Firmware updates are often termed as a panacea to vulnerable Internet-of-Things (IoT) networks, as firmware updates can fix the exposed bugs and prevent them from being exploited in the future. However, a secure firmware update is a challenging task as IoT devices are often employed in unattended networks. Moreover, malicious updates of firmware in any of the devices of a network, or the non-execution of an update, can create havoc. Although security mechanisms like remote attestation (RA) are quite popular to identify malicious nodes in a network, they are costly in terms of computation/memory usage and communication overhead. To overcome these issues, we propose a “Secure Hardware-enabled Protocol for Firmware Updates (SHeFU)”. The aim of the proposed protocol is two-fold: 1) we obviate the need for remote attestation, and 2) we make sure that malicious nodes are isolated from benign nodes. Assuming a restricted threat model and network constellation, SHeFU ensures secure firmware updates and prevents compromised nodes from communicating with benign nodes in a network.

Shefu: Secure hardware-enabled protocol for firmware updates

Conti M.;
2020

Abstract

Firmware updates are often termed as a panacea to vulnerable Internet-of-Things (IoT) networks, as firmware updates can fix the exposed bugs and prevent them from being exploited in the future. However, a secure firmware update is a challenging task as IoT devices are often employed in unattended networks. Moreover, malicious updates of firmware in any of the devices of a network, or the non-execution of an update, can create havoc. Although security mechanisms like remote attestation (RA) are quite popular to identify malicious nodes in a network, they are costly in terms of computation/memory usage and communication overhead. To overcome these issues, we propose a “Secure Hardware-enabled Protocol for Firmware Updates (SHeFU)”. The aim of the proposed protocol is two-fold: 1) we obviate the need for remote attestation, and 2) we make sure that malicious nodes are isolated from benign nodes. Assuming a restricted threat model and network constellation, SHeFU ensures secure firmware updates and prevents compromised nodes from communicating with benign nodes in a network.
2020
Proceedings - IEEE International Symposium on Circuits and Systems
52nd IEEE International Symposium on Circuits and Systems, ISCAS 2020
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/3506503
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 0
  • OpenAlex ND
social impact