Arduino-based door lock in C supporting 20+ RFID tag IDs with STRIDE threat model analysis, rolling-code EEPROM countermeasures against replay attacks, and MIFARE Sector 1 authentication to defeat tag cloning.
RFID Secure is a fully functional embedded door-lock access control system built on an Arduino Uno (ATmega328P) and programmed in C. At its core, an MFRC522 RFID reader module communicates over SPI to read the UID of presented MIFARE Classic 13.56 MHz cards. The firmware cross-checks each UID against a whitelist of 20+ pre-authorised tag IDs stored in PROGMEM flash. On a match, a servo motor actuates the door latch to the open position for 3 seconds before auto-locking.
The project went beyond a basic access system: formal threat modelling using the STRIDE framework was applied, identifying two critical vulnerabilities:
- Replay Attack: Captured UID signal could be rebroadcast to unlock the door. Defeated by EEPROM rolling counter -- replayed packet presents same counter, strictly-greater-than check fails.
- Tag Cloning: Proxmark3-cloned card replicates UID but lacks secret key. Defeated by MIFARE Sector 1 Key-A authentication -- cloned card fails MIFARE_Authenticate.
| Metric | Value |
|---|---|
| Authorised Tags | 20+ RFID tags |
| Vulnerabilities Found | 2 (Replay + Cloning) |
| Auth Method | Rolling-code + MIFARE Sector 1 |
| Response Time | < 200 ms |
| Component | Arduino Pin | Interface | Notes |
|---|---|---|---|
| MFRC522 SDA (SS) | D10 | SPI | Slave Select |
| MFRC522 SCK | D13 | SPI | Clock |
| MFRC522 MOSI | D11 | SPI | Master Out Slave In |
| MFRC522 MISO | D12 | SPI | Master In Slave Out |
| MFRC522 RST | D9 | Digital | Reset |
| MFRC522 3.3V | 3.3V | Power | Do NOT use 5V |
| MFRC522 GND | GND | Power | Ground |
| SG90 Servo Signal | D6 | PWM | Lock (0 deg) / Unlock (90 deg) |
| SG90 Servo VCC | 5V | Power | External supply recommended |
| Green LED | D7 | Digital | Access granted |
| Red LED | D8 | Digital | Access denied / alert |
| Active Buzzer | D5 | Digital | Feedback beeps |
| OLED SDA | A4 | I2C | Optional display |
| OLED SCL | A5 | I2C | Optional display |
- Threat: Attacker captures UID broadcast with SDR/PN532, replays signal
- Mitigation: EEPROM rolling counter -- each scan must present monotonically increasing counter
- Detection: cardCounter <= storedCounter -> REPLAY ALERT
- Threat: Proxmark3 clones UID to blank MIFARE card
- Mitigation: MIFARE Sector 1 Block 4 Key-A authentication -- cloned card lacks secret key
- Detection: PCD_Authenticate fails -> ACCESS DENIED
- MCU: Arduino Uno (ATmega328P @ 16 MHz)
- RFID: MFRC522 (13.56 MHz, ISO 14443-A)
- Language: C (Arduino framework)
- Storage: PROGMEM (whitelist), EEPROM (rolling counters)
Mothi Charan Naik Desavath -- Embedded Systems Engineer