Security of Arduino in Domotic

Post here about your Arduino projects, get help - for Adafruit customers!

Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.
Locked
User avatar
gepd
 
Posts: 2
Joined: Fri Sep 12, 2014 11:10 pm

Security of Arduino in Domotic

Post by gepd »

I recently started with a domotic project, I began creating a lock opening with a RFID(nothing too dificult), currently I'm trying improving the code (I took from http://forum.arduino.cc/index.php?topic=256260)

but I have some question about the security of this system (or in any the domotic project).

First, I know any system is 100% secure. starting from there, I was thinking, what happens if someone known that the system is built in the arduino platform and has some knowlege about it, that person can create a sketch, upload to the board and make "opening" all the pings, they will have access to that room or the thing I'm protecting. This is just a excercise, I don't want to go in depth about the external security that the board/system must have.

So, searching topics about it, I didn't find anything to help in the solution of this theoretical problem. I read some articles about the bootloader and I think, the solution can be there, I think some kind of system who check a key before to load a sketch can help. It can have a default key, who can be used to the developing process, and other key (any) who must be verified, in the current sketch.

I'll try to explain it a little better:

Developing Mode
Bootloader [No Key] -----> can upload any sketch

Production Mode
Bootloader[check mode] -----> [Sketch with the secure key]
[Upload New sketch] -----> Bootloader[check the key in the new sketch with the key in the current sketch] (allow or block access, according as appropriate)

I don't have any knowledge about bootloader and I think this can be one of the solutions, maybe I'm wrong

I'd like to know your opinion on this topic

User avatar
Franklin97355
 
Posts: 23911
Joined: Mon Apr 21, 2008 2:33 pm

Re: Security of Arduino in Domotic

Post by Franklin97355 »

First, nothing is secure if you can get to the hardware.
Second nothing is secure if you can get to the console.
That being said there are ways to secure your lock and RFID is one method. A saying goes like security consists of two things, something you have and something you know.

User avatar
gepd
 
Posts: 2
Joined: Fri Sep 12, 2014 11:10 pm

Re: Security of Arduino in Domotic

Post by gepd »

thanks franklin97355,

I'll leave a link with the same question but with others answers, it can be useful for someone who has the same doubts than me

https://arduino.stackexchange.com/quest ... ic-project

Locked
Please be positive and constructive with your questions and comments.

Return to “Arduino”