Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Leiba, Oded; Yitzchak, Yechiav; Bitton, Ron; Nadler, Asaf; Shabtai, Asaf

doi:10.1109/eurospw.2018.00011

Cited by 37 publications

(31 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This allows our implementation to insert an app's information such as the app ID and app name (lines 6-8), and obtain an app's events (line 10), actions, numerical-valued attributes, and predicates that guard actions (line 15 and 20). The information is transmitted to IOTGUARD's data collector (line 16 and 24) through a JSON object with additional information obtained from the app's state, event, and device object instances (lines [29][30][31][32][33][34][35][36][37][38][39][40]. The event object in SmartThings allows accessing the event properties [15]; for example, the event type is obtained through evt.value (line 34).…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

Celik

Tan

McDaniel

2019

Proceedings 2019 Network and Distributed System Security Symposium

186

140

View full text Add to dashboard Cite

Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has changed the way we live, play, and work. To date, the traditional approach to securing IoT has treated devices individually. However, in practice, it has been recently shown that the interactions among devices are often the real cause of safety and security violations. In this paper, we present IOTGUARD, a dynamic, policy-based enforcement system for IoT, which protects users from unsafe and insecure device states by monitoring the behavior of IoT and triggeraction platform apps. IOTGUARD operates in three phases: (a) implementation of a code instrumentor that adds extra logic to an app's source code to collect app's information at runtime, (b) storing the apps' information in a dynamic model that represents the runtime execution behavior of apps, and (c) identifying IoT safety and security policies, and enforcing relevant policies on the dynamic model of individual apps or sets of interacting apps. We demonstrate IOTGUARD on 20 flawed apps and find that IOTGUARD correctly enforces 12 of the 12 policy violations. In addition, we evaluate IOTGUARD on 35 SmartThings IoT and 30 IFTTT trigger-action platform market apps executed in a simulated smart home. IOTGUARD enforces 11 unique policies and blocks 16 states in six (17.1%) SmartThings and five (16.6%) IFTTT apps. IOTGUARD imposes only 17.3% runtime overhead on an app and 19.8% for five interacting apps. Through this effort, we introduce a rigorously grounded system for enforcing correct operation of IoT devices through systematically identified IoT policies, demonstrating the effectiveness and value of monitoring IoT apps with tools such as IOTGUARD.

show abstract

Section: Methodsmentioning

confidence: 99%

“…Most attempts to date in IoT security and privacy aim to improve perimeter defenses that harden the IoT infrastructure against attacks using firewalls [30], intrusion detection [54], access control policies [22], and software patches [32]. Yet, perimeter security measures do not enforce safe behavior of physical processes in IoT systems.…”

Section: Introductionmentioning

confidence: 99%

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

Celik

Tan

McDaniel

2019

Proceedings 2019 Network and Distributed System Security Symposium

186

140

View full text Add to dashboard Cite

show abstract

“…In the literature, the security of firmware update has been discussed in several contexts, including wireless sensor network [17], [18], IoT [19], [20], vehicular network [21], etc. The existing works can be classified either as centralized (client-server model) or decentralized.…”

Section: Related Workmentioning

confidence: 99%

“…In [20], the authors proposed software update framework for Internet of Things (IoT) devices. The framework allows other parties to deliver the updates in return for digital currency paid by the vendor.…”

Section: Related Workmentioning

confidence: 99%

Blockchain-based Firmware Update Scheme Tailored for Autonomous Vehicles

Baza

Nabil

Lasla

et al. 2019

2019 IEEE Wireless Communications and Networking Conference (WCNC)

View full text Add to dashboard Cite

Recently, Autonomous Vehicles (AVs) have gained extensive attention from both academia and industry. AVs are a complex system composed of many subsystems, making them a typical target for attackers. Therefore, the firmware of the different subsystems needs to be updated to the latest version by the manufacturer to fix bugs and introduce new features, e.g., using security patches. In this paper, we propose a distributed firmware update scheme for the AVs' subsystems, leveraging blockchain and smart contract technology. A consortium blockchain made of different AVs manufacturers is used to ensure the authenticity and integrity of firmware updates. Instead of depending on centralized third parties to distribute the new updates, we enable AVs, namely distributors, to participate in the distribution process and we take advantage of their mobility to guarantee high availability and fast delivery of the updates. To incentivize AVs to distribute the updates, a reward system is established that maintains a credit reputation for each distributor account in the blockchain. A zero-knowledge proof protocol is used to exchange the update in return for a proof of distribution in a trustless environment. Moreover, we use attribute-based encryption (ABE) scheme to ensure that only authorized AVs will be able to download and use a new update. Our analysis indicates that the additional cryptography primitives and exchanged transactions do not affect the operation of the AVs network. Also, our security analysis demonstrates that our scheme is efficient and secure against different attacks.

show abstract

“…They used smart contract and the consensus mechanism of blockchain to preserve the integrity of updates. Recently, Leiba et al [25] proposed decentralized incentivized delivery network for IoT software updates. The participating nodes of delivery network deliver update to IoT devices and the nodes can get the financial incentive from the vendors.…”

Section: Introductionmentioning

confidence: 99%

Blockchain based privacy-preserving software updates with proof-of-delivery for Internet of Things

Zhao

Liu²,

Tian

et al. 2019

Journal of Parallel and Distributed Computing

View full text Add to dashboard Cite

A large number of IoT devices are connected via the Internet. However, most of these IoT devices are generally not perfect-by-design even have security weaknesses or vulnerabilities. Thus, it is essential to update these IoT devices securely, patching their vulnerabilities and protecting the safety of the involved users. Existing studies deliver secure and reliable updates based on blockchain network which serves as the transmission network. However, these approaches could compromise users privacy when updating the IoT devices.In this paper, we propose a new blockchain based privacy-preserving software updates protocol, which delivers secure and reliable updates with an incentive mechanism, as well protects the privacy of involved users. The vendor delivers the updates and it makes a commitment by using a smart contract to provide financial incentive to the transmission nodes who deliver the updates to the IoT devices. A transmission node gets financial incentive by providing a proof-ofdelivery. The transmission node uses double authentication preventing signature (DAPS) to carry out the fair exchange to obtain the proof-of-delivery. Specifically, the transmission node exchanges an attribute-based signature from a IoT device by using DAPS. Then, it uses the attribute-based signature as a proof-ofdelivery to receive financial incentives. Generally, the IoT device has to execute complex computation for an attribute-based signature (ABS). It is intolerable for resource limited devices. We propose a concrete outsourced attribute-based signature (OABS) scheme to resist the weakness. Then, we prove the security of the proposed OABS and the protocol as well. Finally, we implement smart contract in Solidity to demonstrate the validity of the proposed protocol.

show abstract

Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Cited by 37 publications

References 24 publications

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

Blockchain-based Firmware Update Scheme Tailored for Autonomous Vehicles

Blockchain based privacy-preserving software updates with proof-of-delivery for Internet of Things

Contact Info

Product

Resources

About