Related Projects

Proximity-based solutions has become integral to various industries, from IoT-powered smart offices to sophisticated access control systems. To identify the most effective technologies to be used in our project, we conducted an in-depth analysis of existing proximity-based authentication systems from 2 different companies, examining their software and hardware implementations to understand the core driving their functionality.

Review 1: Yubico

Yubico is an American company manufacturing hardware authentication devices, their main product is the YubiKey which is a security key utilised for 2FA based authentication [1]. They have a diverse range of products which tangentially relate to our project, utilising technologies like NFC, OTP and FIDO2.

Yubico logo

Their products serve as the industry standard for hardware-based authentication systems, and inspired some of our intial ideas as we also considered using Near-Field Communication (NFC) based authentication, however after gathering our requirements and surveying stakeholders we realised it would not be the most appropriate for the purposes of our project. This is due to the fact that our project is largely aimed at creating a seamless proximity-based login system that is both accessible and secure. NFC would hinder our ability to leverage proximity-based authentication.

Figure 1: YubiKey security devices offering multi-factor authentication

As additional authentication, we were also inspired by the usecase of these keys as TOTP generators that could validate their authenticity with an external server. As part of our research, we've also been in touch with employees from CyberArk, a leading InfoSec companies that specialises in identity security, and they also recommended an approach involving TOTP authentication.

Cyberark logo

Review 2: Alps Alpine

Alps Alpine is a Japanese multinational corporation specializing in electronic components and vehicle information systems [2]. They leverage Bluetooth Low Energy (BLE) for secure digital key solutions, collaborating with industry leaders like Broadcom and Giesecke+Devrient (G+D) to enhance vehicle security and user convenience.

Alps Alpine logo

In partnership with Broadcom, Alps Alpine developed BLE-based high-accuracy distance measurement for secure keyless entry [3], enabling seamless locking and unlocking via smartphones. Their system ensures both convenience and security, integrating Broadcom's Bluetooth and Wi-Fi® combo chip for precise proximity detection.

Broadcom logo

Their collaboration with G+D led to a wireless digital key system aligned with the Car Connectivity Consortium (CCC) standard, incorporating encryption technologies similar to mobile payments. Alps Alpine designed keyless entry components, while G+D handled secure digital key issuance and management.

Giesecke+Devrient logo

BLE's low power consumption and high-accuracy distance measurement make it ideal for automotive applications. Alps Alpine's implementation of this technology provided key insights for our QPG system, influencing our approach to proximity-based authentication using BLE with an ESP32 microcontroller. Additionally, their emphasis on encryption reinforced our decision to adopt post-quantum cryptography, ensuring secure user authentication.

Technology Review

Wireless Proximity Technology

Proximity detection is a crucial element of our system, allowing users to interact effortlessly with nearby devices whilst also ensuring security. To determine the most suitable technology for this purpose, we evaluated several options, including Bluetooth Low Energy (BLE), Near-Field Communication (NFC), Radio Frequency Identification (RFID), and Wi-Fi Positioning System (WPS).

Ultimately, BLE's balance of affordability, efficiency, and compatibility makes it the most appropriate solution for efficient, profile-based authentication in real-world environments, which is why we selected this option for use in our QPG system.

Facial Recognition for Authentication

We chose facial recognition to be the primary authentication method for our system as it provides a reasonable compromise between security, usability, and accessibility. Implementing facial recognition within our system means that users can log in to devices without physical interaction, which makes it an ideal solution for accessible two-factor authentication (2FA).

Voice recognition was considered as an alternative authentication method but we decided against this due to several limitations. While voice authentication does provide a hands-free authentication method, it is a lot more susceptible to environmental noise, variations in a user's voice due to illness or stress, and spoofing attacks using recorded samples. Additionally, voice authentication systems require continuous model training to adapt to changes in a user's voice, making them less practical for seamless authentication. Facial recognition however, offers a higher level of security due to unique facial features and ensures a more reliable and user-friendly authentication experience.

Post-Quantum Cryptography (PQC) Algorithm

To secure user authentication and communication between devices, we considered it a necessity to use post-quantum cryptography (PQC), making our system future-proof from any quantum attack. While traditional encryption methods such as RSA-4096 and Elliptic Curve Cryptography (ECC) are adequately effective today, they may become vulnerable as quantum computing evolves, and so we took this into consideration while designing our system.

After research and evaluation of several PQC algorithms, we chose to implement the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), a standardised version of the CRYSTALS-Kyber algorithm, as the encryption standard for our system. CRYSTALS-Kyber is a lattice-based encryption algorithm that provides strong security against quantum attacks.

The KEM stage involves:

• 1. Key Pair Generation — Each party (sender/receiver) generates a public-private key pair using the Kyber algorithm.
• 2. Encapsulation — The sender uses the recipient's public key to generate a shared secret and a corresponding ciphertext.
• 3. Decapsulation — The recipient uses their private key to retrieve the shared secret from the ciphertext.

Alongside ML-KEM, we also implemented the Advanced Encryption Standard with Galois/Counter Mode (AES-GCM) symmetric encryption algorithm to ensure secure communication between devices. Our system's encryption process begins with KEM, which establishes a shared secret between communicating parties. Once the shared secret is established, AES-GCM is used to encrypt and decrypt messages.

Comparison of IoT Devices

Choosing the right hardware for proximity detection and facial recognition was essential to ensuring reliability and efficiency in our system. After considering several options, we selected the Raspberry Pi 5 as the primary processing unit for facial recognition, and proximity management, whilst the ESP32 microcontroller is used to function as a low-power BLE beacon.

Proximity Detector & Authenticator

Raspberry Pi 5

NVIDIA Jetson Nano

The Raspberry Pi 5 offers ample processing power to handle incoming BLE signals, run facial recognition algorithms, and communicate with our main server [8]. Furthermore, the Raspberry Pi Camera Module enables us to capture high definition video which is used in the facial recogntion algorithms. Whilst more advanced alternatives like NVIDIA's Jetson Nano provide superior AI capabilities [9], they come at a higher cost and exceed the requirements of our project. The Raspberry Pi 5 strikes a balance between performance and affordability.

BLE Beacon

ESP32

Raspberry Pi Pico W

The ESP32 was chosen for our low-power BLE beacon due to its cost-effectiveness, and efficiency in sending out BLE signals [10]. It continuously broadcasts signals so that it can be detected by our Raspberry Pi 5, facilitating proximity detection. Whilst a Raspberry Pi Pico W for example could also serve as a BLE beacon, we opted for the ESP32 due to our prior experience with the platform, and due to it being more established within the IoT community. By integrating the ESP32 with the Raspberry Pi 5, our system achieves an optimal balance of performance and cost to detect the presence and proximity of our users.

Programming Languages, Frameworks, and Libraries

Our system consists of many distinct parts which come together to form the quantum proximity gateway. For each part, we thought about the optimal programming languages which would strike a balance between development time and performance.

Server

Python

Litestar

For our main server that manages user profiles, Python was chosen as the core language due to its simplicity and extensive library ecosystem. The Litestar framework was used to develop the API endpoints on our server. It was chosen over other renowned frameworks such as Flask or Django due to being asynchronous, highly performant, and lightweight out of the box [11]. Whilst there are more mature, tested frameworks such as Spring for Java, its verbosity and slower development cycle makes it less suitable for rapid prototyping. Moreover, Python bindings for liboqs were available and easy to use allowing us to implement post-quantum encryption without much friction.

Desktop App

Rust

Tauri

For our desktop application with the AI chatbot, we chose Rust with the Tauri framework to create the backend. Rust offers memory safety and high performance, making it ideal for a secure desktop application. Compared to the popular alternative Electron, Tauri is lightweight and more compact, reducing resource consumption [12]. It also enables direct access to native system APIs without the heavy resource consumption of bundling an entire Chromium engine, unlike Electron, which requires a full-fledged Chromium instance for rendering.

Frontend(s)

TypeScript

Next.js

Next.js is a react framework used across all of our frontends (i.e. Desktop app, Reigstration site, Report site, Raspberry Pi BLE proximity demo site) due to its popularity, and ease of use [13]. By using supported UI libraries such as Chakra UI and shadcn/ui, we were able to quickly develop impressive, robust frontends. Furthermore, TypeScript, which is the language we used with Next.js, provides a structured approach to JavaScript development, offering type safety and enhanced maintainability.

Raspberry Pi

Python

Raspberry Pi

Python was chosen to be used on our Raspberry Pi due to its simplicity, and extensive library ecosystem, including Raspberry Pi libraries. Its ease of use allowed us to focus on the overall development of our system, without being bogged down by syntax and other considerations. It is well-suited for implementing facial recognition due to support for libraries like OpenCV and Dlib. Furthermore, its support for BLE communication via bluepy, UART, and USB HID libraries, makes it an excellent choice for IoT hardware.

ESP32

C++

PlatformIO

C++ was chosen to program the ESP32 microcontroller to handle the constant BLE broadcasting, as it is highly performant, and enables low-level hardware control and efficient memory management. This is is crucial for real-time processing on constrained devices. Furthermore, C++ has a mature toolchain, and good support for the Arduino framework, and BLE libraries. Additionally, PlatformIO is used for ESP32 firmware management, streamlining development, debugging, and deployment.

Technical Decisions

Having extensively researched different technologies and methodologies, evaluating their strengths and limitations, we made the following decisions on how our Quantum Proximity Gateway should be implemented.

From our research, we concluded that a good proximity-based access control system would provide the following.

References

• [1]Yubico, "Meet the YubiKey". [Online]. Available: https://www.yubico.com/why-yubico/. [Accessed March 26, 2025].
• [2]Alps Alpine, "Our Business". [Online]. Available: https://www.alpsalpine.com/e/company/business/. [Accessed March 26, 2025].
• [3]Alps Alpine, "Alps Alpine and Broadcom Collaborate on a Secure Distance Measurement Solution based on Bluetooth® Technology", Jan. 5, 2021. [Online]. Available: https://www.alpsalpine.com/e/news/detail/2021-0105-02/. [Accessed March 26, 2025].
• [4]Wikipedia, "Bluetooth Low Energy", March 1, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Bluetooth_Low_Energy. [Accessed March 26, 2025].
• [5]Wikipedia, "Near-field communication", Feb. 4, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Near-field_communication. [Accessed March 26, 2025].
• [6]Wikipedia, "Radio-frequency identification", March 18, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Radio-frequency_identification. [Accessed March 26, 2025].
• [7]Wikipedia, "Wi-Fi positioning system", Jan. 19, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Wi-Fi_positioning_system. [Accessed March 26, 2025].
• [8]Raspberry Pi, "Buy a Raspberry Pi 5". [Online]. Available: https://www.raspberrypi.com/products/raspberry-pi-5/. [Accessed March 26, 2025].
• [9]NVIDIA, "Jetson Nano Brings the Power of Modern AI to Edge Devices". [Online]. Available: https://www.nvidia.com/en-gb/autonomous-machines/embedded-systems/jetson-nano/product-development/. [Accessed March 26, 2025].
• [10]Espressif, "ESP32 Wi-Fi & Bluetooth SoC". [Online]. Available: https://www.espressif.com/en/products/socs/esp32. [Accessed March 26, 2025].
• [11]Litestar, "Litestar". [Online]. Available: https://litestar.dev/. [Accessed March 26, 2025].
• [12]Lőrik Levente, "Tauri VS. Electron - Real world application", Aug. 22, 2022. [Online]. Available: https://www.levminer.com/blog/tauri-vs-electron. [Accessed March 26, 2025].
• [13]Vercel, "Next.js by Vercel - The React Framework". [Online]. Available: https://nextjs.org/. [Accessed March 26, 2025].