Journal of Computer Science and Technology ›› 2021, Vol. 36 ›› Issue (2): 419-433.doi: 10.1007/s11390-020-9831-8

Special Issue: Computer Networks and Distributed Computing

• Regular Paper • Previous Articles     Next Articles

A Secure IoT Firmware Update Scheme Against SCPA and DoS Attacks

Yan-Hong Fan, Mei-Qin Wang*, Yan-Bin Li, Kai Hu, and Mu-Zhou Li        

  1. School of Cyber Science and Technology, Shandong University, Qingdao 266237, China;Key Laboratory of Cryptologic Technology and Information Security(Shandong University), Ministry of Education Qingdao 266237, China
  • Received:2019-07-09 Revised:2020-02-24 Online:2021-03-05 Published:2021-04-01
  • Contact: Mei-Qin Wang E-mail:mqwang@sdu.edu.cn
  • About author:Yan-Hong Fan received her M.S. degree in detection technology and automation device from the University of Electronic Science and Technology of China, Chengdu, in 2006. She is currently pursuing her Ph.D. degree in the School of Cyber Science and Technology from Shandong University, Qingdao. Her main research focuses on the analysis of symmetric ciphers and side-channel analysis.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China under Grant Nos. 61572293, 61502276 and 61692276, the National Cryptography Development Foundation of China under Grant No. MMJJ20170102, the Major Scientific and Technological Innovation Projects of Shandong Province of China under Grant No. 2017CXGC0704, and the Natural Science Foundation of Shandong Province of China under Grant No. ZR2016FM22.

In the IEEE S&P 2017, Ronen et al. exploited side-channel power analysis (SCPA) and approximately 5 000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware. Based on the recovered key, the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things (IoT) security issues. Inspired by the work of Ronen et al., we propose an AES-CCM-based firmware update scheme against SCPA and denial of service (DoS) attacks. The proposed scheme applied in IoT terminal devices includes two aspects of design (i.e., bootloader and application layer). Firstly, in the bootloader, the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time, which can effectively counter an SCPA attack. Secondly, in the application layer, using the proposed handshake protocol, the IoT device can access the IoT server to regain update permission, which can defend against DoS attacks. Moreover, on the STM32F405+M25P40 hardware platform, we implement Philips' and the proposed modified schemes. Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps, the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.

Key words: Internet of Things; firmware update; authenticated encryption; side-channel power analysis; denial of service;

[1] Li W, Song H, Zeng F. Policy-based secure and trustworthy sensing for Internet of things in smart cities. IEEE Internet of Things Journal, 2018, 5(2):716-723. DOI:10.1109/JIOT.2017.2720635.
[2] Patton M, Gross E, Chinn R et al. Uninvited connections:A study of vulnerable devices on the internet of things (IoT). In Proc. the 2014 IEEE Joint Intelligence and Security Informatics Conference, Sept. 2014, pp.232-235. DOI:10.1109/JISIC.2014.43.
[3] Antonakakis M, April T, Bailey M et al. Understanding the Mirai Botnet. In Proc. the 26th USENIX Security Symposium, Aug. 2017, pp.1093-1110.
[4] Kim J, Chou P H. Energy-efficient progressive remote update for flash-based firmware of networked embedded systems. ACM Transactions on Design Automation of Electronic Systems, 2010, 16(1):Article No. 7. DOI:10.1145/1870109.1870116.
[5] Wurm J, Hoang K, Arias O et al. Security analysis on consumer and industrial IoT devices. In Proc. the 21st Asia and South Pacific Design Automation Conference, Jan. 2016, pp.519-524. DOI:10.1109/ASPDAC.2016.7428064.
[6] Radanliev P, De Roure D, Cannady S et al. Economic impact of IoT cyber risk-Analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance. In Proc. the 2018 Living in the Internet of Things:Cybersecurity of the IoT, Mar. 2018, Article No. 3. DOI:10.1049/cp.2018.0003.
[7] Cui A, Costello M, Stolfo S. When firmware modifications attack:A case study of embedded exploitation. In Proc. the 20th Annual Network and Distributed System Security Symposium, Feb. 2013. DOI:10.7916/D8P55NKB.
[8] Ronen E, Shamir A, Weingarten A O, O'Flynn C. IoT goes nuclear:Creating a ZigBee chain reaction. In Proc. the 2017 IEEE Symposium on Security and Privacy, May 2017, pp.195-212. DOI:10.1109/SP.2017.14.
[9] Idrees M S, Schweppe H, Roudier Y et al. Secure automotive on-board protocols:A case of over-the-air firmware updates. In Proc. the 3rd Int. Workshop. Communication Technologies for Vehicles, Mar. 2011, pp.224-238. DOI:10.1007/978-3-642-19786-420.
[10] Steger M, Karner M, Hillebrand J et al. Applicability of IEEE 802.11s for automotive wireless software updates. In Proc. the 13th International Conference on Telecommunications, Jul. 2015. DOI:10.1109/ConTEL.2015.7231190.
[11] Prada-Delgado M A, Vázquez-Reyes A, Baturone I. Trustworthy firmware update for Internet-of-Thing devices using physical unclonable functions. In Proc. the 2017 Global Internet of Things Summit, Jun. 2017. DOI:10.1109/GIOTS.2017.8016282.
[12] Choi B C, Lee S H, Na J C, Lee J H. Secure firmware validation and update for consumer devices in home networking. IEEE Transactions on Consumer Electronics, 2016, 62(1):39-44. DOI:10.1109/TCE.2016.7448561.
[13] Yohan A, Lo N W. An over-the-blockchain firmware update framework for IoT devices. In Proc. the 2018 IEEE Conference on Dependable and Secure Computing, Dec. 2018. DOI:10.1109/DESEC.2018.8625164.
[14] Lee B, Lee J H. Blockchain-based secure firmware update for embedded devices in an Internet of Things environment. The Journal of Supercomputing, 2017, 73(3):1152-1167. DOI:10.1007/s11227-016-1870-0.
[15] Asokan N, Nyman N, Rattanavipanon N et al. ASSURED:Architecture for secure software update of realistic embedded devices. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2018, 37(11):2290-2300. DOI:10.1109/TCAD.2018.2858422.
[16] O'Flynn C, Chen Z. Side channel power analysis of an AES-256 bootloader. In Proc. the 28th IEEE Canadian Conference on Electrical and Computer Engineering, May 2015, pp.750-755. DOI:10.1109/CCECE.2015.7129369.
[17] Guillen O M, De Santis F, Brederlow R, Sigl G. Towards side-channel secure firmware updates. In Proc. the 9th Int. Symp. Foundations and Practice of Security, Oct. 2016, pp.345-360.
[18] Dworkin M. Recommendation for block cipher modes of operation:The CCM mode for authentication and confidentiality. Technical Report, National Institute of Standards and Technology, 2004. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8-00-38c.pdf, Dec. 2019.
[19] IEEE. IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements-Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11, Jul. 2004.
[20] Dworkin M. Recommendation for block cipher modes of operation:Methods and techniques. Technical Report, National Institute of Standards and Technology, 2001. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf, Dec. 2019.
[21] Kocher P, Jaffe J, Jun B. Differential power analysis. In Proc. the 19th Annual Int. Cryptology Conf., Aug. 1999, pp.388-397. DOI:10.1007/3-540-48405-125.
[22] Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In Proc. the 6th International Workshop on Cryptographic Hardware and Embedded Systems, Aug. 2004, pp.16-29. DOI:10.1007/978-3-540-28632-52.
[1] Ibrahim S. Alsukayti. Quality of Service Support in RPL Networks: Standing State and Future Prospects [J]. Journal of Computer Science and Technology, 2022, 37(2): 344-368.
[2] Wen-Li Zhang, Ke Liu, Yi-Fan Shen, Ya-Zhu Lan, Hui Song, Ming-Yu Chen, Yuan-Fei Chen. Labeled Network Stack: A High-Concurrency and Low-Tail Latency Cloud Server Framework for Massive IoT Devices [J]. Journal of Computer Science and Technology, 2020, 35(1): 179-193.
[3] Ping Zhang, Hong-Gang Hu. Generalized Tweakable Even-Mansour Cipher and Its Applications [J]. Journal of Computer Science and Technology, 2018, 33(6): 1261-1277.
[4] Hong-Cheng Huang, Jie Zhang, Zu-Fan Zhang, Zhong-Yang Xiong. Interference-Limited Device-to-Device Multi-User Cooperation Scheme for Optimization of Edge Networking [J]. , 2016, 31(6): 1096-1109.
[5] Jie Wu. Collaborative Mobile Charging and Coverage [J]. , 2014, 29(4): 550-561.
[6] Hai-Long Shi, Dong Li, Jie-Fan Qiu, Chen-Da Hou, Li Cui. A Task Execution Framework for Cloud-Assisted Sensor Networks [J]. , 2014, 29(2): 216-226.
[7] Hua-Dong Ma (马华东), Member, CCF, ACM, IEEE. Internet of Things: Objectives and Scientific Challenges [J]. , 2011, 26(6): 919-924.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] Zhou Di;. A Recovery Technique for Distributed Communicating Process Systems[J]. , 1986, 1(2): 34 -43 .
[2] Chen Shihua;. On the Structure of Finite Automata of Which M Is an(Weak)Inverse with Delay τ[J]. , 1986, 1(2): 54 -59 .
[3] Li Wanxue;. Almost Optimal Dynamic 2-3 Trees[J]. , 1986, 1(2): 60 -71 .
[4] Feng Yulin;. Recursive Implementation of VLSI Circuits[J]. , 1986, 1(2): 72 -82 .
[5] Wang Xuan; Lü Zhimin; Tang Yuhai; Xiang Yang;. A High Resolution Chinese Character Generator[J]. , 1986, 1(2): 1 -14 .
[6] C.Y.Chung; H.R.Hwa;. A Chinese Information Processing System[J]. , 1986, 1(2): 15 -24 .
[7] Sun Zhongxiu; Shang Lujun;. DMODULA:A Distributed Programming Language[J]. , 1986, 1(2): 25 -31 .
[8] Gao Qingshi; Zhang Xiang; Yang Shufan; Chen Shuqing;. Vector Computer 757[J]. , 1986, 1(3): 1 -14 .
[9] Wu Enhua;. A Graphics System Distributed across a Local Area Network[J]. , 1986, 1(3): 53 -64 .
[10] Zhang Cui; Zhao Qinping; Xu Jiafu;. Kernel Language KLND[J]. , 1986, 1(3): 65 -79 .

ISSN 1000-9000(Print)

         1860-4749(Online)
CN 11-2296/TP

Home
Editorial Board
Author Guidelines
Subscription
Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
Tel.:86-10-62610746
E-mail: jcst@ict.ac.cn
 
  Copyright ©2015 JCST, All Rights Reserved