFID readers on the street or elsewhere, minimizing the leaking of data.
Lastly, we implemented Google Cloud's Text to Speech API to add another layer of security in the scenario that someone successfully opened the door but no one expected anyone to be home. To deter intruders, we would play an mp3 created by the API to address the intruder by name to simulate that someone is at home.
There were many ways to go about this, and there were many challenges we found along the way, especially when we consider how we want to implement secure methods to make our mechanisms safer.