A Hardware-based Framework for Secure Firmware Updates on Embedded Systems

Falas, Solon; Konstantinou, Charalambos; Michael, Maria K.

doi:10.1109/vlsi-soc.2019.8920348

Cited by 13 publications

(10 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our flexible framework demonstrates the ability to be reconfigured in terms of hardware components while also giving the ability to EDs to be deployed in-field without any secure enrollment phase or hardcoded secrets within the ED's non-volatile memory. Recent work has shown that PPUFs alongside other security primitives implemented on hardware could be utilized for secure firmware delivery to in-field devices [16]. However, the approach is not end-to-end secure as it lacks the communication handshake required for two-way authentication in a truly public-key -based fashion.…”

Section: Related Work and Comparison With Proposed Approachmentioning

confidence: 99%

“…Also, the updating procedure must be initiated from the firmware vendor's side which is not considered good practice in OTA updates [2,27]. The work in [17] improves the firmware updating procedure proposed in [16] by introducing digital signatures, which allow the device to better authenticate the manufacturer. However, it still suffers from the aforementioned drawbacks.…”

Section: Related Work and Comparison With Proposed Approachmentioning

confidence: 99%

See 1 more Smart Citation

A Modular End-to-End Framework for Secure Firmware Updates on Embedded Systems

Falas

Konstantinou

Michael

2021

J. Emerg. Technol. Comput. Syst.

Self Cite

View full text Add to dashboard Cite

Firmware refers to device read-only resident code which includes microcode and macro-instruction-level routines. For Internet-of-Things (IoT) devices without an operating system, firmware includes all the necessary instructions on how such embedded systems operate and communicate. Thus, firmware updates are essential parts of device functionality. They provide the ability to patch vulnerabilities, address operational issues, and improve device reliability and performance during the lifetime of the system. This process, however, is often exploited by attackers in order to inject malicious firmware code into the embedded device. In this article, we present a framework for secure firmware updates on embedded systems. This approach is based on hardware primitives and cryptographic modules, and it can be deployed in environments where communication channels might be insecure. The implementation of the framework is flexible, as it can be adapted in regards to the IoT device’s available hardware resources and constraints. Our security analysis shows that our framework is resilient to a variety of attack vectors. The experimental setup demonstrates the feasibility of the approach. By implementing a variety of test cases on FPGA, we demonstrate the adaptability and performance of the framework. Experiments indicate that the update procedure for a 1183-kB firmware image could be achieved, in a secure manner, under 1.73 seconds.

show abstract

Section: Related Work and Comparison With Proposed Approachmentioning

confidence: 99%

Section: Related Work and Comparison With Proposed Approachmentioning

confidence: 99%

A Modular End-to-End Framework for Secure Firmware Updates on Embedded Systems

Falas

Konstantinou

Michael

2021

J. Emerg. Technol. Comput. Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Firmware updates are transmitted from the manufacturer to the embedded device through an insecure channel. The proposed approach relies on hardware as a root-of-trust to attain high security levels and is motivated towards low-end embedded devices [19]. The framework is designed in a way that user intervention and device downtime are minimized.…”

Section: Insecure Channelmentioning

confidence: 99%

Hardware-Enabled Secure Firmware Updates in Embedded Systems

Falas

Konstantinou

Michael

2020

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Firmware updates on embedded systems are essential for patching vulnerabilities and improving the functionality of devices. Despite the importance of firmware updates, manufacturers and firmware developers often consider firmware security as a secondary task. As a result, firmware often turns into an alluring target for adversaries to inject malicious code into embedded devices. In this work, we present a framework that supports secure and fast firmware update delivery with minimal downtime on embedded devices. The proposed framework makes use of cryptographic primitives implemented on hardware in addition to the device's intrinsic physical characteristics acting as digital authentication fingerprints. Our implementation ensures firmware authenticity, confidentiality, and integrity. A proof-of-concept design is emulated on FPGA demonstrating high performance, strong security guarantees, and minimal hardware overhead.

show abstract

“…can utilize for remote firmware updates. We enhance our preliminary work on leveraging hardware primitives to deliver firmware updates [9], in order to provide an end-to-end secure and modular framework, incorporating two-way authentication handshakes, strong confidentiality guarantees, and protection mechanisms against a variety of possible attacks. Our proposed methodology provides significant advantages over existing PUF-based techniques used primarily for authentication purposes:…”

Section: B Contributionsmentioning

confidence: 99%

A Modular End-to-End Framework for Secure Firmware Updates on Embedded Systems

Falas¹,

Konstantinou²,

Michael³

2020

Preprint

Self Cite

View full text Add to dashboard Cite

Firmware refers to device read-only resident code which includes microcode and macro-instruction -level routines. For Internet-of-Things (IoT) devices without an operating system, firmware includes all the necessary instructions on how such embedded systems operate and communicate. Thus, firmware updates are an essential part of device functionality. They provide the ability to patch vulnerabilities, address operational issues, and improve device reliability and performance during the lifetime of the system. This process, however, is often exploited by attackers in order to inject malicious firmware code into the embedded device. In this paper, we present a framework for secure firmware updates on embedded systems. The approach is based on hardware primitives and cryptographic modules, and it can be deployed in environments where communication channels might be insecure. The implementation of the framework is flexible as it can be adapted in regards to the IoT device's available hardware resources and constraints. Our security analysis shows that our framework is resilient to a variety of attack vectors. The experimental setup demonstrates the feasibility of the approach. By implementing a variety of test cases on FPGA, we demonstrate the adaptability and performance of the framework. Experiments indicate that the update procedure for a 1183kB firmware image could be achieved, in a secure manner, under 1.73 seconds.

show abstract

A Hardware-based Framework for Secure Firmware Updates on Embedded Systems

Cited by 13 publications

References 22 publications

A Modular End-to-End Framework for Secure Firmware Updates on Embedded Systems

A Modular End-to-End Framework for Secure Firmware Updates on Embedded Systems

Hardware-Enabled Secure Firmware Updates in Embedded Systems

A Modular End-to-End Framework for Secure Firmware Updates on Embedded Systems

Contact Info

Product

Resources

About