BIOMETRIC ACCESS CONTROL FOR BEAGLEBONE BLACK WITH SECURED SSH AND LOCAL WEB INTERFACE: EVENT-DRIVEN SERVICE MANAGEMENT

Authors

  • Dmytro Voznytsia National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute", Ukraine
  • Iryna Klymenko National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute", Ukraine https://orcid.org/0000-0001-5345-8806

Keywords:

biometric authentication, embedded systems, systemd socket activation, SSH

Abstract

IoT and embedded Linux devices often keep remote access enabled permanently, i.e., they remain continuously exposed to attacks. This paper proposes a different default: SSH does not exist on the network until the user passes local biometric verification. This paper substantiates an approach to reducing the attack surface. It is based on event-driven control of SSH availability with verification of behavior in idle, session, and teardown modes. The prototype is built on BeagleBone Black with an R307 fingerprint sensor and a minimal Yocto-based Linux image. A C control daemon (finite-state machine) enables sshd.socket and a temporary firewall rule only for an authorized session. The web panel with a secrets vault is bound to 127.0.0.1 and is reachable only via an SSH tunnel. Secrets are stored locally using PIN-based key derivation (PBKDF2-HMAC-SHA256) and Fernet encryption. Experiments confirm TCP/22 invisibility in idle mode, controlled access during the session, and an adequate security level for sensitive information storage.

References

M. Antonakakis, T. April, M. Bailey, et al., "Understanding the Mirai Botnet," in Proc. 26th USENIX Security Symp., 2017. [Online]. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

M. Conti, A. Dehghantanha, K. Franke, and S. Watson, "Internet of Things security and forensics: Challenges and opportunities," Future Generation Computer Systems, vol. 78, pp. 544–546, 2018. [Online]. Available: https://doi.org/10.1016/j.future.2017.07.060

S. Rose, O. Borchert, S. Mitchell, and S. Connelly, "Zero Trust Architecture," National Institute of Standards and Technology (NIST), Special Publication (SP) 800-207, 2020. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-20

Synochip, R307 Optical Fingerprint Module — User Manual and Communication Protocol, Vendor datasheet. [Online]. Available: https://www.dfrobot.com/product-1343.html

Yocto Project, "Yocto Project Documentation." [Online]. Available: https://docs.yoctoproject.org/

L. Poettering, "systemd for Developers III: Socket Activation," 2011. [Online]. Available: http://0pointer.de/blog/projects/socket-activation.html

Published

2026-05-09

Issue

2026

Section

IoT, Real Time Systems (RT)