nach oben

International Journal of Information Security

Erschienen in:

09.09.2019 | Special Issue Paper

FOTB: a secure blockchain-based firmware update framework for IoT environment

verfasst von: Alexander Yohan, Nai-Wei Lo

Erschienen in: International Journal of Information Security | Ausgabe 3/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recently, numerous exploitations and attacks in IoT environment occurred all over the world. One of the major attacking channels is utilizing the firmware of IoT devices as the access interface to compromise the targeted IoT devices. Therefore, it is important for IoT device manufacturers to support secure and efficient firmware update functionality for sold or deployed IoT devices. In this paper, a secure and verifiable blockchain-based firmware update framework for IoT environment is proposed. The aims of the proposed framework are providing secure peer-to-peer verification mechanism on each new version of firmware released by corresponding device manufacturer and providing a reliable way to distribute the updated firmware to IoT devices in timely manner. Furthermore, the utilization of blockchain technology in the proposed framework ensures the integrity of firmware during its distribution through Internet. The proposed firmware update framework consists of four processes: creation of firmware update contract, creation of third-party firmware update contract, PUSH update mechanism and PULL update mechanism. Six corresponding protocols are derived to support the four processes. The evaluation on performance and security strength of the proposed firmware update framework is conducted. Based on the proofs of formal security analysis, the proposed framework supports mutual authentication and defends against major cyber attacks: firmware modification attack, impersonation attack, man-in-the-middle attack and replay attack.

Vorheriger Artikel Secure hierarchical Bitcoin wallet scheme against privilege escalation attacks

Nächster Artikel Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Van der Meulen, R.: Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. Gartner, Inc. https://www.gartner.com/newsroom/id/3598917 (2017). Accessed 15 Feb 2017

Khan, M.A., Salah, K.: IoT security: review, blockchain solutions and open challenges. Future Gener. Comput. Syst. 82, 395–411 (2018). https://doi.org/10.1016/j.future.2017.11.022 CrossRef

Miessler, D., Smith, C.: OWASP Internet of Things Project—OWASP. https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project (2018). Accessed 10 Apr2018

Cui, A., Costello, M., Stolfo, S.J.: When firmware modifications attack: a case study of embedded exploitation. In: 20th Annual Network Distributed System Security Symposium. http://ids.cs.columbia.edu/sites/default/files/ndss-2013.pdf (2013)

Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the Internet of Things. IEEE Access 4, 2292–2303 (2016). https://doi.org/10.1109/ACCESS.2016.2566339 CrossRef

Kshetri, N.: Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommun. Policy 41, 1027–1038 (2017). https://doi.org/10.1016/j.telpol.2017.09.003 CrossRef

Ethereum: Introduction to Smart Contracts. http://solidity.readthedocs.io/en/latest/introduction-to-smart-contracts.html (2016). Accessed 10 Apr 2018

Yohan, A., Lo, N.W.: An Over-the-blockchain firmware update framework for IoT devices. In: 2018 IEEE Conference on Dependable and Secure Computing (DSC), pp. 1–8 (2018). https://doi.org/10.1109/DESEC.2018.8625164

Prada-Delgado, M.A., Vazquez-Reyes, A., Baturone, I.: Trustworthy firmware update for Internet-of-Thing devices using physical unclonable functions. In: 2017 Global Internet of Things Summit (GIoTS), pp. 1–5 (2017). https://doi.org/10.1109/GIOTS.2017.8016282

10.

Choi, B., Lee, S., Na, J., Lee, J.: Secure firmware validation and update for consumer devices in home networking. IEEE Trans. Consum. Electron. 62(1), 39–44 (2016). https://doi.org/10.1109/TCE.2016.7448561 CrossRef

11.

Mayama, K., Tanaka, M., ando, Y., Yoshimi, T., Mizukawa, M.: Design of firmware update system of RT-middleware for embedded system. In: Proceedings of SICE Annual Conference 2010, pp. 2818–2822 (2010)

12.

Jain, N., Mali, S.G., Kulkarni, S.: Infield firmware update: challenges and solutions. In: 2016 International Conference on Communication and Signal Processing (ICCSP), pp. 1232–1236 (2016). https://doi.org/10.1109/ICCSP.2016.7754349

13.

Chandra, H., Anggadjaja, E., Wijaya, P.S., Gunawan, E.: Internet of Things: over-the-air (OTA) firmware update in lightweight mesh network protocol for smart urban development. In: 2016 22nd Asia-Pacific Conference on Communications (APCC), pp. 115–118 (2016). https://doi.org/10.1109/APCC.2016.7581459

14.

Jurkovic, G., Sruk, V.: Remote firmware update for constrained embedded systems. In: 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1019–1023 (2014). https://doi.org/10.1109/MIPRO.2014.6859718

15.

Odat, H.A., Ganesan, S.: Firmware over the air for automotive, fotamotive. In: IEEE International Conference on Electro/Information Technology, pp. 130–139 (2014). https://doi.org/10.1109/EIT.2014.6871751

16.

Katzir, L., Schwartzman, I.: Secure firmware updates for smart grid devices. In: 2011 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies, pp. 1–5 (2011). https://doi.org/10.1109/ISGTEurope.2011.6162728

17.

Doddapaneni, K., Lakkundi, R., Rao, S., Kulkarni, S.G., Bhat, B.: Secure FoTA object for IoT. In: 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops), pp. 154–159 (2017). https://doi.org/10.1109/LCN.Workshops.2017.78

18.

Lee, B., Malik, S., Wi, S., Lee, J.H.: Firmware verification of embedded devices based on a blockchain. In: Lee, J.H., Pack, S. (eds.) Quality, Reliability, Security and Robustness in Heterogeneous Networks QShine 2016, pp. 52–61. Springer, Cham (2017)CrossRef

19.

Lee, B., Lee, J.H.: Blockchain-based secure firmware update for embedded devices in an Internet of Things environment. J. Supercomput. 73, 1152–1167 (2017). https://doi.org/10.1007/s11227-016-1870-0 CrossRef

20.

Boudguiga, A., Bouzerna, N., Granboulan, L., Olivereau, A., Quesnel, F., Roger, A., Sirdey, R.: Towards better availability and accountability for IoT updates by means of a blockchain. In: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 50–58 (2017). https://doi.org/10.1109/EuroSPW.2017.50

21.

Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, New York (2004). https://doi.org/10.1007/b97644

22.

Santoso, L.P.: Secure and Trusted Firmware Update Framework for IoT Environment (Master Thesis). National Taiwan University of Science and Technology (2019)

23.

Dedis Group: Skipchain Implementation. https://github.com/dedis/cothority/tree/master/skipchain (2018). Accessed 21 Jan 2019

24.

Ford, B.: How Do You Know It’s On the Blockchain? With a SkipChain. http://bford.info/2017/08/01/skipchain/ (2018). Accessed 21 Jan 2019

25.

Brown, D.R.L.: SEC 1: Elliptic Curve Cryptography. http://www.secg.org/sec1-v2.pdf (2009). Accessed 15 Feb 2017

26.

Gupta, V., Gupta, S., Shantz, S.: Performance Analysis of Elliptic Curve Cryptography for SSL (2002). https://doi.org/10.1145/570681.570691

27.

Boneh, D., Lipton, R.J.: Algorithms for Black-Box Fields and their Application to Cryptography, pp. 283–297. Springer, Berlin (1996). https://doi.org/10.1007/3-540-68697-5_22

28.

Shoup, V.: Lower Bounds for Discrete Logarithms and Related Problems, Springer, Berlin, pp. 256–266 (1997). https://doi.org/10.1007/3-540-69053-0_18

Titel: FOTB: a secure blockchain-based firmware update framework for IoT environment
verfasst von: Alexander Yohan
Nai-Wei Lo
Publikationsdatum: 09.09.2019
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 3/2020
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-019-00467-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2020

Chaintegrity: blockchain-enabled large-scale e-voting system with robustness and universal verifiability

An improved FOO voting scheme using blockchain

Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain

Lockmix: a secure and privacy-preserving mix service for Bitcoin anonymity

On the insecurity of quantum Bitcoin mining

Secure hierarchical Bitcoin wallet scheme against privilege escalation attacks