fingerprint sensor security

Other Hardware Sensors
1

Hey at all,

I wanted to do a arduino project for my main entrance door. An arduino to add some flexibility (user management, time restrictions, etc.) combined with a fingerprint sensor was my choice.
I´m using the, I think, most popular sensor like this one from adafruit.

I played around a bit and enrolled ID´s with a Arduino Uno. Then I recognized that in the library for the fingerprint there is nothing like a security system, no encription, no serial number check and after all the ID´s are only verified on the fingerprint sensor which is available to thiefs on the door. So left wondering if there is an alternative to make the system safe by storing the ID´s on the Arduino itself or adding other security settings.

Am I right with my conclusions? Any suggestions to make the system safer? Proof of concept was for me that I used an Arduino Nano to delete ID´s and store different fingers on them as well, which could be the case for a thief to get access to a door system.

best regards

2

You mean use a sensor that generates ISO standard templates and use an off-line matching library for them?

IMO fingerprints have too high a false positive rate for security unless you match multiple fingers.

3

Also make sure you have a finger print scanner that doesn't get fooled by the printout of a fingerprint, not even when that's held to the sensor with another (living, warm) finger.

4

Indeed chose a sensor that's harder to spoof. No sensor is truly secure from spoofing as its not actually
too hard to make a fake finger surface with the right optical and electrical properties to fool the various
sensor types. It all depends what your threat model is.

Remember DOS attacks too. If someone breaks the sensor are you locked out with no other means of
unlocking?