Quantum-Resistant Software Update Security on Low-Power Networked Embedded Devices

Banegas, Gustavo; Zandberg, Koen; Baccelli, Emmanuel; Herrmann, Adrian; Smith, Benjamin

doi:10.1007/978-3-031-09234-3_43

Cited by 6 publications

(4 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Research studies such as [22][23][24] focused on secure update mechanisms, including covering techniques for authentication, integrity checks and encryption, aiming to mitigate attacks coming from potential adversaries with various levels of computing power, up to quantum computing power levels. Efficiency and reliability aspects are explored, along with strategies for network load minimization and power management, aiming to optimize the OTA update process in IoT environments with limited network and battery resources [25].…”

Section: Tiny Machine Learning Operations (Tinymlops)mentioning

confidence: 99%

See 1 more Smart Citation

RIOT-ML: toolkit for over-the-air secure updates and performance evaluation of TinyML models

Huang,

Zandberg,

Schleiser

et al. 2024

Ann. Telecommun.

Self Cite

View full text Add to dashboard Cite

Practitioners in the field of TinyML lack so far a comprehensive, “batteries-included” toolkit to streamline continuous integration, continuous deployment and performance assessments of executing diverse machine learning models on various low-power IoT hardware. Addressing this gap, our paper introduces RIOT-ML, a versatile toolkit crafted to assist IoT designers and researchers in these tasks. To this end, we designed RIOT-ML based on an integration of an array of functionalities from a low-power embedded OS, a universal model transpiler and compiler, a toolkit for TinyML performance measurement, and a low-power over-the-air secure update framework—all of which usable on an open-access IoT testbed available to the community. Our open-source implementation of RIOT-ML and the initial experiments we report on showcase its utility in experimentally evaluating TinyML model performance across fleets of low-power IoT boards under test in the field, featuring a wide spectrum of heterogeneous microcontroller architectures and fleet network connectivity configurations. The existence of an open-source toolkit such as RIOT-ML is essential to expedite research combining artificial intelligence and IoT and to foster the full realization of edge computing’s potential.

show abstract

Section: Tiny Machine Learning Operations (Tinymlops)mentioning

confidence: 99%

“…Note that, as per the SUIT specification, different schemes for digital signatures, hashing and encryption can be used (performance comparisons are available in prior work such as [24]). In the below, we assume the use of Secure Hash Algorithm 256-bit (SHA256) [29] for hashing, and Ed25519 algorithm [30] for digital signatures.…”

Section: Model Update Proceduresmentioning

confidence: 99%

RIOT-ML: toolkit for over-the-air secure updates and performance evaluation of TinyML models

Huang,

Zandberg,

Schleiser

et al. 2024

Ann. Telecommun.

Self Cite

View full text Add to dashboard Cite

show abstract

“…As observed by the IETF Software Updates for Internet of Things (SUIT) group in [36], since the lifespan of IoT devices may last decades, manufacturers should start considering the use of post-quantum cryptographic primitives. There are few studies, e.g., [37,38] that analyze the feasibility and performance of quantum-resistant cryptographic primitives on IoT-class devices.…”

Section: Lightweight Cryptographymentioning

confidence: 99%

Secure Firmware Update: Challenges and Solutions

Catuogno

Galdi

2023

Cryptography

View full text Add to dashboard Cite

The pervasiveness of IoT and embedded devices allows the deployment of services that were unthinkable only few years ago. Such devices are typically small, run unattended, possibly on batteries and need to have a low cost of production. As all software systems, this type of devices need to be updated for different reasons, e.g., introducing new features, improving/correcting existing functionalities or fixing security flaws. At the same time, because of their low-complexity, standard software distribution platforms and techniques cannot be used to update the software. In this paper we review the current limitations posed to software distribution systems for embedded/IoT devices, consider challenges that the researchers in this area have been identifying and propose the corresponding solutions.

show abstract

“…The first level of crypto agility enabled by Cubedate uses flexibility provided by the SUIT standard specification: while keeping the same metadata and workflow, diverse crypto primitives backends can be used. For instance, to upgrade from pre-to post-quantum security, digital signature performed with ed25519 (elliptic curve crypto), can be swapped for hash-based signatures (LMS [20]).…”

Section: G Supporting Crypto Agilitymentioning

confidence: 99%

Cubedate: Securing Software Updates in Orbit for Low-Power Payloads Hosted on CubeSats

Molina,

Baccelli,

Zandberg

et al. 2023

2023 12th IFIP/IEEE International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN)

Self Cite

View full text Add to dashboard Cite

CubeSat design is facilitated by the increasing availability of open-source software in the domain, and a variety of low-cost hardware blueprints based on commodity microcontrollers. We attain the rock-bottom price to reach orbit as entities that design, launch and operate CubeSats started selling to multiple tenants tiny rack slots for low-power payloads that may be hosted on their CubeSat. The question arises of how to provide state-of-the-art security for software updates on a multitenant CubeSat, whereby mutual trust between tenants is limited. In this paper, we provide a case-study: ThingSat, a low-power payload we designed, is currently hosted on a CubeSat orbiting at 500km altitude operated by a separate entity. We then design Cubedate, a framework for securing continuous deployment of software to be updated on orbiting multi-tenant CubeSats. We also provide a highly portable open-source implementation of Cubedate, based on the IoT operating system RIOT, which we evaluate experimentally.

show abstract

Quantum-Resistant Software Update Security on Low-Power Networked Embedded Devices

Cited by 6 publications

References 28 publications

RIOT-ML: toolkit for over-the-air secure updates and performance evaluation of TinyML models

RIOT-ML: toolkit for over-the-air secure updates and performance evaluation of TinyML models

Secure Firmware Update: Challenges and Solutions

Cubedate: Securing Software Updates in Orbit for Low-Power Payloads Hosted on CubeSats

Contact Info

Product

Resources

About