Skip to content

AbhiGen/Hostel_Visitor_System

BranchesTags

Repository files navigation

🔐 Secure Hostel Visitor Entry & Verification System

A role-based, secure hostel visitor management system designed to demonstrate authentication, authorization, encryption, hashing, digital signatures, and encoding as per Cyber Security Lab requirements and NIST SP 800-63-2 E-Authentication guidelines.

📌 Problem Statement

Hostel visitor information is highly sensitive and vulnerable to unauthorized access and data tampering when handled manually.

This project implements a secure, application-level security model that ensures:

  • Confidentiality
  • Integrity
  • Authentication
  • Authorization
  • Non-repudiation

All security mechanisms are handled at the application layer, while Firebase is used only as a secure cloud datastore.

🎯 Key Features

  • 🔑 Single-Factor Authentication (Username + Password)
  • 🔐 Multi-Factor Authentication (OTP-based)
  • 🧾 Role-Based Access Control (ACL)
  • 🔒 AES Encryption for visitor data
  • 🔑 RSA-based secure AES key exchange
  • ✍️ Digital Signature for approval authenticity
  • 🧬 Password hashing with salt
  • 🧾 Base64 encoding for encrypted data storage
  • 🚫 Unauthorized access prevention

🧰 Tech Stack

Backend

  • Python 3
  • Flask

Database

  • Firebase Firestore
    (Used strictly for secure data storage — no auth logic in Firebase rules)

Frontend (Demo Purpose)

  • HTML
  • Minimal CSS
  • Flask render_template()

Security Libraries

  • hashlib – Password hashing with salt
  • secrets – Secure OTP & salt generation
  • cryptography – AES, RSA, Digital Signatures
  • base64 – Encoding & decoding encrypted data

🔐 System Roles (Subjects)

Role Description
Student Requests visitor entry
Security Approves or rejects visitor requests
Warden Verifies authenticity of approvals

📁 System Resources (Objects)

Resource Description
Visitor Request Student-submitted entry request
Approval Record Security approval with signature
Verification Log Warden verification record

🔄 End-to-End Workflow

  1. User registers with username, password, and role
  2. Password is salted and hashed before storage
  3. User logs in using Single-Factor Authentication
  4. OTP is generated and verified (Multi-Factor Authentication)
  5. Student submits visitor request
  6. Visitor data is encrypted using AES
  7. AES key is secured using RSA encryption
  8. Encrypted data is Base64 encoded and stored in Firebase
  9. Security approves request and digitally signs it
  10. Warden verifies the digital signature
  11. Access control prevents unauthorized actions

🔐 Access Control Model (ACL)

Role ↓ / Resource → Visitor Request Approval Record Verification Log
Student Create / View View
Security View Create
Warden View View Verify

✔ Enforced programmatically in Flask routes

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages