ILC Computer Security

APSC-100 Project Proposal By Project Team: 265B Jason Bontje, 631 5428 Ian Maquignaz, 626 9094 Graeme Glebe, 624 5889 Cameron Thompson, 620 4330

Report Prepared For Faculty Sponsor: Dr. Shahram Yousefi Project Manager: Tian Lu Date submitted: Tuesday, February 08, 2011

i|Page

APSC-100: Written submission checklist

Complete this checklist before submitting the assignment. Assignment instructions read and all requirements met Computer spell check/grammar check run on document Complete document reviewed and proofread by all team members Grading rubric (attached at end of document) self-assessed Statement of individual work completed at the end of the document Team members reviewed the academic integrity expectations We do hereby verify that this written report is our own individual work and contains our own original ideas, concepts, and designs. No portion of this report has been copied in whole or in part from another source, with the possible exception of properly referenced material.

_____Ian Maquignaz______________ (Name) _____Graeme Glebe_______________ (Name)

___

Jason Bontje_____________ (Name)

_____Cameron Thompson________ (Name)

ii | P a g e

Executive Summary

By request of Dr. ShahramYousefi, PhD, P.Eng, our group (265B) has been assigned the task of securing the peripheral devices in the Integrated Learning Centre (ILC). With some seventy computers located on the second and third floor computer plazas of the ILC, peripheral devices represent a significant investment to the University. With that said though, although the computers themselves are currently secured through the use of locks, their peripherals remain greatly unsecure. The purpose of this project is to find or develop an inconspicuous device that can be easily retrofit into the existing plazas and secure the said peripherals. Although the end beneficiarys requirements for the device were clear, it was apparent to us from the beginning that the true end user of this product would be the students themselves who use the said computers daily for work. Hence, it was apparent that any impairment of a students ability to use the said computer was out of the question. With both our beneficiary and end user in mind, four designs were evaluated and compared in terms of cost, inconspicuousness, effectiveness, and versatility. Throughout the duration of this project it is anticipated that an effective solution will be selected by our beneficiary. With that done, it will be possible to proceed with development of an implementation strategy for incorporating our solution into the said facilities.

iii | P a g e

Table of Contents
Executive Summary..................................................................................iii Table of Figures........................................................................................v 1 Introduction...........................................................................................6 2 Problem Formulation..............................................................................7 3 Design Process Overview........................................................................8 3.01 Preliminary Planning........................................................................................8 3.02 Functional Requirements..................................................................................9 3.03 Solution Descriptions.....................................................................................10 3.04 Solution Comparison by Weighted Evaluation Table.......................................12 3.05 Future Causes of Failure................................................................................14 4 Prototype Development & Materials Cost Analysis.................................14 5 Economic Analysis................................................................................15 6 Conclusions..........................................................................................16 7 References...........................................................................................17 8 Statements of Individual Work..............................................................18

Table of Figures
2.1 Survey - Is ILC secure?.........................................................................7 2.2 Survey Peripheral Security................................................................7 iv | P a g e

2.3 Survey Security Personnel.................................................................8 2.4 Survey Fixed Peripherals...................................................................8 3.1 Solution 1 Cable Saver.....................................................................6 3.2 Solution 2 Product Demonstration....................................................7 3.3 Solution 2 Product Picture................................................................7 3.4 Solution 3 Lockdown Tube................................................................8 3.5 Solution 4 Defcon Product Picture..................................................8 4.1 Solution 3 Lockdown Tube Prototype..............................................11 4.2 Lockdown Tube Unit Costs................................................................11 4.3 Detailed Cost Breakdown...................................................................12

v|Page

Introduction

The purpose of this report is to consolidate all of the information we have gathered and created into a document which proposes our solution to the problem of ILC computer security. This report will cover the logistics involved in making design choices, the process which led to those choices, and present the pros and cons of the designs which we are proposing as a solution to the problem of ILC computer security. We, as a team, decided that, because of the relative easiness of the project, that we should build our own prototype device for securing computer peripherals. We are currently considering three different options, all of which are our own designs and will be described in greater detail later in the report. The purpose of this report is to consolidate all of the information we have gathered and created into a document which proposes our solution to the problem of ILC computer security. This report will cover the logistics involved in making design choices, the process which led to those choices, and present the pros and cons of the designs which we are proposing as a solution to the problem of ILC computer security. The project began with a team meeting in which we first talked as group about what we were actually asked to do in this project. We decided that the project scope was very elastic, and that the scope of the project was essentially as large or as small as we made it for ourselves. Knowing this, we decided that we would take a large scope and propose our own solutions to the problem, which meant creating our own prototype. The group then inspected the computers in the ILC to see how they were protected from theft. This was done so we could then shape our devices to increase security on the computers where security is needed. At this meeting, the team also conducted research on the existing methods of computer security used in labs elsewhere to get an idea of how it was done and how we could use or improve on the ideas already in use. After the first team meeting, individual members brainstormed ideas that would lead to the design of the products that we would consider in this project. At the next team meeting, we came with several designs for a prototype in mind. At this meeting we assigned each individual specific tasks which have since been the primary focus of each group member. By the end of the meeting a preliminary design had been created for one of the devices we are proposing as a solution to the problem. The remainder of this report will present the information we have compiled on the problem, present how we have used this information to make decisions and create designs, and will present and compare the options we are proposing on the criteria of cost, effectiveness, ease of use, and aesthetics.

6|Page

Problem Formulation

The computers in the ILC are often left unattended and unsecure. Peripherals on the computers (meaning cables, flash drives, and generally any devices dependent on the monitor or computer hardware for proper use) are not secured and are at danger of theft at all times, particularly when students are using the computers. There were many possible ways to solve this problem, including programming and installing security systems of the computer software, creating a device or devices that secure the peripherals to the computer, or suggest that already existing methods of security be purchased or installed to the computers in the ILC. The client specified that a prototype of device be built; one should be able to make the prototype for less than $70. The client also specified that the device should easily retrofit to the existing plazas and be inconspicuous in its presence. Other than that, we were free to consider any option, whether it involved building a device or recommending and existing method of computer security used elsewhere. Therefore, a solution to the problem of ILC computer theft must be strong, inconspicuous in presence to the average computer user but blatant and impressive when seen by the average thief, must be cheap, and must also easily retrofit to the any of the computers in the lab. During problem formulation, we needed user feedback from individuals who use the ILC. The survey conducted probed some of our earlier concerns and ideas about the project. This included questions to gain insight into the publics views on the current security measures in place at the ILC regarding both personal and university property. Furthermore, we questioned the public on their position on possible security methods brought forth during problem formation. These questions were used to gauge the response of two different types of security measures, Physical and psychological. Physical security devices include wire locks and anchored items. While psychological security methods use intimidation and other human emotions to prevent theft.

Figure 2.1: This chart displays the breakdown of the responses gathered during the survey.

Figure 2.2: This chart displays the break-down of the responses gathered during the survey.

7|Page

The overall response of the students and staff interviewed pertaining to their knowledge and feelings towards the ILC and the computer peripherals were slightly unexpected. Seen in Figure 2.1 over half the sample population believed that the ILC already had the necessary security precautions in place to provide a safe learning experience. While in Figure 2.2, it is seen that 70% of the voters feel that peripherals in the labs are safe. This result was unexpected but still is invaluable information. Since such a high percentage believe the computers and peripherals are safe, it can be gathered that only small modifications to the original ILC security systems is needed to eliminate theft altogether.

8|Page

Figure 2.3: This chart displays the breakdown of Figure 2.4: The numbers represent how much they liked the idea was the responses gathered during the survey. liked. Four represents being for the idea, one being opposed.

As seen in Figure2.3 a large majority of voters were against the stationing of security guards in the ILC. This maybe an indication that people do not approve of psychological benefit gained by security personnel. This fact in conjunction with the results obtained in Figure 2.2 suggests that the need for security guards in the ILC is not at all necessary. Furthermore, the survey found that the largest percentage of people is opposed to fixed equipment in the labs as seen in Figure 2.4. The data presented was helpful when determining a design for the prototype. The prototype needed to secure the peripherals but still provide mobility, this is why mobility is the defining characteristic of the lockdown tube prototype.

Design Process Overview

3.01 Preliminary Planning

9|Page

Upon examination of the computers in the ILC, the group found security devices already affixed to all the desktops. These devices do not secure the peripherals such as keyboards and mice. Other computer labs on campus have security measures that protect the peripherals (i.e. the computer lab in the Jeffrey Building), but the ILCs unique lab configuration prevents their implementation. Many of the ILCs more expensive machines such as oscilloscopes are completely insecure. The existing security device on each desktop at the ILC consists of a cable that locks through the computer case and through the monitor.

3.02 Functional Requirements

The suggested solutions have been chosen for their ability to meet the following functional requirements. These requirements have taken into consideration the results from a survey of those who use the ILCs devices. Effectiveness (i.e. is the solution easily circumvented?). Unobtrusive (i.e. does the solution hinder the use of the item being secured?). Versatile (i.e. will the solution be able to be applied to multiple situations?). Ability to be integrated into the existing security device.

3.03 Solution Descriptions

Solution 1: Cable Saver by Kensington CPG ($ 5.75) This device allows 2-3 peripheral devices to be secured. The cables of the peripherals are fit into the smaller slots of the Cable Saver and the wider slot on the right of Figure 1 allows for a padlock or security cable to pass through[1]. This solution is easily integrated into the existing security device in the ILC by passing the security cable through this device before the monitor.
Figure 3.1: Cable Saver by Kensington Computer Products[1].

The device is premade, thus requiring no manufacturing time or construction costs. This device is also one of the cheapest. In order to be effective this solution requires a separate lock or cable, and thus is not as versatile as other solutions.

Solution 2:

Desktop and Peripherals Locking Kit by Kensington CPG ($ 31.99)

10 | P a g e

Figure 3.2: Desktop and Peripherals Locking Kit installed on a desktop computer and with peripherals secured[2].

Figure3.3: Individual components of the locking kit [2].

This device secures a computer chassis, up to two wired peripherals, a monitor and one optional nonwired device. The components included in this kit are shown in Figure 3.3. The two clips in the upper right corner of Figure 3.3 are installed in the screw holes of the computer chassis, and another clip is installed in the back of the monitor. The cables of the peripherals fit into a metal bracket, and a final clip is attached to an optional device with adhesive. The provided 8 foot long high carbon cable lock passes through these attachments and is secured at one end with a loop and at the other with a keyed lock. Figure 3.2 clarifies how the kit is installed[2]. This solution is extremely versatile, and can adapt to any computer system. This solution requires no outside parts. This solution may be unnecessary on computers with a cable lock already installed however. Solution 3: The Lockdown Tube ($ 12 for 10)

This solution can be customized to secure as many peripherals as necessary. The design calls for two concentric lengths of PVC pipe with different radii to have holes drilled in them such that the holes will fit the male/female end of computer peripherals cords when the pipes are aligned. The device works by sliding one pipe past the other while the cords are through the holes. The pipes are locked in this position through an additional hole. The ends of the cables will no longer be able to escape the unaligned holes. The cable lock currently attached to the ILC computers can be run

Figure 3.4: Conceptualization of Cord Clamp. Model created in Solid Edge.

11 | P a g e

through one of the holes of the cable trap to secure the entire unit. This solution requires an existing cable lock or a padlock to be effective. The design is very cheap (as outlined in a following section) and is easily integrated into the ILCs existing security devices. This design will be the least aesthetically pleasing. Solution 4: (Advanced Security Option) DEFCON 1 Ultra Security System ($39.99)

This solution was researched specifically for the more expensive items in the ILC such as oscilloscopes. The device works by securing the retractable wire lock around the item being secured and an immobile object. If the cord is broken a 95db alarm is set off, unless the access code is keyed in. One may also turn on a motion sensor on the unit, which causes the alarm to trigger if the unit is moved. The device has 5 months of advertised battery life, and has various settings for motion sensing sensitivity. This solution is easily implemented on any of the more valuable electronics at the ILC[3].

Figure 3.5: DEFCON 1 Ultra Security System. [3]

12 | P a g e

3.04 Solution Comparison by Weighted Evaluation Table

Solution 1 Solution 2 Solution 3 Solution 4

Category Technical

Weight 4

Criteria Estimated Effectiveness Adaptable Integrated No. Devices Supported No. Peripherals Secured Ease of Assembly/Const. Simplicity Total Score Weighted

Weight 5 3 3 2 2 4 1 20

Score 3 4 5 3 3 *5 5 28

Weighted 15 12 15 6 6 20 5 79 3.9 15.8

Score 5 5 3 5 3 4 3 28

Weighted 15 15 9 10 6 16 3 74 3.7 14.8

Score 5 3 5 4 5 4 5 31

Weighted 25 9 15 8 10 16 5 88 4.4 17.6

Score 5 5 2 5 1 *5 2 25

Weighted 25 15 6 10 2 20 2 80 4.0 16.0

Scoring: 1 = Very Poor 2 = Poor 3 = Mediocre 4 = Good 5 = Excellent

Solution 1

Solution 2

Solution 3

Solution 4

Category Social

Weight 2

Criteria Unobtrusive Recyclability [4] Aesthetics Student Survey Results** Total Score Weighted

Weight 3 4 3 5 15

Score 5 5 3 4 17

Weighted 15 20 9 20 64 4.2 8.4

Score 3 2 4 3 12

Weighted 9 8 12 15 44 2.9 5.8

Score 3 4 2 4

Weighted 9 16 6 20 51 3.4 6.8

Score 1 1 2 3 7

Weighted 3 4 6 15 28 1.8 3.6

* No Construction time for premade items, ** Based on amount in favor of solution style (i.e. fixed vs. non fixed)

Solution 1

Solution 2

Solution 3

Solution 4

13 | P a g e

Category Financial

Weight 4

Criteria Cost (Order/Construct) Cost Item vs. Solution*** Construction Time Total Score Weighted

Weight 5 4 3 12

Score 5 4 5* 14

Weighted 25 16 15 56 4.6 18.4

Score 2 2 5* 9

Weighted 10 8 15 33 2.7 10.8

Score 5 5 3 13

Weighted 25 20 9 54 4.5 18.0

Score 1 3 5* 9

Weighted 5 12 15 32 2.6 10.4

Solution 1

Solution 2

Solution 3

Solution 4

Final Score

Total

42.6

31.4

42.4

30.0

*** Security device should be significantly cheaper than the item primarily being secured Based on the results of the weighted evaluation matrix, either solutions 1 or 3 would be the most reasonable to implement at the ILC. Solutions 2 and 4 are still viable, but only under special circumstances. The groups intended direction is to create a working prototype of solution 3 and order one Cable Saver from Kensington. This will allow a direct comparison to be made. Solution 2 will be recommended for desktops without existing security, and solution 4 will be recommended for more valuable electronics.

14 | P a g e

3.05 Future Causes of Failure

A future cause of failure is vandalism. This will be reduced by increasing the duties of icons to include regular (brief) inspections of the equipment on the lab floors. If vandalism is noticed, students may need to sign a log to gain access to a computer. Another cause of future failure is the possibility that the computers are one day replaced by laptops. This would render many of the solutions obsolete.

Prototype Development & Materials Cost Analysis

The Lockdown Tube The Lockdown Tube is a creation of our own design developed off of the concept of a camera shutter. In a camera, the shutter is the device that constricts the size of the opening that allows light to reach the film. Reapplying this concept, the shutter constricts itself around a peripherals cord, retaining it. As a using a shutter as found in a camera would be a rather complex and expensive ordeal, this concept was simplified down. After a few more sketches, this design was simplified down to two easily acquired and relatively inexpensive tubes (see Figure 4.1).

Solution 3:

Figure 4.1: The Lockdown Tube

With the concept now in mind, it left only the materials of construction to consider. Based on our research into locally available materials, it was concluded that the most feasible materials were metal and PVC tubing, the costs for which are outlined in Table 4.1 below. Evidently, as different materials come in different sizes, there is some variation in width of the design and the price of each material piece (see Table 4.2 below).

15 | P a g e

Table 4.2: Unit Costs

Metal Unit Cost: PVC Unit Cost:

One of the benefits of this design is its Costs ability to be secured in a US $0.69 / unit variety of CAD $1.52 / unit manners. As illustrated in Figure 4.1, a padlock is one option of securing the device, although it represents an additional expenditure which is outlined in Table 4.2. An additional method of securing the device (without additional expenditure) is to simply pass the existing lock cable through same set of holes as the lock in Figure 1. With that said though, it still unclear where any minor modifications to this system would be necessary to ensure the reliability of this method.

Table 4.3: Cost Breakdown *All costs are based off of Home Depot unless stated otherwise. **All tubing is 10ft in length.

Construction Costs*: Item Name Metal** Electric Metallic Tube Electric Metallic Tube PVC**

Diameter Price

1 in 1 in

US$9.35[5] US$5.95[5]

PVC Flue Gas Vent Pipe 1 in

CAD$13.89[6]

PVC Flue Gas Vent Pipe 2 in

CAD $19.79[6]

Optional

Padlock (Canadian Tire) CAD$3.99

16 | P a g e

Overall, this device promises to perform, retrofitting inconspicuously into the existing systems, without impairing the computers user. Respectively, it also shows promise towards securing cables in other environments around Queens Campus.

Economic Analysis

Project 265 has a strict budget of $75 per secured unit. Our team intends to secure the peripherals at a far lower cost. The group will use the assumption that each keyboard and each mouse costs $20.00 (a conservative estimate). With 34 reported thefts of Queens property this year (much higher than previous years) an upper limit of $680 dollars becomes the maximum reasonable amount to spend on the entire security system. This allows up to approximately $10.00 to be spent securing each unit. The economic benefit associated with this project is the gain of money that would have otherwise been spent replacing stolen equipment. For the peripherals this amount is quite small (on the order of $20 per unit). The true economic benefit lies in the ability of our solution to be adapted to the more expensive unsecured items in the ILC such as breadboards, functional generators and oscilloscopes. Even limited theft of these items can incur major costs to the building, as these items range in cost up to $2000. The solutions being recommended are for the most part maintenance free with the exception of the Targus Advanced Security option. The motion sensing unit requires alkaline batteries (AAA) that must be replaced every 5 months. Triple A batteries do not typically cost more than $0.50 when bought in sufficient quantity. The cost of batteries adds a cost of $3.00 annually to each of the devices secured with the electronic sensor. The group anticipates the other solutions to all be completely sustainable. The time value aspect of our project is largely negligible with the exception of future equipment replacement. If the equipment at the ILC is replaced with wireless devices, or laptop computers, a new system would have to be implemented.

17 | P a g e

Conclusions

The designs being proposed to stop peripheral theft are: 1). A Cable Saver by Kensington CPG, 2). A Desktop and Peripherals Locking Kit, also by Kensington CPG, 3). A custom- built cord trap which we will be designing ourselves, and 4). An advanced security option, called the DEFCON 1-Ultra Security System. The goals of our design and project suggestion were to maximize computer security in the ILC as much as possible without making obvious changes to the computer configuration, all while spending as little money as possible. The majority of research in this project was focused on finding the existing methods of computer security already being used in large laboratories and seeing which were the most effective, and how we could come up with a new option of our own. The final design will likely be a combination of the options suggested already. Once a final design is suggested, any possible alterations that will maximize the effectiveness of the product will be considered and applied. These will be discussed in the final report.

References

[1]Kensington Computer Products Group. Kensington-Cable Saver. Internet: http://ca.kensington.com/html/14385.html, 2009, [January 29, 2011]

[2]Kensington Computer Products Group. Kensington Desktop and Peripherals Locking Kit. Internet: http://us.kensington.com/html/17627.html, 2011, [January 29, 2011].

[3]Targus. DEFCON 1 Ultra Laptop Computer Security System. Internet: http://www.targus.com/ca/product_details.asp?sku=PA400C, 2011, [January 20, 2011] [4] Recovinyl. Recycling Rigid & Flexible PVC. Internet: http://www.recovinyl.com/docs/english/sortingguide.pdf, 2003, [February 4, 2011] [5] HOMER TLC INC. (2011). The Home Depot. Feb. 7th, 2011. [Online] http://www.homedepot.com/ [6] HOMER TLC INC. (2011). The Home Depot. Feb. 7th, 2011. [Online] http://www.homedepot.ca/

18 | P a g e

Statement of individual work

As leader of my group, I have striven to keep my group organized, efficient, and creative. I have efficiently served as the teams liaison between the Project Manager and Course Coordinator, all while facilitating and focusing team meetings. Probably of most importance, I have implemented effective and shared task management in all of the group's activities. Although I cannot take the credit for it, our group has maintained a dynamic environment in which we can all openly communicate and cohesively work together. - Ian Maquignaz (Team Leader) Thus far the ILC computer security module 3 project has been a great group work learning experience. I practiced being punctual, arriving on time to all meetings and completing project by specified deadlines. During group meetings, I voiced my opinions and ideas for prototype designs and possible security systems. Also, I prepared and analyzed data obtained from the survey conducted in the ILC. For the proposal report Additionally, I sourced the document and completed the analysis of the poll. Lastly, I was in charge of compiling the report and submitting it by the deadline. - Jason Bontje

My objective in the group is to define the project scope and project plan so that the team has a timeline to work within, and so we have a professional outlook in our reports and presentations. I defined the guidelines the team works within as we complete the project. - Graeme Glebe
19 | P a g e

As project liaison I arranged the initial meeting with Dr. Yousefi and the other groups. As a member of my design team I helped to brainstorm ideas, research information and organize the teams progress. At meetings I contribute my thoughts and listen to the ideas of others. Outside of the groups meetings I researched the best solutions to our problem that were available the internet and systematically compared them against one another. I contributed to the final designs of our custom solutions. My responsibilities for this report were the economic analysis and the design process overview. -Cameron Thompson

20 | P a g e

APSC-100 (2010-2011)

Proposal Team Evaluation by faculty sponsor and project manager

1 (not demonstrated) 2 (marginal) Problem definition is incomplete 3 (meets expectations) Identifies and describes the presented problem Determines project scope, and maps out project with clear milestones and delegation. 4 (outstanding) Problem definition includes key constraints and functional requirement Plan includes consideration for item dependencies as well as room for readjustment and remedial action Applies creative approaches to identify and develop alternative concepts and procedures Uses technical knowledge, mathematical models, appropriate design tools and client/user feedback to select best solution Multiple authoritative, objective, reliable sources used; cited and formatted properly Mark /4

Problem definition
3.04-FY2: Identify problem

Unclear problem definition

Project Plan

Plan does not refer or map Plan has a general outline of out a timeline for the milestones with some project reference to duration

/4

3.11-FY3: Project plan

Conceptual design solutions

3.04-FY5: Potential solutions

No description of potential design solutions No comparison/analysis of potential design solutions

Some critical considerations missed in generating potential design solutions Contrasts potential design solutions without analysis

Produces a variety of potential design solutions suited to meet functional specifications Performs systematic evaluations of the degree to which several design concept options meet project criteria Summarizes and paraphrases appropriate sources accurately with appropriate citations

/4

Decision making
3.04-FY6: Decision making

/4

Information usage
3.07-FY3: Summarizes accurately

Erroneous or incomplete conclusions drawn from sources, or inappropriate quality or quantity of background information. No mention of economic principles

Sources summarized with minor misconceptions.

/4

Economic Analysis

Discusses economic principles in a broad or general way without relating to the actual project Questionable feasibility; insufficient effort.

Considers project costs and benefits (which may include one time/recurring costs, return on investment, NPV, as appropriate) Feasible proposal for implementation and testing, including detailed design sketch/plan and corresponding bill of materials.

Outlines a basic business plan considering: value of money in decision making, triple bottom line, decommissioning Excellent proposal for implementation including mitigating strategies for potential risks.

/4

Overall proposal (No parts may be ordered until students meet expectations on this)

Proposed work will not meet project objectives.

/4

21 | P a g e

1 (not demonstrated)

2 (marginal)

3 (meets expectations)

4 (outstanding)

Mark /28

22 | P a g e

23 | P a g e