CHAPTER 1

1. INTRODUCTION

1.1 GENERAL

In today's modern world, security plays an important role since every person
has some precious accessories like gold, jewellery or
cash. It is not enough to have these accessories, but security of this is very
important, for this purpose we keep them in bank lockers. Still we often hear or
read in newspaper that some fake person has accessed the locker of another person
and have stolen money. In order to overcome this type of frauds, authentication of
the person who wants to use the locker is very important.

In this project, both NFC tags and authentication process are involved (i.e.,)
both NFC tag and reader follow authenticated protocol. The authenticated protocol
involves only two parties, namely an initiator user and a target user. The initiator
user generates a radio frequency field from NFC tags and starts the NFC interface.
After receiving communication signals, the target user (reader) sends a response
message to the controller and generates an OTP to the registered phone and then
biometric verification is done. Due to the shared nature of wireless communication,
there are several security features verified by the controller. Thus, the security is
one of the prerequisite for NFC applications. Hence, a three level security system
(NFC, OTP and Biometric access) is used in this project to access a secured place
and it is mainly proposed to provide a highly secured and authenticated access for
individual lockers.

1
1.2 EXISTING PROTOCOLS

With the rapid development in locker applications, the NFC is expected

to become very trendy technology for security services, specifically for individual
bank lockers. In recent years, many researchers presented the assessment of NFC
for future security systems. A public key infrastructure is used for the efficient key
management and revocation among nodes, such as an initiator and target users. In
this scenario, an adversary could track the user’s activities by tracing its public
key, and as a result, the user’s privacy may be broken. In order to overcome these
drawbacks, the pseudonym based technique is used in many authentication
protocols including NFC.

In 2013, a Conditional privacy preserving security protocol (CPPNFC) was

proposed to protect the user’s privacy. Later, a similar approach (Kannadhasan et
al.’s protocol) as presented in CPPNFC was proposed in 2015. However, the above
CPPNFC fails to prevent the impersonation attacks and they further proposed a
pseudonym based NFC protocol (PBNFCP) to withstand the security drawbacks
found in CPPNFC with a marginal computation cost increase. The proposed
security attacks and their approach remain same as that in CPPNFC where the user
cannot identify the real identity of another user. This paper further revisits
PBNFCP and shows that it still fails to prevent the proposed impersonation attacks
on CPPNFC against an attacker (being an insider registered user), and discusses
the drawbacks of pseudonym in PBNFCP. So, a new secure and efficient
authentication protocol (SEAP) for NFC applications using the new defined
lifetime-based pseudonyms was proposed to withstand the security drawbacks
found in PBNFCP. The communication and computational costs of various
protocols such as SEAP, CPPNFC, Kannadhasan et al.’s protocol and PBNFC
protocol are compared in Table 1.2.1 and Table 1.2.2 as follows.
2
 COMM. COST
PSUEDONYM SIZE
PROTOCOL (BITS)/NO.OF.
(BITS)
MESSAGES

CPPNFC 1200 1184 (4 messages)

Kannadhasan
1200 1184 (4 messages)
et al
PBNFCP 1200 3184 (4 messages)
SEAP 624 1840 (4 messages)

Table 1.2.1 Comparison of communication costs

PROTOCOL COMPUTATIONAL COST

CPPNFC
Initiator user 3Tem +1Tea +2Th+ 2Tm+ 1Tkdf~ 3608T m
Target user 3Tem + 1Tea +2Th+ 2Tm+1Tkdf~ 3608T m
Total cost 6Tem+ 2Tea+ 4Th+ 4Tm +2Tkdf~ 7216 Tm

Kannadhasan et al.
Initiator user 3Tem + 1Tea +2Th+ 2Tm+1Tkdf ~3608Tm
Target user 3Tem + 1Tea +2Th+2Tm+1Tkdf ~ 3608T m
Total cost 6Tem+ 2Tea+ 4Th+ 4Tm +2Tkdf~ 7216 Tm

PBNFCP
Initiator user 4Tem+ 1Tea +3Th+ 1Tkdf ~ 4806Tm
Target user 4Tem+ 1Tea +3Th+ 1Tkdf ~ 4806Tm
Total cost 8Tem+ 2Tea +6Th+ 2Tkdf ~ 9612Tm

SEAP
Initiator user 3Tm+ 1Tea +4Th+1Tkdf +1Tinv ~ 3609 Tm
Target user 3Tm+ 1Tea +4Th+1Tkdf +1Tinv ~ 3609 Tm
Total cost 6Tm+ 2Tea +8Th+2Tkdf + 2Tinv ~ 7218Tm

Table 1.2.2 Comparison of computational costs

3
1.3 SECURITY LEVELS

In this project, an advanced secure and authenticated key agreement based

on NFC technology is proposed to withstand the security drawbacks found in
existing systems, by using a three level security system such as NFC, one time
password, and biometric access systems.

1.3.1 NFC

Near-field communication (NFC) is is a short-range wireless communication

technology that enables communication between two devices that either touch or
are momentarily held close together.Transmission capacity of NFC technology is
limited as its operating frequency is 13.56 MHz, with transmission speed ranging
from 106 Kbps to 424 Kbps up to 4cm.

Fig.1.3.1 Communication between NFC tag and NFC Reader

NFC-based communication between two devices is possible when one

device acts as a reader/writer and the other as a tag.The technology behind NFC
allows a device, known as a reader, interrogator, or active device, to create a radio
frequency current that communicates with another NFC compatible device or a
4
small NFC tag holding the information the reader wants. Passive devices, such as
the NFC tag, store information and communicate with the reader but do not
actively read other devices. Peer-to-peer communication through two active
devices is also a possibility with NFC. This allows both devices to send and
receive information. Both businesses and individuals benefit from near field
communication technology.

1.3.2 OTP

A one-time password (OTP) is a password that is valid for only one login
session or transaction, on a computer system or other digital device. OTPs avoid a
number of shortcomings that are associated with traditional (static) password-based
authentication; a number of implementations also incorporate two factor
authentication by ensuring that the one-time password requires access to something
a person has (such as a small key ring fob device with the OTP calculator built into
it, or a smartcard or specific cell phone) as well as something a person knows (such
as a PIN).

The most important advantage that is addressed by OTPs is that, in contrast

to static passwords, they are not vulnerable to replay attacks. This means that a
potential intruder who manages to record an OTP that was already used to log in to
a service or to conduct a transaction will not be able to abuse it, since it will no
longer be valid. A second major advantage is that a user, who uses the same (or
similar) password for multiple systems, is not made vulnerable on all of them, if
the password for one of these is gained by an attacker. A number of OTP systems
also aim to ensure that a session cannot easily be intercepted or impersonated
without knowledge of unpredictable data created during the previous session, thus
reducing the attack surface further.

5
1.3.3 BIOMETRICS

Biometrics refers to metrics related to human characteristics. Biometrics

authentication (or realistic authentication) is a form of identification and access
control. It is also used to identify individuals in groups that are under surveillance.
The first time an individual uses a biometric system is called enrollment. During
the enrollment, biometric information from an individual is captured and stored. In
subsequent uses, biometric information is detected and compared with the
information stored at the time of enrollment. Note that it is crucial that storage and
retrieval of such systems themselves be secure if the biometric system is to be
robust.

Fig.1.3.3 Block diagram of Biometric system

The first block (sensor) is the interface between the real world and the
system; it has to acquire all the necessary data. Most of the times it is an image
acquisition system, but it can change according to the characteristics desired. The
second block performs all the necessary pre-processing: it has to
remove artifacts from the sensor, to enhance the input (e.g. removing background

6
noise), to use some kind of normalization, etc. In the third block necessary features
are extracted. This step is an important step as the correct features need to be
extracted in the optimal way. A vector of numbers or an image with particular
properties is used to create a template. A template is a synthesis of the relevant
characteristics extracted from the source. Elements of the biometric measurement
that are not used in the comparison algorithm are discarded in the template to
reduce the file size and to protect the identity of the enrollee.

During the enrollment phase, the template is simply stored somewhere (on a
card or within a database or both). During the matching phase, the obtained
template is passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm (e.g. Hamming
distance). The matching program will analyze the template with the input. This
will then be output for any specified use or purpose (e.g. entrance in a restricted
area). Selection of biometrics in any practical application depending upon the
characteristic measurements and user requirements. In selecting a particular
biometric, factors to consider include, performance, social acceptability, ease of
circumvention and/or spoofing, robustness, population coverage, size of equipment
needed and identity theft deterrence. Selection of a biometric based on user
requirements considers sensor and device availability, computational time and
reliability, cost, sensor size and power consumption. In this project, finger print
sensors are used when compared to other biometric systems such as iris
recognition scanners, etc… due to its easy availability and low cost.

7
 CHAPTER 2
2. LITERATURE REVIEW

1. Bank Locker Security System Using Android Application

(International Research Journal of Engineering and Technology,
Volume- 02, Issue-01, Apr-2015)

This paper designs an advanced security system for banking which will
ensure the genuine access of the locker overcoming all the misuses. For this
purpose, this paper introduced the following security levels such as unique
password technique, password verification and lastly the OTP verification. The
unique password technique is applied in bank security system because this kind of
technique is effective and fast, and after entering the first door user has to enter
OTP which is being sent through android application so that IR is disabled and
second door is opened, if the user enters the first door and crosses the IR without
entering the OTP provided the alarm signal would be raised to make an alarm.
After verification of the OTP he has entered, second door will be opened and the
person can access locker only and only if he clears the three securitylevels.But,this
paper is limited to passwords and hence it is not highly secure. The other drawback
of this system is that it cannot be applied to individual lockers.

8
2. Secure and Efficient Authentication Protocol for NFC
Applications Using Pseudonyms
(IEEE Transactions on Consumer Electronics, Vol. 62, No. 1,
February 2016)

This paper proposes a new Secure and Efficient Authentication Protocol for
NFC Applications to solve the problems in the previous researches using the
lifetime-based pseudonyms. The proposed pseudonym and private key pair in
SEAP is valid within its lifetime only. Thus, even if a pseudonym and private
key pair is unexpectedly revealed to an adversary, he/she can use it within its
expiry time on behalf of the corresponding user only. As a result, the
vulnerability in this case is limited to the corresponding user only, whereas in
PBNFCP and CPPNFC protocol, it causes impersonation attacks to any
legitimate user in the system when the identity of that user is known to the
adversary. Moreover, the size of the proposed pseudonym in SEAP is
significantly reduced. Due to efficiency and more security functionalities, SEAP
is very suitable for the short-range wireless communication applications, such as
service discovery, e-payment, ticketing, and mobile healthcare systems, etc., in
the area of the consumer electronic devices in the NFC environment. The
rigorous informal security analysis shows that SEAP is secure against possible
well known attacks including the impersonation and man-in-the-middle attacks.
But, this paper is limited to NFC and cannot be applied for highly secured
systems such as bank lockers due to easy access.

9
 CHAPTER3
3. PROJECT DESCRIPTION

3.1 EXISTING SYSTEMS

The security is done with only biometric process in existing systems. But in

biometric easily frauds can be done and it is not fully secured. Many of these

systems will not provide proper security and the constant password is also not

secure. Long distance wireless communication is also providing much confusion to

identify the user. Hence the computational and communication cost of the existing

system remains high.

Fig. 3.1.1 Biometric door-lock system

10
3.2 PROPOSED SYSTEM

In this system three security levels such as NFC, OTP and Biometric are

used, hence the user can be easily identified. NFC is used for short distance and

hence it is highly secure. Instead of constant password, the OTP is preferred to

make the system more secure, since it is used for only one login session. Along

with this, Biometric is mainly used for authentication process. Various biometric

patterns used for security purposes are finger print, Iris, Blood cell recognition,

etc... In this system, a fingerprint access control system is used due to its low cost

and availability. All the details are stored in the DB in server for future access. It is

mainly used in individual bank locker systems.

Fig. 3.2.1 Individual Bank locker system

11
3.3 COMPARATIVE STUDY

EXISTING SYSTEM PROPOSED SYSTEM

Private Key is used.

NFC tag is used.

Constant password is used. OTP (One Time Password) is used.

User cannot easily identify the Unauthorized user can be easily

real identity of another user. identified due to NFC technology.

High computation and communication Low computation and communication

costs. Costs.

Less secure. Highly secure.

Table 3.3 Comparative study

12
 CHAPTER 4
4. BLOCK DIAGRAM REPRESENTATION

4.1 BLOCK DIAGRAM

DC Motor

Power
Supply
DC Motor
Driver
Finger Print /
Iris

NFC NFC
Arduino
Tag Reader

GSM
LCD
Keypad

Fig.4.1.1 Block diagram of bank locker security system using NFC

13
 Step down Rectifier Voltage
transformer Regulator

Light Emitting Low Pass Filter

Diode

Fig. 4.1.2 Block diagram of Power supply

14
WORKING:

First the user will be provided with the NFC tag and the user’s mobile
number and finger print are made authorized. Then the user shows the NFC tag
near the NFC reader (approximately 4 cm range) and the RFID pin in the NFC
reader produces electromagnetic radiation and reads the data present inside the
NFC tag. After receiving the communication signals, the reader sends a response
message to the arduino mega controller. The arduino controller verifies the data
from the reader and generates one-time password (OTP) to the authorized user’s
mobile phone by using the Global systems for mobile communication (GSM)
technology. After receiving the OTP, the user needs to type the password using the
keypad and it is displayed in the LCD.

The keypad loads the numeric into the arduino controller and the arduino
verifies whether the password is correct or not. If it is correct, then the arduino
sends the control to the finger print sensor and verifies the user’s fingerprint with
the already registered template. If all the three conditions are satisfied, then the
arduino sends the control to DC motor driver in order to operate the DC motor. If
any one of the condition fails, then the user will not be able to access the locker.
Finally, the DC motor is used to open the door and the individual locker can now
be accessed by the user without any difficulties.

15
 CHAPTER 5
5. HARDWARE REQUIREMENTS

5.1 HARDWARE NEEDED ARE

 Power supply

 NFC tag and Reader

 Arduino Mega controller

 LCD

 GSM

 Keypad

 Fingerprint scanner

 DC motor driver

 DC motor

16
5.1.1POWER SUPPLY
A power supply provides a constant output voltage regardless of voltage
variations. It is used to supply electrical energy to an electrical load. In this project,
AC-to-DC power supply is used.

FEATURES:

1. Output current up to 1A
2. Output voltages of 5,6,8,9,10,12,15,18,24
3. Thermal overload protection
4. Short circuit protection

Fig 5.1.1 Basic power supply

COMPONENTS:

• D1-D4 - 1N4007
• C1 - 1000MF/25V
• C2 - 10MF/25V
• C3 - 104PF
• REGULATOR -7805
• R1 &R2 - 330Ω

17
5.1.2 NFC TAG AND READER
NFC is a secure technology (i.e.,) Communication between NFC reader and
NFC tag happens in an encrypted and authenticated manner. NFC Tag is a thin
simple device containing antenna and small amount of memory. It is a passive
device, powered by magnetic field. Depending on the tag type the memory can be
read only, re-writable, and writable once.

NFC reader is an active device, which generates radio signals to

communicate with the tags. The reader powers the passive device in case of
passive mode of communication.Passive devices, such as the NFC tag, store
information and communicate with the reader but do not actively read other
devices.In this project, they are used for identification, authentication and tracking
the authorized user.

Fig 5.1.2 NFC tag and reader

18
5.1.3 ARDUINO MEGA
The Arduino microcontroller is an easy to use yet powerful single board
computer that has gained considerable attraction in the hobby and professional
market. The Arduino is open-source, which means hardware is reasonably priced
and development software is free.

The Arduino Mega 2560 is a microcontroller board based on the

ATmega2560. It has 54 digital input/output pins (of which 15 can be used as PWM
outputs), 16 analog inputs, 4 UARTs (hardware serial ports), a 16 MHz crystal
oscillator, a USB connection, a power jack, an ICSP header, and a reset button. It
contains everything needed to support the microcontroller; simply connect it to a
computer with a USB cable or power it with an AC-to-DC power supply or battery
to get started. The Arduino Mega 2560 board is compatible with most shields
designed for the Uno and the former boards Duemilanove or Diecimila.

Fig 5.1.3 Arduino Mega 2560 Board

19
Technical Specifications:

Microcontroller ATmega2560

Operating Voltage 5V

Input Voltage (recommended) 7-12V

Input Voltage (limit) 6-20V

Digital I/O Pins 54 (of which 15 provide PWM output)

Analog Input Pins 16

DC Current per I/O Pin 20 mA

DC Current for 3.3V Pin 50 mA

Flash Memory 256 KB of which 8 KB used by boot loader

SRAM 8 KB

EEPROM 4 KB

Clock Speed 16 MHz

LED_BUILTIN 13

Length 101.52 mm

Width 53.3 mm

Weight 37 g

Table 5.1.3 Technical specifications of Arduino Mega 2560

20
5.1.4 LCD
A Liquid Crystal Display (LCD) is a flat-panel display or
other electronically modulated optical device that uses the light-modulating
properties of crystals. Liquid crystals do not emit light directly; instead it uses
a backlight or reflector to produce images in color or monochrome.

An LCD is an electronic display module which uses liquid crystal to

produce a visible image. The 16×2 LCD display is a very basic module commonly
used in circuits. The 16×2 translates and displays 16 characters per line in 2 such
lines. In this LCD, each character is displayed in a 5×7 pixel matrix.
The LCDs have a parallel interface, meaning that the arduino controller has to
manipulate several interface pins at once to control the display. In this project, it is
used for displaying the OTP passwords and messages from controller.

Fig 5.1.4 Liquid Crystal Display

21
5.1.5 GSM
GSM (Global System for Mobile communication) is a digital mobile
telephony system that is widely used in Europe and other parts of the world. GSM
uses a variation of time division multiple access (TDMA) and is the most widely
used of the three digital wireless telephony technologies (TDMA, GSM,
and CDMA). GSM digitizes and compresses data, then sends it down a channel
with two other streams of user data, each in its own time slot. It operates at either
the 900 MHz or 1800 MHz frequency band.ad this free guide

GSM modem is a specialized type of modem which accepts a SIM card, and
operates over a subscription to a mobile operator, just like a mobile phone. The
modem can be directly connected to Arduino which enables the Arduino board to
do most of the operations that can be done with a GSM phone like sending
messages, placing voice calls and connect to the internet over a GPRS network. It
transfers data from serial port to the GSM network. Here in case of failure of the
fingerprint authentication the GSM modem gets the image taken by the camera
through Arduino and sends it as a multimedia message to the registered mobile
number for future enhancement purposes.

Fig 5.1.5 GSM Modem

22
5.1.6 KEYPAD
A keypad is a set of buttons arranged in a block or "pad" which bear digits,
symbols or alphabetical letters. Pads mostly containing numbers are called
a numeric keypad. Mostly, Keypad 4x4 is used which consists of 16 buttons .It is
arranged in the form of an array containing four lines and four columns. When the
button is pressed, the information from the keypad will be passed to LCD through
the arduino controller, which can be done by interfacing both the devices in a
matrix form using resistors. In this project, it is used for typing the OTP password
and for loading numerics into the arduino controller.

Fig 5.1.6 Keypad interfacing diagram

23
5.1.7 FINGERPRINT SCANNER
Fingerprints are one of many forms of biometrics used
to identify individuals and verify their identity. A fingerprint scanner is an
electronic device used to capture a digital image of the fingerprint pattern. This
image is digitally processed to create a biometric template which is stored and used
for matching.

The GT-511C3 FPS (fingerprint scanner) is a small embedded module

that consists of an optical sensor mounted on a small circuit board. This scanner
consists of four main pins and they are UART transmit, UART receive, Ground
and Vin (5V). The optical sensor scans a fingerprint, and the arduino controller and
software provides the modules functionality which automatically processes the
scanned fingerprint.

Fig 5.1.7 Fingerprint scanner

24
5.1.8 DC MOTOR
Motors are the devices that provide the actual speed and torque in a drive
system. This family includes AC motor types (single and multiphase motors,
universal, servo motors, induction, synchronous, and gear motor) and DC motors
(brushless, servo motor, and gear motor) as well as linear, stepper and air motors,
and motor contactors and starters.

DC motors are configured in many types and sizes, including brushless,

servo, and gear motor types. A motor consists of a rotor and a permanent magnetic
field stator. The magnetic field is maintained using either permanent magnets or
electromagnetic windings. DC motors are most commonly used in variable speed
and torque applications. In this project, it is used for opening and closing the door
of locker.

Fig 5.1.8 DC motor

25
5.1.9 DC MOTOR DRIVER
A motor will often need a higher voltage as well as higher current than can
be supplied directly so an external power supply is normally used to provide this.
Small DC motors can take little current but they normally can’t be driven directly
from the output pin of an Arduino or any other microcomputer chip. Therefore
they need some sort of driver or current boost before you can control them. Also
motors are a great source of interference that can make the rest of your electronics
misbehave. This can be countered by isolating the motor power supply to a greater
or lesser extent.

In this project, two relays are used in the DC motor driver. If the two relays
are in the same state that is both on or both off, then the motor is off. If the two
relays are at a different state the motor is on. This makes the DC motor to move in
either forward or reverse direction in order to open and close the locker.

Fig 5.1.9 DC motor driver circuit using two relays

26
 CHAPTER 6
6. SOFTWARE REQUIREMENTS

6.1 ARDUINO IDE

The Arduino Mega 2560 board can be programmed with the Arduino
Software (IDE). The ATmega2560 on the Mega 2560 comes preprogrammed with
a bootloader that allows you to upload new code to it without the use of an external
hardware programmer.

The Arduino Software (IDE) includes a serial monitor which allows simple
textual data to be sent to and from the board. The RX and TX LEDs on the board
will flash when data is being transmitted via the ATmega8U2/ATmega16U2 chip
and USB connection to the computer (but not for serial communication on pins 0
and 1).A Software Serial library allows for serial communication on any of the
Mega 2560's digital pins. The Mega 2560 also supports TWI and SPI
communication.

The Arduino Software (IDE) includes a Wire library to simplify use of the
TWI bus. For SPI communication, the SPI library can be used. Rather than
requiring a physical press of the reset button before an upload, the Mega 2560 is
designed in a way that allows it to be reset by software running on a connected
computer. The Arduino Software (IDE) uses this capability to allow you to upload
code by simply pressing the upload button in the Arduino environment. This means
that the bootloader can have a shorter timeout.

27
Fig 6.1 Arduino IDE software

28
6.1.1 HOW TO USE
Arduino can sense the environment by receiving input from a variety of
sensors and can affect its surroundings by controlling lights, motors, and other
actuators. The microcontroller on the board is programmed using the Embedded C
(based on Wiring) and the Arduino development environment (based on
Processing). Arduino projects can be stand-alone or they can communicate with
software on running on a computer (e.g. Flash, Processing, and MaxMSP). Many
useful libraries are included in the Arduino IDE by default.The programs can
be uploaded into the arduino mega controller by using the following steps.

1. Start the IDE and click on the File>Examples>Menu item displays.

Fig 6.1.1 Program selection

29
 2. The source code of the program selected will be displayed on the screen.

Fig 6.1.2 Source code sketch

3. In Tools>Board select MEGA.

4. Now you have to go to Tools>Serial Port and select the right serial port (the
one arduino is attached to).

Fig 6.1.3 Compilation process

5. Finally, the program is uploaded into the arduino mega controller.

30
6.2 EMBEDDED C
Embedded C, even if it is similar to C, and embedded language in general
requires a different kind of thought process to use. Embedded systems, like
cameras or TV boxes, are simple computers that are designed to perform a single
specific task. They are also designed to be efficient and cheap when performing
their task.

For example, they aren’t supposed to use a lot of power to operate and they
are supposed to be as cheap as possible. As an embedded system programmer, you
will have simple hardware to work with. You will have very little RAM, ROM and
very little processing power and stack space. Your goal is to write programs that
are enable to leverage this limited processing power for maximum effect. As an
ordinary C programmer, you don’t have as many constraints. The reason why most
embedded systems use Embedded C as a programming language is because
Embedded C lies somewhere between being a high level language and a low level
language.

Embedded C, unlike low level assembly languages, is portable. It can run on

a wide variety of processors, regardless of their architecture. Unlike high level
languages, Embedded C requires less resources to run and isn’t as complex. Some
experts estimate that C is 20% more efficient than a modern language like
C++.Another advantage is that it is comparatively easy to debug. Using Arduino
IDE software, the coding of Embedded C was even made simpler which includes
standard libraries for many examples such as Serial port interface, RFID, GSM and
many other programs, that is available in the form of library files. These library
files should be included at the top of the program.

31
The structure of an Arduino sketch using Embedded C is given below,

void setup() {
// put your setup code here, to run once

void loop() {
// put your main code here, to run repeatedly

As you know, every program starts with including the library files. It’s the
same with Embedded C using Arduino IDE. The only difference is that a setup ()
and a loop () function will be added which contain the most important parts of the
code.

32
 CHAPTER 7
7. RESULTS AND DISCUSSION

7.1FINAL RESULT

Fig 7.1.1 Implementation process

33
 Fig 7.1.2 First level (NFC) access

Fig 7.1.3 Second level (OTP) access

34
Fig 7.1.4 Second level (OTP) access denied

Fig 7.1.5 Third level (Fingerprint) access

35
Fig 7.1.6 Locker door opens

Fig 7.1.7 Locker door closes

36
7.2 DISCUSSION

The final result is shown above where the door opens automatically, if all
the three levels (NFC, OTP, and Fingerprint) are accessed and it also closes
automatically with a delay period between the opening and closing of door. Each
and every access is displayed in the LCD screen using arduino controller, in the
form of messages which is already programmed and uploaded into the arduino
mega controller. If any one of the levels is not accessed, then the locker cannot be
opened and hence the user will not be able to access the locker. This denied
message will also be displayed in the LCD screen using arduino controller.
Therefore all three levels must be satisfied in order to get the access of locker by
the user.

37
 CHAPTER 8
8. CONCLUSION

The earlier proposed protocol (PBNFCP) is first analyzed and then shown
that it is vulnerable to two kinds of impersonation attacks. So,a novel secure and
efficient authentication protocol (SEAP) for NFC applications is proposed using
the lifetime-based pseudonyms with significantly low computation and
communication costs as compared to existing related authentication protocols. But,
this also has the drawback of impersonation attacks. In order to overcome these
drawbacks, three security levels (NFC, OTP and Biometric access) are used in this
system. Through the rigorous security analysis, this paper shows that it is secure
against possible known attacks including the impersonation attacks found in
PBNFCP and SEAP protocol. Thus, this system provides high security along with
low computation and communication costs as compared to the related existing
protocols.

38
 CHAPTER 9
9. FUTURE ENHANCEMENTS

The proposed system can be used in various applications such as smart

homes, secured offices, control rooms in nuclear power plants, ATM, etc… By the
integration of IOT concept, it’s possible to access the system from remote main
station. All login and logout details are stored in a temporary storage area for
future use. Instead of using only OTP passwords, the combination of both Static
and OTP pseudonyms can also be used. The usage of Smart Cameras in the
Controller will be an additional security to this system in future, for capturing the
images of an unauthorized user. Palm or Blood cells recognition process can also
be used in future for making the system more secure to access instead of
fingerprint scanner.

39
 APPENDICES
PROGRAM CODE
#include <SPI.h>
/* Include the RFID library */
#include <RFID.h>
#include <LiquidCrystal.h>
LiquidCrystal lcd(2,3,4,5,6,7);//RS,EN,D4,D5,D6,D7
#include <Keypad.h>//header for keypad commands enabling
#include "FPS_GT511C3.h"
#include "SoftwareSerial.h"

FPS_GT511C3 fps(12, 13);

const byte ROWS = 4; // Four rows

const byte COLS = 4; // Three columns
// Define the Keymap
char keys[ROWS][COLS] = {
{'L','3','2','1'},
{'U','6','5','4'},
{'D','9','8','7'},
{'E','A','0','R'}
};

// Connect keypad ROW0, ROW1, ROW2 and ROW3 to these Arduino pins.
byte rowPins[ROWS] = { A0, A1, A2, A3 };

40
// Connect keypad COL0, COL1 and COL2 to these Arduino pins.
byte colPins[COLS] = { A4, A5, A6, A7 };
// Create the Keypad
Keypad kpd = Keypad( makeKeymap(keys), rowPins, colPins, ROWS, COLS );

int id,a,i,b,op1[5],j,k,op2[5],id1;
char op[5];
boolean bOK = HIGH;

/* Define the DIO used for the SDA (SS) and RST (reset) pins. */
#define SDA_DIO 9
#define RESET_DIO 8
/* Create an instance of the RFID library */
RFID RC522(SDA_DIO, RESET_DIO);

void setup()
{
Serial.begin(9600);
/* Enable the SPI interface */
SPI.begin();
/* Initialise the RFID reader */
RC522.init();
for(int k=2;k<8;k++)
{
pinMode(k,OUTPUT);//pins 8-14 are enabled as output
}
41
 lcd.begin(16, 2);//initializing LCD
Serial.begin(9600);
Serial1.begin(9600);
fps.Open();
fps.SetLED(true);
pinMode(10,OUTPUT);
pinMode(11,OUTPUT);

void loop()
{

char key = kpd.getKey();

if (RC522.isCard())
{
RC522.readCardSerial();
id = (RC522.serNum[0]);
lcd.setCursor(0,1);
lcd.print("id:");
lcd.print(id);
}

if(id == 230)
{

42
if(bOK == 1)
{
Serial1.println("AT+CMGF=1"); // sets the SMS mode to text
delay(1500);
Serial1.print("AT+CMGS=\""); // send the SMS number
Serial1.print("+919566181532"); // +91 for india
Serial1.println("\"");
delay(1000);
a = random(1000,9999);
Serial1.print(a);
delay(500);

Serial1.write(0x1A);
Serial1.write(0x0D);
Serial1.write(0x0A);
bOK=0;
}

if(key >= '0' && key <= '9')

{
op[i] = key;
lcd.setCursor(i,0);
lcd.print(op[i]);
op1[i] = (int)op[i];
op2[i] = op1[i]-48;
//Serial.print(op2[i]);
}
43
if(key == 'L')
{
i=i+1;
j=j+1;
}

if(key == 'E')
{
b = ((op2[0]*1000)+(op2[1]*100)+(op2[2]*10)+(op2[3]*1));
if(b == a)
{
lcd.setCursor(0,0);
lcd.print("Keep Finger ");
}
else
{
lcd.setCursor(0,0);
lcd.print("Wrong Password");
}
}

if(key == 'A')
{
lcd.clear();
id=0;
i=0;
bOK=1;
44
}

if (fps.IsPressFinger())
{
fps.CaptureFinger(false);
int id1 = fps.Identify1_N();
if (id1 <200)
{
lcd.setCursor(9,1);
lcd.print("id1:");
lcd.print(id1);
lcd.setCursor(0,0);
lcd.print("Finger OK ");
digitalWrite(10,HIGH);
digitalWrite(11,LOW);
delay(1000);
digitalWrite(10,LOW);
digitalWrite(11,LOW);
delay(4000);
digitalWrite(10,LOW);
digitalWrite(11,HIGH);
delay(1000);
digitalWrite(10,LOW);
digitalWrite(11,LOW);
}
else
{
45
 lcd.setCursor(0,0);
lcd.print("Wrong Person");
delay(1000);
lcd.clear();
id=0;
i=0;
bOK=1;
digitalWrite(10,LOW);
digitalWrite(11,LOW);
}
}
}
}

46
 REFERENCES

1. Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami, “SEAP: Secure and
Efficient Authentication Protocol for NFC Applications Using
Pseudonyms”, IEEE Transactions on Consumer Electronics, Vol. 62, No. 1,
February 2016.

2. Jayesh B Mahajan, BhagwatKakde ,andAnuragRishishwar, “Mall Shopping

System Using NFC,” International Journal of Scientific and Research
Publications, Volume 5, Issue 11, Nov.2015.

3. V.odelu, A.K.Das and A.Goshwami, "A Secure biometrics-based multi-

server authentication protocol using smart cards", IEEE Trans.Inf.Forensics
Security, Vol.10, No.9, June 2015.

4. W. Lumpkins and M. Joyce, "Near-Field Communication: It Pays: Mobile

payment systems explained and explored," IEEE Consum.Electron. Mag.,
vol.4, no.2, pp.49-53, Apr. 2015.

5. D. He, N. Kumar, and J. H. Lee, "Secure pseudonym-based near field

communication protocol for the consumer internet of things," IEEETrans.
Consumer Electron., vol. 61, no. 1, pp. 56-62, Mar. 2015.

6. S. Kannadhasan, M. Isaivani, and G. Karthikeyan, "A Novel Approach

Privacy Security Protocol Based SUPM Method in Near Field
Communication Technology," in Proc. Artificial Intelligence and
Evolutionary Algorithms in Engineering Systems, Kumaracoil, India,vol.
324, pp. 633-643, Nov. 2014.

47
7. H. Eun, H. Lee, and H. Oh, "Conditional privacy preserving security
protocol for NFC applications," IEEE Trans. Consumer Electron., vol.59,
no. 1, pp.153-160, Apr. 2013.

8. Ali Alshehri,Johann A. Briffa,Steve Schneider, and Stephan Wesemeyer,

"Formal security analysis of NFC M-coupon protocols using Casper, "
IEEExplore,DOI: 10.1109/NFC.2013.6482439, March 2013.

9. Juniper Research, "NFC Mobile Payments & Retail Marketing-Business

Models & Forecasts 2012-2017," May 2012.
10.V. Coskun, K. Ok, and B. Ozdenizci, Near Field Communication (NFC):
From Theory to Practice, London: Wiley. ISBN: 978-1-1199-7109-2, Feb.
2012.

48