University cybersecurity course project.
The project focuses on creating a home security system for monitoring and securing properties, including apartments, cottages, and houses. The system aimed to detect and alert users about unexpected events, such as power outages, break-ins, and interior changes.
The architecture of the system consists of the central app (as separate backend Spring Boot and frontend Vue.js apps) and, on the other hand, devices.
The central app:
- Collects, normalizes, and filters events from various devices to detect and alert users about changes. It uses a rule-based system (Drools) to correlate events over time and trigger alarms for unexpected occurrences.
- Recognizes four types of users: unregistered users, admins, property owners and property renters.
- Unregistered users can only create certificate signing requests (CSRs).
- Admins are central to system security and have five main responsibilities:
- Public Key Infrastructure (PKI): certificate creation, revocation, distribution etc.
- User management within the system
- Configuration of properties and devices
- Alarm definition and tracking
- Viewing/searching logs
- Owners can assign renters to their properties, check their devices and read the devices' messages, as well as get reports of device activity in certain periods.
- Renters have similar features to owners, except for the assignment of properties.
Devices:
- Monitor different environmental signals, such as door openings, light changes, and temperature shifts.
- Generated standardized messages enriched with relevant information for the central app.
- Randomly alternate between normal and attack states in their messages for testing.
- Represented as scripts written in Python.
Throughout the system the following are also taken into account and/or implemented:
- Protection of sensitive data during storage, transport, and usage.
- Encryption or hashing of unavoidable data storage.
- Secure HTTPS communication configuration.
- Digital signatures for exchanged messages (e.g. between devices and the central app).
- Authentication and authorization mechanisms.
- Role-based access control (RBAC) for access control.
- OWASP Top 10 security risks.
- Run the central app (backend).
- Run the frontend application for the central app via
npm install&npm run servewithin the ./src/main/ui/vue project directory. - Open localhost:8080.
- Create a CSR for each device you want to add/use within the system (available device scripts are located in ./devices, where the name of the script is the name of the device, which should be the common name within a CSR). Example:
- Log in as an admin (there are example preset accounts for all types of users; all passwords are 123, and usernames are admin for the example admin, owner1 for the example owner and renter1 for the example renter).
- On the All CSRs page, generate the certificates for each CSR.
- Move (distribute) the generated private keys (e.g. door-1.key) to devices from the ./store/private_keys_to_distribute project directory to ./devices.
- Run the corresponding Python device scripts in ./devices (e.g. door-1.py) for the devices to start generating signed messages.
- From then on, use the rest of the features of the system by navigating within the central frontend application.