I recently started with a domotic project, I began creating a lock opening with a RFID, currently I'm trying improving the code (I took from MFRC522 Library Cheap RC522 rfid Reader Door Unlock Project - Project Guidance - Arduino Forum)
but I have some question about the security of this system (or any in the domotic way).
First, I know any system is 100% secure. starting from there, I was thinking, what happens if someone known that the system is built in the arduino platform and has some knowlege about it, that person can create a sketch, upload to the board and make the "opening" all the pings, he will have access to that room or thing I'm protecting. This is just a excercise, I don't want to go in depth about the external security that the board/system must have.
So, searching topics about it, I didn't find anything to help in the solution of this theoretical problem. I read some articles about the bootloader and I think, the solution can be there, I know Arduino is a openSource solution, but I think it doesn't mean insecure, so I think some kind of system who check a key before to load a sketch can help. It can have a default key, who can be used to the developing process, and other key (any) who must be verified, in the current sketch.
I'll try to explain it a little better:
Developing Mode
Bootloader [No Key] -----> can upload any sketch
Production Mode
Bootloader[check mode] -----> [Sketch with the secure key]
[Upload New sketch] -----> Bootloader[check the key in the new sketch with the key in the current sketch] (allow or block access, according as appropriate)
I don't have any knowledge about bootloader and I think this can be one of the solutions, maybe I'm wrong
I'd like to know your opinion on this topic