IoT based Login Alert System & Human/Bot Verification

Captcha ( Completely Automated Public Turing Test to tell Computers and Humans Apart ) is a test that all of us would have had to pass when verifying login details on certain sites that use distorted text or image selection. Now depending on the test CAPTCHA will take some time for a user to pass and can get a bit frustrating at times.

In this project, we will see how a tactile push-button switch can be used to quickly verify whether a user is a human or bot and also at the same time act as an additional security feature.

Another thing one might have observed maybe with your Google Account is that whenever you log in from a new device, Google mails you about this and asks you to confirm whether it was you who logged in. Now, there can be a situation where you were away from your phone or computer and by the time you have realized, an intruder would have gained access to your account.

In this project, we will also see how a user can be notified by a buzzer and an email when someone has accessed your account using a username and password but failed to pass through any additional security layer like 2-factor Authorization that you had setup. The user can then quickly change the password and secure their account.

Step 1: Hardware Setup

Connect the two 330 ohms resistors ( A & B ) on the breadboard as shown in the figure. Connect the tactile push button switch across the isolating ravine. 3.3 V from Bolt module is given to one end of resistor A. The other end of resistor A is connected to one end of resistor B and pin 1 of the push-button switch.

The far end of resistor B is connected to pin 1 of the Bolt module. This pin will read the voltage level at the far end of resistor B. Longer end of the buzzer is connected to pin 0 of the Bolt module while the shorter end is connected to ground. Complete the circuit connections by connecting the GND pin of the Bolt module and pin 2 of push-button switch to ground power rail.

In my project I have a used 2-pin tactile push button switch where one end is connected to terminal strip connecting resistors A & B and the other end to ground. The idea remains the same.

Use the USB-A to Micro-USB Cable to power up your Bolt Wi-Fi module.

Step 2: Bolt Wi-Fi module setup

Login to cloud.boltiot.com. Note down the ID of your Bolt Wi-Fi module. Next, click on the API tab.

Click on copy button and store the API key somewhere safe which will be used to connect to your Bolt Wi-Fi module.

Step 3: Mailgun API setup

We will be using Mailgun to send automated e-mails. Open www.mailgun.com. Create an account. Verify your mobile number.

Dashboard shows up when your login is complete. Now scroll down and select on the sandbox domain that you have been assigned.

Next enter your email to which you want the alerts to be sent under "Authorized Recipients". Click Save. Note down the SMTP credentials under "SMTP" tab and API key under "API" tab.

Step 4: Setting up Environment

I am using Ubuntu 16.04 server running on digitalocean cloud platform www.digitalocean.com & python 3.5. You can use any other environment/OS which can run python programs like Jupyter Notebook as long as you have the following libraries installed. Any python version above 2.7 can be used.

boltiot
json
time
pyOpenSSL ndg-httpsclient pyasn1
'requests[security]'

Following steps can be done to setup environment in Ubuntu:

Login to your Ubuntu machine. Update and install the existing package upgrades in your Ubuntu machine by running these commands. Sudo here means "super user".

sudo apt-get update
sudo apt-get upgrade

Next we will install pip package manager for Python 3. Pip allows us to install and manage python libraries like boltiot, json etc.

sudo apt-get install python3-pip

pip install --upgrade pip

Once pip is installed we can now proceed to install the libraries required.

pip install boltiot

pip install pyOpenSSL ndg-httpsclient pyasn1

pip install 'requests[security]'

Create a new directory and enter it.

mkdir project

cd project

The main code along with a configuration file will be present in this directory.

Step 5: Code

We first create a configuration.py file that has all the credentials and the API keys needed to use the services and to connect to the Bolt module. Storing credentials and API keys in this way will keep it safe and away from the main program. A sample username and password to demonstrate this project is stored here as well. This program will imported as a library in the main program.

/*Configuration File*/
/*Mailgun*/
MAILGUN_API_KEY = 'c1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx2'
SANDBOX_URL= 'sandboxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.mailgun.org'
SENDER_EMAIL = 'postmaster@sandboxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.mailgun.org'
RECIPIENT_EMAIL = 'xxxxxxxx@gmail.com'
/*Bolt*/
API_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
DEVICE_ID = 'BOLTxxxxxx'
/*Login details - Sample*/
username="user@gmail.com"  /*Sample username*/ 
password="1234"            /*Sample password*/

Now comes the main.py program. We first import the libraries and create objects to interact with the Bolt module and Mailgun API using the contents of the configuration file.

import conf                        
import json,time                   
from boltiot import Bolt,Email   

mybolt=Bolt(conf.API_KEY,conf.DEVICE_ID)       

mailer = Email(conf.MAILGUN_API_KEY,conf.SANDBOX_URL,conf.SENDER_EMAIL,conf.RECIPIENT_EMAIL)

I wrote a function that checks if the button is pushed. This is where the human/bot verification comes into play. The user has to push the button within 5 ( Arbitrarily chosen for demo. You can choose any number) seconds failing which the user has to login again from the beginning.

def button_check():
    print("Press and hold button for 1 sec")
    for i in range(0,5):
        response=mybolt.digitalRead('1') 
        data=json.loads(response)        
        print(data)                      
        if int(data['value'])==0:  
            print("Succesfully logged in")
            return 0
        time.sleep(1)
    return 1

The final part of the code has an infinite for loop which asks for user login details and will break when the user successfully enters the username, password and pushes the button/switch. If the user fails to login after 2 attempts ( I have chosen 2 just for demonstration) the buzzer will be activated, an email will be sent and a delay of 10s is added.

count=0                                               
while True:                                           
    print()
    usr=input("Enter username:")                       
    print()
    passw=input("Enter password:")                   
    usr=usr.strip()
    passw=passw.strip()
    if usr==conf.username and passw==conf.password:  
        time.sleep(3)
        check=button_check()
        if(not check):
            break
        count+=1
        print("Timeout. Please login again")
    elif usr!=conf.username or passw!=conf.password:                                   
        print("\nIncorrect username or password.Please try again")
    if(count>=2):                                 
        print("\nMaximum tries reached.Please wait for another 10 seconds")
        response=mybolt.analogWrite('0','100')    
        response=mailer.send_email("Alert-User Login", "Someone has tried to access your account") 
       response_text = json.loads(response.text)                
        print("Response received from Mailgun is: " + str(response_text['message']))  
        time.sleep(10)                                          
        response=mybolt.digitalWrite('0','LOW')                 
        count=0

Run the main program using sudo python3 main.py ( If you are using Python 2.7 then it will be sudo python main.py )

Working

We will now see how the circuit works and the demo of the project.

The working of the 4-pin push-button switch is clearly explained in this video by YouTuber "My Distractions".

The 2-pin switch I have used works in a similar way.

Consider the scenario when the push-button switch is not pressed. The current flows through resistor A and resistor B which is picked up by pin 1 since there is no closed path through push-button switch. Pin 1 will therefore read high and the value '1' is sent to the Bolt Cloud.

Now consider the scenario when the push-button switch is pressed. The current flows through resistor A and the push-button switch to the ground completing the circuit forming a closed path which is the least resistant path. Pin 1 of Bolt module will therefore read low and the value '0' is sent to the Bolt Cloud. Very small current will flow through resistor B which is not enough for pin 1 to read '1'.

If the user fails to login after 2 attempts then the buzzer is activated by pin 0 and an email is sent using Mailgun API. You may receive the email in your spam folder if you are using a free account since Mailgun is sending emails from a shared IP address which is used by many users.

Complete Circuit is shown below. I am using a 2-pin push-button switch which is connected across the isolated ravine of the breadboard so the circuit here looks bit different compared to the schematic.

Demo

To make it more realistic you could build this functionality into a website using Django/Flask or any other web framework. Please let me know your thoughts about this project in the comments.