YUSoSecure

• 

  YUSoSecure hardware + software

• 

  YUSoSecure homepage

• 

  Email verification

• 

  Google Authenticator authentication

• 

  Touch ID Authentication

• 

  Captcha authentication

• 

  ESP8266MOD math authentication

• 

  Shamir's secret sharing algorithm authentication

Inspiration

We, a group of four friends with a passion for software and having fun, were attracted to the idea of making something simultaneously useful and hilarious. Given that we were going to be locked in at York for CTRL HACK DEL for the next 24 hours, naturally, our brainrotted brains thought of "John Pork," the famous internet meme.

From there, we integrated this crazy and absurd idea out of the blue into the event themes, eventually settling on security/user authentication.

What it does

York University SoSecure (YUSoSecure) aims to demonstrate the amusing and high-security potential of 8 factor authentication involving our main protagonist, John York (a distant cousin of John Pork attending YorkU). From an intricate math challenge involving a microcontroller, to a virtual "Vibe Check". We engineered our authentication process to be engaging, hilarious, and highly secure at the same time.

How we built it

As we are all undergrad students ourselves, we replicated the YorkU student ID sign-in page (with our own twist of course) as a common example of where our authentication system could be applied.

On our replica site, you portray John York as you venture your way through the platform. We prompt you to undergo all 8 of the authentication stages we offer to successfully login:wink:.

All 8 verification methods used (in order) are:

• Traditional username/pwd credentials
• Email Authentication
• Google Authentication
• Fingerprint ID
• Captcha
• University-level math problem with an ESP8266MOD board
• Secret Password Guessing
• Vibe Check

It is only when a user successfully passes all 8 stages that we can accurately deduce that the user is not malicious and present them with a little present at the end (~~ not a rick roll~~).

Challenges we ran into

• Setting up email/SMS confirmations.
  
• Shifting platforms from Twillio to SignalWire.
• Finding a creative way to incorporate hardware into a project without being capped by the limitation of microcontrollers in comparison to using complete software.

One of the greatest challenges we encountered was setting up the SMS code verification systems. At first, we had the idea to use Twillio to serve as a virtual phone number for our demo. However, we soon realized it was only compatible with Java versions 13-17 when the rest of our application was in Java 21+. As an alternative we found SignalWire, which aligns with the version of Java we were using.

Accomplishments that we're proud of

• Configuring the wifi on the ESP8266 board (the drivers drove us insane)
• Integrating everyone's contribution of Software into one, fully functional and efficient product

What we learned

• How to combine front, back, and hardware components into one cohesive product
• How to collectively iterate, share ideas, and have fun along the way
• Hackathons are a lot of fun when we all have the objective of having fun

What's next for YUSoSecure

We could ship our system as a collection of different authentication functions that can be partially or fully used by third parties. Since each stage operates independently of the previous one, it is very easy to scale our product and create a library of sorts to provide to others to up their security game.

Built With

• axios
• css
• esp8266
• html
• java
• javascript
• maven
• node.js
• react.js