Sandia National Laboratories Clinic Detecting Unauthorized Access To Security Container Creating a Graphical User Interface Arslan Majid EE Student University of Utah Abstract-This proposal describes the design of a GUI (Graphical User Interface) that is to be specific to the CASC (Critical Asset Security Container) system. The interface is to be created with Labview software obtained from National Instruments by Sandia National Laboratories. The GUI will be able to allow for authorized users to gain access to the CASC system via password input. It must trip an alarm for all unauthorized users and must never give a false alarm. I. STATEMENT OF PROBLEM This proposal calls for the design of a GUI (graphical user interface) that is to be used with the CASC (Critical Asset Security Container) system that is being built by the Sandia National Laboratories Clinic team of 2010-2011. The CASC system that is being built by the clinic team will need a means of communicating to its user what the safe’s current state is. For example, the safe will need to tell an authorized user whether or not it has accepted that the user is indeed allowed clearance to the safe. Likewise, the CASC system will need the user to communicate with the system as well. For example, if an ‘authorized user’ wants to prove that they are indeed authorized to access the contents of the safe, then he/she will need to pass through the security in the interface by inputting some sort of code to prove their status as ‘authorized user’ Sandia National Laboratories has described four different kinds of users that the security container needs to concern itself about. According to their descriptions: A. Authorized user The container will allow an ‘authorized user’ to open the container, to access its contents, and to close the container. However, if the ‘authorized user’ tries to tamper with the container in any other way (IE: If the user tries to disable the circuitry or tries to remove the battery) then the safe, along with the interface, will set off an alarm. B. Maintenance Access Maintenance users will be allowed to change the power supply of the container. This means that, if the battery of the CASC system runs out of juice, then it will be up to the maintenance team to place a new battery into the container. Maintenance will also be responsible for software and hardware updates of the container. Maintenance users, however, will not be allowed to access the contents of the safe and if they ever do, and alarm will be set off. C. Security Access Security users will be allowed to transport the container. If a situation ever arises where an alarm was set off, then the security user will be allowed to reset the alarm status. Security users will also be allowed to check status reports that will be written by the CASC system on an SD Micro card. Security users, just like the maintenance users, will not be allowed access to the contents of the safe. D. Unauthorized User The last users that the CASC system will need to concern itself with are unauthorized users. Unauthorized users are users that do not fit any of the user descriptions above. It is assumed that these users do not have the information to get into the safe and that they will try anything to gain access to the safe. Therefore, the CASC container must detect any attempts of tampering or unauthorized access and it must activate an alarm if such a user tries to access the safe. Along with setting off the alarm, the CASC container must also record the cause of the alarm onto an SD Micro card. In summary of the statement of the problem, a GUI must be built for the CASC system so that the container can communicate and be communicated with the four different types of users listed above. The GUI will be an essential part of the safe because the GUI is the mechanism that will be able to differentiate between the four different types of users that will deal with the safe. II. PAST ATTEMPTS AT SOLUTION Traditional security container GUI’s are very simple as the only user that the security container needs to concern itself with is the user that knows the information to get into the safe. The GUI of these containers is usually in the form of a lock or sometimes even a digital number input. Usually, traditional containers don’t worry themselves about unauthorized users and the only thing keeping unauthorized users from accessing the safe is the mechanical design of the safe. An example of these traditional safes is the “Sentry Safe DA3410” [1] , where the GUI exists only as a form of a lock. Another example of the GUI of a safe would be in the “Biovault Biometric Safe” [2] which uses a fingerprint reader to communicate with the user and can allow for up to 50 authorized fingerprints. This safe competes very closely with the security container that the Sandia Clinic team has proposed to build. However, the Biovault Biometric Safe does not set off an alarm whenever unauthorized actions are detected. The Biovault Biometric Safe also does not allow for more than 1 different kind of user. Although it allows 50 fingerprints, it assumes that all 50 are the same user. On the other hand, the CASC container that the Sandia Clinic has proposed will allow for authorized users, maintenance users, and security users to access the safe in different ways. III. PROPOSED SOLUTION The goal in creating the interface of the CASC system is for the interface to be able to communicate to the user about what the CASC system is actually doing. As previously mentioned, the GUI will need to operate in different sates depending on what kind of user uses the device. The GUI will be made with LABVIEW, a software program made by National Instruments. On its main screen, the GUI will have 3 clickable buttons for the following kinds of users: 1) authorized users, 2) maintenance users, and 3) security users. While the GUI is on its main menu, the sensors of the CASC system detect suspicious activity. If anything suspicious is detected by the CASC system while it’s on the main menu, then the interface will set off an alarm. If a user clicks ‘authorized’, he/she will be prompted for a password. Upon the correct input of a password, the user will be sent to a screen entitled ‘Authorized User’ showing them what they’re allowed to do as that user. When the ‘Authorized User’ screen is up, the sensors that detect unauthorized actions will be turned off. The only sensors that will remain on will be those that will detect tampering within the safe. If an authorized user, for example, tries to remove the battery in the ‘Authorized User’ screen, then an alarm will be set off. This is the same scheme that that GUI will follow with the users that are allowed to input passwords. For all unauthorized users, the GUI will display an alarm signal upon detection of unauthorized actions. A. Method of Proposed Solution Labview, a program made for engineers and scientists by National Instruments, will be used to create the GUI of the CASC system. Labview is a program used for the purposes of developing sophisticated measurements, testing, and creating control systems. A license has been obtained from National Instruments by Sandia National Laboratories that will allow for the Sandia Clinic group to work with this program. On the National Instruments website are tutorials for those looking to create GUIs with Labview [3] .These tutorials will be used as a stepping stones towards creating the GUI for the security system. B. Means of Verifying Results For testing purposes, the GUI will also display what sensors have been breached so that the group can test for false-positives. Also, in this way, the group will be able to detect whether or not the CASC system is in sync with the GUI. This will allow the group to verify that the GUI, along with the CASC system, does work. IV. SUBSTANTIATION The attached Gantt chart shows the time line for creating the GUI of the CASC system. Total time allotted for this part of the development is 3 months. A fully operational GUI, with a goal of zero glitches/bugs, will be ready in approximately 10 months. The disparity between the time it will take to make the initial GUI and the final GUI is due to the fact that the GUI is completely dependent on the CASC system itself. Therefore, as soon as the group has its fully functional product, the GUI will be ready. The attached budget details expenses anticipated for development of CASC system. The total budget is $64.95 and covers only the cost of the Bluetooth Extender kit [4] which will be used only if the Sandia advisors decide that the security container needs it. REFERENCES [1]- “Sentry Safe DA3410 1.2cf. 4#combo Blk/gry Sentry Fire-safe”, Apr. 25, 2010. [Online]. Available: http://www.amazon.com/Sentry-Safe-DA3410-1-2cf-Fire-safe/dp/B000R81W8O [Accessed: Apr. 25, 2010]. [2]- “Biovault Biometric Safe with Fingerprint Reader”, Apr. 25, 2010. [Online]. Available: http://www.amazon.com/Biovault-Biometric-Safe-Fingerprint-Reader/dp/B0016N5EH4 [Accessed: Apr. 4, 2010]. [3]- “Labview User Interface Gallery”, Apr. 25, 2010. [Online]. Available: http://zone.ni.com/devzone/cda/tut/p/id/3587 [Accessed: Apr. 25, 2010]. [4]- “Bluetooth Arduino”, Apr. 4, 2010. [Online]. Available: http://www.sparkfun.com/commerce/product_info.php?products_id=9358, Apr. 4, 2010].