Configuring SDA on Android/Ubuntu

First, some quick terminology:

  • Presence - The simple presence of the phone is enough to satisfy the authentication request.
  • Intent - The user will be prompted with yes/no prompt to satisfy the authentication request.
  • Identification - The user will be prompted with a yes/not prompt and a password will be required to satisfy the authentication request.

Configuring your Ubuntu machine

Open sda-gui, select your platform (i.e., Linux), your username, enable pairing, and name your machine. You can also add a custom image that will show up when pairing and connecting to your computer.
Configure the USB tab if you would SDA to be able to communicate over the USB interface (i.e., use a USB connected phone instead of your password). You can also configure different assurances for specific commands over this interface. (Note: the USB interface will always take precedence when multiple interfaces are connected at once).
Bluetooth is the most robust interface for SDA. It can be configured to both automatically connect to devices and listen for devices to connect. Any device that successfully pairs will be automatically added to the auto-connect list.
Additionally, interactions over this interface can be bound by distance using the Bluetooth received signal strength indicator (RSSI). To observe the RSSI of a connected devices simply right click on the SDA tray icon.
To pair a new device, you can either put your phone in discoverable mode and search for it from the Bluetooth interface (see below), use the USB interface, or use the App on the phone to search for the computer (see Configuring Android App).

When prompted, confirm the name of the device, and select Yes
Both interfaces let you configure specific applications to require different assurances. We have a few defaults in there for your convenience, but recommend that you set these to whatever makes you the most comfortable.

For example, the sudo command is configured to only required presence by default (i.e., it will not prompt you). Every command not listed with prompt the user by default. For high-security commands, you can place them in the identification section, which will require a prompt and the PIN that was configured on the phone.
Select Save and close the configuration window.

Configuring the Android Application

First, you must provide your device with a name, which is displayed to other entities; a PIN, which is used to identify you; and a trusted background image, which will always be displayed as the background to ensure that other Apps cannot pretend to be SDA. To continue, select Done.
This step is only required once.
Connect to an SDA-enabled device using Bluetooth or USB (e.g., sda-seclab).
Since this is your first time connecting, you will be prompted to pair with the entity.

When prompted to pair with the device, select .

If you are pairing with a computer, ensure that sda-gui is running to accept the prompt.
If you are pairing with a door, enter your pairing code when prompted.

You will know if the pairing was successful if you see a toast message indicating: SDA Session Successful!
To keep an entity in the list quick access (e.g., a door that you open frequently), you can pin it to the screen by long-pressing the selection and tapping: Add to favorites.
When prompted to pair with the device, select .

Pairing with a Door

If you were given access to one of the SDA-enabled doors, you will have received an e-mail with a five character pairing code (e.g., abc12).

The first time you connect with this door, after selecting the in the pairing dialog, you will be prompted for your code.

Once paired, you will be able to unlock the door by selecting it from the list of devices (e.g., your favorites), or tapping the NFC tag outside of the room.
Note: As we are experimenting with the most secure/usable solution, these interactions may change.


For the more advanced users, you can debug SDA by checking the log files:
# Delegate (e.g., Bluetooth)
tail -f /opt/sda/log/sda_delegate.log

# TEE (e.g., pairing)
tail -f /opt/sda/log/sda_tee.log

# Android App
adb logcat | grep net.allthenticate.sda