IEEE Access (Jan 2022)
Loki: A Physical Security Key Compatible IoT Based Lock for Protecting Physical Assets
Abstract
The twenty first century has witnessed an enormous rise in data produced per person and it has also witnessed newer and advanced forms of digital attacks and instinctively, witnessed a rise in the need for data protection. However, the essential assets are still physical and needs to be protected. Usually vaults, lockers, safes and so on and used for the safe keeping of the physical assets. However, studies have shown they are vulnerable to various attacks. This paper proposes a novel and robust physical lock for safekeeping of physical assets called Loki. A Physical Security key is used to authenticate the lock and it uses a cloud-server architecture. It employs best cloud security practices, proper use of cryptography and trusted computing to mitigate all common risks. The cloud architecture runs a Virtual Machine (VM) to securely authenticate using Fast IDentity Online (FIDO2) specifications. The physical authenticator data is stored in the cloud for security and only accessed when an unlock is requested. The cloud allows web-based physical key management for adding more keys or removing keys. The whole system has been implemented in a Internet of Things (IoT) scenario.
Keywords