Contact FutureLearn for Support
Skip main navigation
We use cookies to give you a better experience, if that’s ok you can close this message and carry on browsing. For more info read our cookies policy.
We use cookies to give you a better experience. Carry on browsing if you're happy with this, or read our cookies policy for more information.
Showing how a mobile phone can be used to unlock a door.
Your mobile phone can be used to unlock a door.

Case study 2: the door

Several companies, such as Danalock or Lockitron, have recently started to offer smart-locks, which can go on top of traditional locks and enable them to be opened or closed remotely, through a smartphone application.

A major strength of smart-locks is that keys can be sent and revoked from one smartphone to another, using the Internet. In practice, this means that you can easily give a key to your house, or to a particular room in your house, to a specific person at a specific time. For instance, if some friends is visiting you for a few days, you can give them access to your house, even if you are not around, and then revoke their access once they have left. Since smart-locks use Bluetooth technology, it is also possible for them to open as soon as your smartphone is within a given distance of the lock, as offered by the Noke padlock.

Security/Usability trade-off

Smart-locks can improve the security of your home by removing the need to make physical copies and distributing them, which can then be lost or stolen. A proper smart-lock will ensure that each user is granted access exactly when they need it, no less, no more. However, making these locks usable is far from trivial: how to define the right policy? And more importantly, how to ensure that the person using the smartphone is the legitimate user of that phone? For instance, if an attacker is able to remotely access your phone, are they also able to copy all your keys and access your home? Smart-locks therefore need to have a strong identification mechanism, i.e., a way to find out the identity of the user, and an even stronger authentication mechanism, i.e., a way of ensuring that this identity is the correct one.

Share this article:

This article is from the free online course:

Cyber Security: Safety at Home, Online, in Life

Newcastle University

Course highlights Get a taste of this course before you join: