The 2fa Phone Lock

Our phones play a crucial role in our day to day lives. It contains some of our most important secrets, we use it for banking, messaging others, work and as a way to authenticate ourselves.

A lot of application use 2 factor authentication. This is great as a security measure. Now you do not only need a password you also need a one time password from an authenticator app on your phone. However our phones, containing some of our most important secrets, only needs one type of authentication.

There are 3 types of common methods to authenticate the user.

1. Something you know, for example a password.
2. Something you are, for example face recognition or a fingerprint scanner.
3. Something you have, for example a key or a phone with an authenticator app.

Our phones use 2 of these. Phones use the method of something you know, a password, pin code or pattern. Modern phones also have options for the method of something you are, face recognition or a fingerprint scanner.

The problem is that instead of requiring both, phones require only one of them even if you have both methods enabled. This decreases the security of one of the most important device we use.

This project adds an extra layer of security to our phone. I used the third type of authentication, something you have, since that one does not overlap with an already used method on our phones.

I made a case for my flip phone that uses a time based one time password (TOTP) that can be found in the google authenticator app on my phone...

1. An Arduino Uno
2. A 4x3 Keypad (4x4 is what I used)
3. 2 sg90 Micro Servo
4. Some wires
5. Access to a laser cutter
6. A Samsung Galazy Z Flip 5 (I expect it to also work for other Galaxy Z Flip phones)

We need 3 components for this lock to work. First we need a 4x3 keypad. I have used a 4x4 keypad which works perfectly fine. If you use a 4x4 keypad you don't have to do anything with the right most wire of the keypad. I used pins 2-8 working from left to right the first cable from the keypad in pin 2, the second in pin 3, etc. Since I used a 4x3 keypad I didn't use the right most cable.

The other 2 components are 2 servo motors. Provide both with 5V, ground and one output pin. I used pin 9 and 10. With the servo motors I used you need to connect the brown wire to the ground, the red wire to the 5V and the orange wire to one of the pins. The left motor uses pin 9 and the right one uses pin 10.

For the code you will need the following libraries:

The Servo library: https://docs.arduino.cc/libraries/servo/

The Keypad library: https://docs.arduino.cc/libraries/keypad/

The swRTC library by leomil72: https://github.com/leomil72/swRTC (if you don't use a clock module)

The TOTP library by Luca Dentella: https://www.lucadentella.it/en/totp-libreria-per-arduino/

The code I used is a modified version of the example code made by Luca Dentella: https://github.com/lucadentella/Lego_OTPDoorLock

For the encasing I used a laser cutter.

The first image has the phone holder and servo holder.

The second image shows the rest of the case assembled.

This part and the lid are both in the attached dxf file.

Add the servo horns to the servo's in the position as seen in image 4 when the servo's are in their 0 position.

I used 3mm thick mdf.

The box is 86mm x 106mm x 15mm.

The servo holders stick out 15.5mm are 35mm long and 3mm thick.

The inside of the box is 80mm x 100mm x 12 mm.

The first image shows the lid parts.

The second image shows the lid assembled.

The lid is essentially a small box with 2 holes for the servo horns.

The box is 122.1mm x 96.95mm x 9mm.

I used 3mm thick mdf.

In order to configure the TOTP devices we need an hmac key for the arduino and a base32 encoded key for the google authenticator app.

Luca Dentella, who also made the TOTP library, made this very useful site: https://www.lucadentella.it/OTP/

The only thing you need to add is a ten character long password in the secret section.

The site will generate an Arduino HEX array wich has to be put in the code as seen in image 2.

The base32 encoded key has to be added to the google authenticator app as seen in image 3.

The last step is to configure the time and date. TOTP uses the time and date to generate the password. If these are out of sync then the password will not work.

I recommend using a clock module, if you don't have one like me then that is fine.

Using the swRTC library we can set a time, the library then uses that initial time to calculate the current time based on how long the Arduino is on. When you disconnect the power from the Arduino the time will be reset and therefore no longer synced.

The time zone the google authenticator uses is in GMT. Make sure you add the time in GMT. I recommend adding a time 1 minute later then when you upload the code. You can then add power to the Arduino at when the time in the code matches the current GMT time.

You can find the current time in GMT here: https://greenwichmeantime.com/current-time/

Now you can put your phone in the case, add the lid on top and press the * button to close the device.

Now your phone has 2 factor authentication!

When typing the code on the keypad first press the # button to clear any accidental button presses.

Now that our phone is secure we can unlock it by using the code we find in the Google authenticator app on our phone...

Oh no...