rfid.jpgWe interviewed Amal Graafstra about his creepy cool human RFID project. Amal embedded a RFID tag in his hand to easily open his car door, home and to be used as his “password” for a Windows login prompt all by simply waving his hand. RFID stands for Radio Frequency Identification, it allows the storing and retrieval of data usually through a RFID tag and transceiver from PhidgetsUSA. Amal outlines the gear he used as well as the projects he’s working on. We also rounded up a lot of great information, photos, links, resources and point to a new group of DIY RFIDers.

rfidbg.jpg

Like all interesting things lately, I first spotted Amal’s project on his Flickr site. It was immediately picked up and sent around in the usual bloggy place, so when I contacted him I was more interested in what types of projects he’s going to do now that he’s embedded
Amal’s site with latest updates, videos and more here.

Before you read about what’s in store for Amal’s RFID project read Jordan Ginsberg’s great interview with a lot of background on BMEzine.com. Matt from Phidgets has a parts list in the article if you’re thinking of doing this yourself.

Oh- and MAKE reader Chris Rigby writes in and says “Hey there. Saw your comment on Amal’s photo set about his implant. Thought you might like to know there is now a small community forming up around this here- The “Tagged” RFID implant forums. I’m just waiting for my implant to arrive in the mail and I’m next. ;) There are a couple of other guys on the forum also hoping to get it done. RFID is catching… who knew?”.

Interview with Amal Graafstra, the projects

One thing I want to make clear first off, I know all these projects and ideas have inherent security flaws and issues. It seems people think I’m some kind of an idiot or something.

1) Tech overview. I have three projects in mind right now.

RFID access to house via electronic strike in the door frame
This project uses the phidgets (http://www.phidgetsusa.com/) USB RFID reader attached to a “home control” PC system. The home control PC runs software, written in VB 6, listens for RFID tag reads from the reader and authenticates the tag/reader combo (this tag at this reader). Once authenticated, the +5V output on the phidgets USB reader is activated and the electronic strike “buzzes” me in my front door. This system reads it’s authentication data from a central database and stores an encrypted local recordset, just in case the central database (located in Seattle) is unavailable.

I am currently working on integrating SMS text message based management of this access control system through my involvement with Wirecutter (www.wirecutter.com), a company that specializes in SMS applications. It would work something like this: I give a friend an RFID keyfob tag. They arrive at my house when I’m away and try to get in my front door. The system alerts me via SMS text message that “bob” is trying to get in my house. I can respond via SMS text message to tell the system to activate bob’s keyfob for 10, 20, or maybe 60 minutes, thus letting him in my house.

RFID access to my windows machine
This project involves the same phidgets USB reader, embedded into my keyboard. a windows NT GINA replacement is installed on the machine that provides normal authentication methods, plus an RFID interface. The RFID aspect of the GINA replacement will read an encrypted local database that cross-references RFID tags to usernames and passwords. I place my hands on the keyboard and the RFID tag is read, matched to username/password info, and that username/password info is passed to the standard Windows NT authentication mechanism.

RFID access to my car door (unlocks door & disables alarm) for this one I need a non-phidgets RFID reader and a microcontroller. The basic idea is that the reader and microcontroller will run 24/7, powered off of 12v. The microcontroller will feature a very small amount of non-destructive ram to hold the very small list of tag IDs that are authorized to enter the car, as well as a log of tag reads. The microcontroller will most likely be interfaced with my in-car PC so logs can be pulled and cleared from ND ram, as well as keep the access list up-to-date. The in-car PC will have internet access via wireless 802.11B/G as well as a Bluetooth GRPS connection to my cell phone to keep itself synced up with the central database in Seattle.

I may, just for kicks, wire up an old two-way pager to the microcontroller so I can get SMS alerts on my cell phone if unauthorized RFID tags are being read on my car… and/or my car alarm is going off. An SMS alert that my car alarm is going off might be nice if I’m too far away from the car to hear it.

Maybe I’ll get really funky and allow an SMS message to turn off the alarm via the two-way pager… or unlock my car via SMS. Too bad I have a manual transmission; otherwise I’d look into SMS remote start too.

2) I got all my gear through http://www.phidgetsusa.com. However, for the car entry project, I won’t be able to use phidgets devices… I’ll have to solder my own reader to a microcontroller and write the software for the microcontroller.

3) Coming soon. These projects are in bench phase (parts laying on the bench), no prototypes are done yet aside from some alpha software.

4) The software runs as a service and has no user interface. The central database will have a secure web interface, but for now I’m entering test data directing into the tables via SQL queries.