Our project simulates a smart lock system for homes consisting of 3 components: a phone application, the lock, and a cloud platform. The lock uses a Raspberry Pi and Atmel microcontroller for authentication. It connects to WiFi and stores login data on Parse. When buttons are pressed, the GUI communicates with Parse or the microcontroller via HTTP requests or TCP sockets. The system allows users to remotely lock/unlock doors and add temporary users.

1. Digital Security for the
Internet of Things
Columbia University
Vera Ho ￭ Wei Cai ￭ Salar Fattahi

2. Why Digital Security?
Many pieces of technology are now becoming
"smart" devices
○ Health Care
○ Appliances (Washers/Dryers, Refrigerators, etc)
○ Locks & Surveillance
These are very personal items but new
technology is typically not very secured
○ For example, when email was first invented, it was
not secure at all and became exploited
○ When these new devices are exploited, people no
longer feel safe in their own homes

3. Example of Exploited IoT
"Hackers Remotely Kill a Jeep on the Highway
- With Me in It" by Andy Greenberg (Wired)
○ Controlled experiment between 2 hackers and a
driver
○ Hackers used a laptop 10 miles away
○ Took control over climate controls, wipers and
radio settings

4. Example of Exploited IoT
"Hackers Remotely Kill a Jeep on the Highway
- With Me in It" by Andy Greenberg (Wired)
○ Transmission can be cut and the accelerator no
longer responded to the driver
○ The Jeep slowed to a stop in the middle of highway
traffic
○ The breaks could also be controlled

5. Why Digital Security?
Our project is to explore how security works for the
Internet of Things. Specifically, we are simulating our own
"smart" lock system because:
○ Locks to our homes represent our trust to keep everything
we hold dear safe from criminals and thieves
○ Locks inherently require a secure functionality and setup

6. Project Design Overview
There are 3 components to our smart lock:
○ Phone application for the user to communicate with
the lock
○ The lock will authenticate the user before
locking/unlocking
○ Parse is used to store activity as log information

7. Project Design Details
Raspberry Pi
○ Simulating the GUI of the lock (reporting it's state)
and the user interface of the phone application
○ Connected to WiFi with a dongle
Atmel WINC1500, SAMD21 microcontroller and
CryptoAuthentication Chips
○ Emulating the lock hardware itself
○ Authenticates user
○ Connects hardware to Wi-FI
Parse Cloud Platform
○ Stores login information each time a user attempts
to change the lock state

8. Atmel Hardware Details
The Atmel microcontroller is programmed using C
○ Micro Control Unit (MCU)
○ USB interface, Virtual COM Port.

9. Atmel Hardware Details
Atmel WINC1500
○ IEEE 802.11 b/g/n
○ Station mode, AP mode, P2P mode
○ TCP and UDP sockets
Atmel CryptoAuthXplained
○ ATSHA204, ATAES132A, ATECC108A
○ Provides SHA-256 hash algorithm
○ Symmetric/Asymmetric Crypto
○ Store up to 16 keys

10. Authentication
Key Authentication

11. User Interface and Interactions
○ User Interface implemented on Raspberry Pi.
○ Entry fields for username and password logins and new user
setup.
○ Login attempts will be pushed to the cloud.

12. Raspberry Pi Details
When each button is pressed, the GUI will communicate
with either Parse or Atmel
○ Parse via RESTful API using HTTP requests
○ Atmel via TCP sockets

13. Sample Scenarios
App Interface: User can use his phone to
login and unlock the door
Front Door: Valid users can login on the
front door to lock/unlock the door
Inside the House: Master users can
add temporary users for a limited
time

14. Parse Cloud Details
Communicates with Raspberry Pi using the RESTful API by
using HTTP requests
○ Create new users and record their login information
○ Log the time and date each user attempts to use the
lock
○ Report information back to the Raspberry Pi if
requested

15. Parse Cloud Interface
User:
Attempted usernames
isValid:
Validity of
username/password
Locked:
Status of the Lock
updateAt:
Date and time of update
createdAt:
Date and time of creation