Go Down

Topic: Making the board ( not the code) unreadable without a known set password.  (Read 215 times) previous topic - next topic

Alhassane

Hi guys,

I'm working on a fingerprint sensor lock mechanism for my home recording studio.
 
I'm worried about someone else being able to register new fingerprints / delete registered fingerprints just by plugging the arduino board to their computer since it's pretty easy to do so with the module that I intend to use  and that's actually the method I'll use whenever I want to grant/revoke access to the studio to an artist for a limited period of time.

Any ideas how I can make the board inaccessible when plugged in to a computer? For example make the IDE asks you for a simple 4 digits code before you can do anything ? Or maybe having an external device ( keypad /potentiometer set to a specific value / push button combination ???) that just prevents electric flow from the board to the computer until satisfactory conditions are met ?

(Yes, I thought about making the board simply physically inaccessible by anyone but it's not possible in my situation)

Thank you all in advance.

Grumpy_Mike

Quote
Any ideas how I can make the board inaccessible when plugged in to a computer?
No I don't think that is possible.

I used to work in access control and the maxim there ( in the access control industry ) is that once you allow physical access to the electronics all bets are off and their is nothing you can do to prevent security being breached.

Robin2

I'm worried about someone else being able to register new fingerprints / delete registered fingerprints just by plugging the arduino board to their computer since it's pretty easy to do so with the module that I intend to use  and that's actually the method I'll use whenever I want to grant/revoke access to the studio to an artist for a limited period of time.
A lot depends on the intensity of the threat that you want to deal with. If someone has the time and the knowledge and the equipment it is hard to keep something completely secure. A good quality physical lock with a real key can only be hacked with a hacksaw or a drill.

But if you just want to control casual interference then I imagine that modifying the fingerprint data requires your Arduino program to be working and therefore your Arduino code could present an ID routine (maybe just your fingerprint) before it allows access for updating the database.

That way someone would need to replace your code with a completely different program to get around the access restriction.

I presume that the system to which the Arduino allows access is able to verify that the program on the Arduino is actually your program and not some interloper.

...R
Two or three hours spent thinking and reading documentation solves most programming problems.

dave-in-nj

If your arduino iis unaccessable then people cannot gain physical contact.

The chip itself is not secure so if someone has physical access they can download your ccompiled Sketch. Then reverse engineer.

If they have to open the door to get access  then you are half way  there.

How skilled are your would be intruders?



Grumpy_Mike

Quote
How skilled are your would be intruders?
Recording studio = musicians = not very but occasionally very

tasmod

Can you access the usb socket track on the module board? 

If you can, then how about cutting the data line and taking it to a mini jack socket and back again. 

Then make up a mini plug loop to plug in when you need to access it. Probably fool most users as they consider it as a power or audio socket.

Or use a reed switch in the case doing the same. Then offer a small magnet to activate the reed switch.

Paul_KD7HB

I have no clue where you live, but in many jurisdictions, all security systems must have provisions to allow emergency services(fire, medical, etc) access.

Paul

DVDdoug

Commercial systems usually allow you issue and revoke temporary access codes (or badges or fingerprints).  But that's done on the central/master control computer, not on the keypad or badge/fingerprint reader itself.



Go Up