Conference Paper

Private Blockchain Network for IoT Device Firmware Integrity Verification and Update

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

There are various possible mechanisms for updating potentially vulnerable and exploitable software and firmware on Internet connected devices. Due to their well-known benefits, delta updates have become a common way of updating software. Recently, several authors proposed the use of blockchain technology to update software and firmware. While both delta updates and blockchain technology are now used in different areas, this paper studies the feasibility of combining the two technologies for firmware updates on resource constrained IoT devices such as Wi-Fi smart plugs and sensors. The paper identifies the scenarios where delta updates may not work and proposes a private blockchain network-based IoT device firmware integrity verification and update mechanism. The proposed private blockchain mechanism for integrity verification utilizes a tamper-proof blockchain server. The proposed solution aims to enhance firmware update performance.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Different IoTs that collect data and send it to data controllers need consents for secure and transparent data handling. The authors in [11] resolved the updating problems of firmwares. The authors [11] combined private blockchain and delta updates to update firmwares and to protect IoTs. ...
... The authors in [11] resolved the updating problems of firmwares. The authors [11] combined private blockchain and delta updates to update firmwares and to protect IoTs. The work in [11] used IoTs like, WiFi sensors for simmulations of proposed framework. ...
... The authors [11] combined private blockchain and delta updates to update firmwares and to protect IoTs. The work in [11] used IoTs like, WiFi sensors for simmulations of proposed framework. ...
Preprint
Full-text available
These days, the fast Internet is leading the World towards smartness of things. Internet of Things (IoTs) are the essential components of today's smart World. However, IoTs are more vulnerable to attack than the old traditional devices due to their small security resources. Transaction of traditional devices is possible through old traditional e-business system. However, IoTs need a specific and secure transaction system. In this paper, we enhanced the performance of existing blockchain based decentralized IoT e-business model. This paper introduced IoT information platform that stores IoTs information and user's rating according to their reputations. The paper also introduced IoT's transaction monitoring system that sends mobile notifications to both sellers and buyers. The evaluation results show that our system is more secure and faster than the old IoT e-business model with affordable cost.
... In this solution, the blockchain stores metadata related to IoT devices, which provides scalability, authentication, and security. An update framework is proposed in [115], which prevents attacks and ensures authentication and repudiation to the messages sent between the firmware update service and IoT devices. A blockchain-based architecture is proposed in [41] for edge IoT devices so that they can be uniquely identified through registering physically unclonable functions (PUF) attributes at the time of manufacturing. ...
... [92] The blockchain stores metadata related to IoT devices, which provides scalability, authentication, and security. [115] Ensures authentication and repudiation to the messages sent between the firmware update service and IoT devices. [41] Edge IoT devices can be uniquely identified through registering PUF attributes at the time of manufacturing. ...
... Due to the problem faced by IoT devices in using centralized platform, a decentralized peer-to-peer based blockchain network is implemented in [114], which helps in preventing data-tampering by intruders. To update firmware and software, instead of delta updates, a private blockchain mechanism is proposed in [115], which enhances the update performance and helps in integrity verification, by utilizing a tamper-proof server. The blockchain server maintains a record of metadata, checksum, etc. ...
Preprint
Full-text available
In the era of the Internet of Things (IoT), massive computing devices surrounding us operate and interact with each other to provide several significant services in industries, medical as well as in daily life activities at home, office, education sectors, and so on. The participating devices in an IoT network usually have resource constraints and the devices are prone to different cyber attacks, leading to the loopholes in the security and authentication. As a revolutionized and innovated technology, blockchain, that is applied in cryptocurrency, market prediction, etc., uses a distributed ledger that records transactions securely and efficiently. To utilize the great potential of blockchain, both industries and academia have paid a significant attention to integrate it with the IoT, as reported by several existing literature. On the other hand, Artificial Intelligence (AI) is able to embed intelligence in a system, and thus the AI can be integrated with IoT devices in order to automatically cope with different environments according to the demands. Furthermore, both blockchain and AI can be integrated with the IoT to design an automated secure and robust IoT model, as mentioned by numerous existing works. In this survey, we present a discussion on the IoT, blockchain, and AI, along with the descriptions of several research works that apply blockchain and AI in the IoT. In this direction, we point out strengths and limitations of the related existing researches. We also discuss different open challenges to exploit the full capacities of blockchain and AI in designing an IoT-based model. Therefore, the highlighted challenging issues can open the door for the development of future IoT models which will be intelligent and secure based on the integration of blockchain and AI with the IoT.
... However, the purpose of using this indirect method was not explained and the work was not implemented nor tested. The paper in [44] proposes a solution for both complete firmware updates and delta updates using private Blockchain. Basically, in order to update, the information regarding the firmware available on the IoT device is compared against the information stored in the Blockchain server, in addition to integrity checks using hash functions. ...
Article
The IoT market has shown strong growth in recent years, where many manufacturers of IoT devices and IoT-related service providers are competing. Time to market has become essential to be competitive. The faster a competitor develops and integrates his product, the more likely he is to dominate the market. This competition could lead to critical security issues due to the lack of testing or the short development time. Moreover, lots of IoT devices present some vulnerabilities that can be exploited by attackers. They are also constantly subject to Zero-days, which require quick intervention to maintain the security of the environments in which they are deployed in. For these purposes, the quick update of the firmware image of these IoT devices is an effective way to counter most of these attacks. This document starts by defining the firmware update mechanisms for IoT, and in particular the ones done Over-The-Air. Then presents a state-of-the-art of the currently proposed solutions, with the particularity of surveying from the literature, the standardization bodies and from some well-known industrial solutions. It also proposes a new classification of the different types of System on Chip (SoC) present in the marketed IoT devices together with an analysis of the different challenges and threats related to the OTA update. The objective is to open up the horizon for future research directions. 50 Days Share link: https://authors.elsevier.com/a/1ega8928b9ChyE
... Currently, firmware update is the most common approach to fix the discovered vulnerabilities in IoT devices. However, this feature is not available in every IoT device [26]. Only a few IoT vendors support the automatic update of firmware such as Atmel, Texas, etc. ...
Article
Full-text available
The advancement in the domain of IoT accelerated the development of new communication technologies such as the Message Queuing Telemetry Transport (MQTT) protocol. Although MQTT servers/brokers are considered the main component of all MQTT-based IoT applications, their openness makes them vulnerable to potential cyber-attacks such as DoS, DDoS, or buffer overflow. As a result of this, an efficient intrusion detection system for MQTT-based applications is still a missing piece of the IoT security context. Unfortunately, existing IDSs do not provide IoT communication protocol support such as MQTT or CoAP to validate crafted or malformed packets for protecting the protocol implementation vulnerabilities of IoT devices. In this paper, we have designed and developed an MQTT parsing engine that can be integrated with network-based IDS as an initial layer for extensive checking against IoT protocol vulnerabilities and improper usage through a rigorous validation of packet fields during the packet-parsing stage. In addition, we evaluate the performance of the proposed solution across different reported vulnerabilities. The experimental results demonstrate the effectiveness of the proposed solution for detecting and preventing the exploitation of vulnerabilities on IoT protocols.
... Therefore, it may be difficult for resource-constrained device to implement. The authors of [35] proposed using Blockchain technology to update the software and firmware of the IoT devices securely. The firmware update solution focused on the resource-constrained IoT. ...
Article
Full-text available
The Internet of Things (IoT) is changing the way consumers, businesses, and governments interact with the physical and cyber worlds. More often than not, IoT devices are designed for specific functional requirements or use cases without paying too much attention to security. Consequently, attackers usually compromise IoT devices with lax security to retrieve sensitive information such as encryption keys, user passwords, and sensitive URLs. Moreover, expanding IoT use cases and the exponential growth in connected smart devices significantly widen the attack surface. Despite efforts to deal with security problems, the security of IoT devices and the privacy of the data they collect and process are still areas of concern in research. Whenever vulnerabilities are discovered, device manufacturers are expected to release patches or new firmware to fix the vulnerabilities. There is a need to prioritize firmware attacks, because they enable the most high-impact threats that go beyond what is possible with traditional attacks. In IoT, delivering and deploying new firmware securely to affected devices remains a challenge. This study aims to develop a security model that employs Blockchain and the InterPlanentary File System (IPFS) to secure firmware transmission over a low data rate, constrained Long-Range Wide Area Network (LoRaWAN). The proposed security model ensures integrity, confidentiality, availability, and authentication and focuses on resource-constrained low-powered devices. To demonstrate the utility and applicability of the proposed model, a proof of concept was implemented and evaluated using low-powered devices. The experimental results show that the proposed model is feasible for constrained and low-powered LoRaWAN devices.
... This centralized point of control is susceptible to corruption and is vulnerable to a variety of attacks [136]. Several authors have recently proposed using blockchain technology to update software and firmware [150]. Initiatives such as GUITAR and REMOWARE enable real-time network and firmware updates, which are critical for ensuring the long-term security of IoT integration with blockchain [10]. ...
Article
Full-text available
Blockchain has recently attracted significant academic attention in research fields beyond the financial industry. In the Internet of Things (IoT), blockchain can be used to create a decentralized, reliable, and secure environment. The use of blockchain in IoT applications is still in its early stages, particularly at the low end of the computing spectrum. As a result, the future roadmap is hazy, and several challenges and questions must be addressed. Several articles combining blockchain technology with IoT have recently been released, but they are limited to shallow technological potential discussions, with very few providing an in-depth examination of the complexities of implementing blockchain technology for IoT. Therefore, this paper aims to coherently and comprehensively provide current cutting-edge efforts in this direction. It provides a literature review of IoT and blockchain integration by examining current research issues and trends in the applications of blockchain-related approaches and technologies within the IoT security context. We have surveyed published articles from 2017 to 2021 on blockchain-based solutions for IoT security, taking into consideration different security areas and then, we have organized the available articles according to these areas. The surveyed articles have been chronologically organized in tables for better clarity. In this paper, we try to investigate the vital issues and challenges to the integration of IoT and blockchain, and then investigate the research efforts that have been conducted so far to overcome these challenges.
... Samip Dhakal et al. [28] proposed a network for IoT device firmware update and integrity verification based on blockchain and the concept of delta update. In their proposed network, firmware files and information about it, including the version, checksum and metadata is stored in the private blockchain. ...
Article
Full-text available
The broadly configured smart city network requires a variety of security considerations for a heterogeneous device environment. Because a network of heterogeneous devices facilitates an attacker’s intrusion through a specific device or node, a device management framework is required to manage each node comprehensively. This paper proposes a blockchain-based device management framework for efficient device management, scalable firmware update and resiliences on attacks against smart city network. This framework offers four device management and firmware update mechanisms based on the performance and requirements of each device: bidirectional mechanism of general end node and a unidirectional mechanism of the lightweight end node. This difference optimizes the resource of network and devices in terms of management and security. All management history of each device is stored in the blockchain and transmitting firmware between vendor and management node is conducted through a smart contract of blockchain for security and resilience on the attack. Through the framework proposed in this paper, the confidentiality and availability of device management on smart city network as well as integrity, auditability, adaptability and authentication for each node are ensured and the effectiveness of the proposed framework is presented through the security analysis.
Article
The terrestrial networks face the challenges of severe cost inefficiency and low feasibility to provide seamless services anytime and anywhere, especially in the extreme or hotspot areas (e.g., disaster areas, mountains, and oceans) due to limited service coverage and capacity. The integration of multi-dimensional networks consisting of space, air, and ground layers is expected to provide solutions in delivering cost-effective and ubiquitous Internet of things (IoT) services for billions of users and interconnected smart devices. Autonomous data collection, exchange, and processing across different network segments with minimal human interventions in space-air-ground IoT (SAG-IoT) can bring great convenience to consumers, however, it also suffers new attacks from intruders. Severe privacy invasion, reliability issues, and security breaches of SAG-IoT can hinder its wide deployment. The emerging blockchain holds great potentials to address the security concerns in SAG-IoT, thanks to its prominent features of decentralization, transparency, immutability, traceability, and auditability. Despite of the benefits of blockchain-empowered SAG-IoT, there exists a series of fundamental challenges in terms of efficiency and regulation due to the intrinsic characteristics of SAG-IoT (e.g., heterogeneity, time-variability, and poor interoperability) and the limitations of existing blockchain approaches (e.g., capacity and scalability). This article presents a comprehensive survey of the integration of blockchain technologies for securing SAG-IoT applications. Specifically, we first discuss the architecture, characteristics, and security threats of SAG-IoT systems. Then, we concentrate on the promising blockchain-based solutions for SAG-IoT security. Next, we discuss the critical challenges when integrating blockchain in SAG-IoT security services and review the state-of-the-art solutions. We further investigate the opportunities of blockchain in artificial intelligence and beyond 5G networks and provide open research directions for building future blockchain-empowered SAG-IoT systems.
Chapter
An increasing reliance on smart and connected devices in our homes, workplaces, and in everyday life has led to the rapid growth of the Internet-of-Things (IoT) technology. While some IoT devices communicate without the involvement of their users, their functionalities must be protected against various attacks. The firmware update process is a fundamental security challenge in the world of embedded devices. Therefore, this research work proposes and implements a secure firmware update delivery mechanism for IoT devices. To assure a secure firmware update, the process should be conducted through a trusted network. The proposed solution is therefore deployed in a blockchain network. This mechanism ensures that the firmware version of the IoT device is verified while also validating the integrity of the file itself and then downloading the latest version of the firmware update. All these tasks are performed securely through a Hyperledger blockchain network. The main objective of this solution is to mitigate attacks on the firmware update process by ensuring that IoT firmware is up to date and that it has not been modified either during the transfer process or as it is installed on the IoT device.KeywordsBlockchainTrustIoTFirmwareEmbedded devices
Conference Paper
According to Medical Statistics conducted in the USA, the number of patients who die every year from Medical errors are estimated to be around 200 to 400 thousand. The most common types of medical mistakes are (Billing errors, incorrect medication/incorrect dosage). Moving towards Electronic Health Records (EHR) instead of the paper-based system can prevent Medical errors. The (EHR) faces challenges regarding the issues of security and privacy. Utilizing blockchain can provide the proper solution to the above-stated challenges. This paper aims to introduce a new supervising strategy regarding accessing, sharing, and storing the (EHR). The proposed strategy enhances the security in a distributed network environment, through applying blockchain technology and hash table. Furthermore, it is applying a newly developed collision-resistant hash function in generating a unique ID for each patient in the EHR System. The Proposed scenario will improve the overall performance of the EHR system making it more efficient and reliable than the traditional system.
Article
Full-text available
Smart vehicles tend to choose an over-the-air (OTA) software (SW) update service. In an environment with smart vehicles, software malfunctions may have serious consequences such as accidents involving human lives and property loss. Therefore, we must ensure that the software updates in smart vehicles are completed correctly. In this study, we focused on the assurance of both data integrity and service integrity in smart vehicles to improve the OTA SW update service security. To this end, the security features of integrity in smart vehicles were identified and discussed with an emphasis on its potential impact on future vehicular applications.
Article
Full-text available
Internet-of-Things (IoT) are increasingly found in civilian and military contexts, ranging from Smart Cities to Smart Grids to Internet-of-Medical-Things to Internet-of-Vehicles to Internet-of-Military-Things to Internet-of-Battlefield-Things, etc. In this paper, we survey articles presenting IoT security solutions published in English since January 2016. We make a number of observations, include the lack of publicly available IoT datasets that can be used by the research and practitioner communities. Given the potential sensitive nature of IoT datasets, there is a need to develop a standard for the sharing of IoT datasets among the research and practitioner communities and other relevant stakeholders. We then posit the potential for blockchain technology in facilitating secure sharing of IoT datasets (e.g. using blockchain to ensure the integrity of shared datasets) and securing IoT systems, before presenting two conceptual blockchain-based approaches. We then conclude this paper with nine potential research questions.
Article
Full-text available
Figure 1 A future smart vehicle utilizing a wireless vehicle interface (WVI) to interconnect the vehicle and its vehicular bus systems to the Internet. Future smart vehicles will be part of the Internet of Things to offer beneficial development opportunities for both end users as well as the automotive industry. This will potentially expose smart vehicles to a range of security and privacy threats such as tracking or hijacking a vehicle while driving. A comprehensive security architecture for automotive systems is required to allow the development of new services while protecting the vehicles from attacks and ensuring the privacy of the end users. In this paper we argue that BlockChain (BC), a disruptive technology that has found many applications from cryptocurrency to smart contracts, is a potential solution to automotive security and privacy challenges. We propose a BC-based architecture to protect the privacy of the users and to increase the security of the vehicular ecosystem. Wireless remote software updates and other emerging services in the automotive world such as dynamic vehicle insurance fees, are used to illustrate the utilization of the proposed security architecture. We also provide discussions on the security of the architecture against important attacks.
Conference Paper
Full-text available
Decades of software engineering shows that updating deployed software is not a nice-to-have, but a must-have. Deployed software (e.g. an IP protocol stack) is never bug free, and these bugs must be patched to increase its robustness and security, and as communication standards and application logic evolve, deployed software typically needs to evolve in parallel. As the IoT emerges, the same will apply to deployed IoT software.
Article
Full-text available
Embedded devices are going to be used extremely in Internet of Things (IoT) environments. The small and tiny IoT devices will operate and communicate each other without involvement of users, while their operations must be correct and protected against various attacks. In this paper, we focus on a secure firmware update issue, which is a fundamental security challenge for the embedded devices in an IoT environment. A new firmware update scheme that utilizes a blockchain technology is proposed to securely check a firmware version, validate the correctness of firmware, and download the latest firmware for the embedded devices. In the proposed scheme, an embedded device requests its firmware update to nodes in a blockchain network and gets a response to determine whether its firmware is up-to-date or not. If not latest, the embedded device downloads the latest firmware from a peer-to-peer firmware sharing network of the nodes. Even in the case that the version of the firmware is up-to-date, its integrity, i.e., correctness of firmware, is checked. The proposed scheme guarantees that the embedded device’s firmware is up-to-date while not tampered. Attacks targeting known vulnerabilities on firmware of embedded devices are thus mitigated.
Article
Full-text available
The Internet of Things (IoT) is experiencing exponential growth in research and industry, but it still suffers from privacy and security vulnerabilities. Conventional security and privacy approaches tend to be inapplicable for IoT, mainly due to its decentralized topology and the resource-constraints of the majority of its devices. BlockChain (BC) that underpin the cryptocurrency Bitcoin have been recently used to provide security and privacy in peer-to-peer networks with similar topologies to IoT. However, BCs are computationally expensive and involve high bandwidth overhead and delays, which are not suitable for IoT devices. This position paper proposes a new secure, private, and lightweight architecture for IoT, based on BC technology that eliminates the overhead of BC while maintaining most of its security and privacy benefits. The described method is investigated on a smart home application as a representative case study for broader IoT applications. The proposed architecture is hierarchical, and consists of smart homes, an overlay network and cloud storages coordinating data transactions with BC to provide privacy and security. Our design uses different types of BC’s depending on where in the network hierarchy a transaction occurs, and uses distributed trust methods to ensure a decentralized topology. Qualitative evaluation of the architecture under common threat models highlights its effectiveness in providing security and privacy for IoT applications.
Conference Paper
In this paper, a new firmware verification scheme is presented that utilizes blockchain technologies for securing network embedded devices. In the proposed scheme, an embedded device requests a firmware verification to nodes connected in a blockchain network and gets a response whether its firmware is up-to-date or not. If not latest, the embedded device can securely download and install the latest firmware from a firmware update server. Even in the case that the version of the firmware is up-to-date, its integrity is checked via the blockchain nodes. The proposed scheme guarantees that the embedded device’s firmware is not tampered and latest. The effects of attacks targeting known vulnerabilities are thus minimized.
Conference Paper
An increase in the amount of program code used in the firmware of electronic control units (ECUs) in vehicles has led to an increase in updates after sales to resolve bugs in the program code. In this situation, automakers are beginning to introduce over-the-air firmware update technology currently used in the mobile phone industry. We developed an incremental update method based on BSDiff and demonstrated its application to resource-constrained microcontrollers in ECUs. We implemented the method using a Renesas RH850/F1L simulator and evaluated the memory usage and compression ratio. We demonstrated that the proposed method is applicable to in-vehicle ECUs.
Article
Embedded systems are more than ever present in consumer electronics devices such as home routers, personal computers, smartphones, smartcards, various sensors to name a few. Firmware, which is embedded software specifically designed for monitoring and control in resource constrained conditions, was not a major attack target. However, recent serious cyber attacks focus on firmware rather than application or operating system levels, because exploiting the firmware level offers stealth capabilities, e.g., anti-virus software and operating system cannot reveal such a firmware level exploit. A firmware validation that ensures firmware integrity is thus required to detect firmware tempering attacks. A remote firmware update is also required for consumer devices connected to the Internet. In this paper, a secure firmware validation and update scheme is introduced for consumer devices in a home networking environment. The proposed scheme utilizes an IDbased mutual authentication and key derivation to securely distribute a firmware image. A firmware fragmentation with hash chaining is also applied to guarantee authenticity of the fragmented firmware image. Security analysis results are presented while considerations are discussed.
Article
OTA software download is an enabling technology that leverages on the flexibility of radio hardware. With dynamic OTA download, mobile devices can connect to any type of wireless network, download the required radio software, and reconfigure on demand. This article covers two key system design issues: delta compression and security
A Firmware Update Architecture for Internet of Things Devices
  • Ietf Tools
  • Org
Tools.ietf.org. A Firmware Update Architecture for Internet of Things Devices, 2018.Available: https://tools.ietf.org/id/draft-moran-suitarchitecture-02.html
Distributed Trusted Update Approval
  • N Araujo
N. Araujo, "Distributed Trusted Update Approval", 2016. Available: https://www.tdcommons.org/dpubs_series/219/
Secure Code Distribution based on Blockchain
  • ortigosa
A. Ortigosa et al.,"Secure Code Distribution based on Blockchain", Distribucion de Codigo Seguro, vol. 1, no.1, Dec. 2016.
Block Chain Based IoT Device Identity Verification and Anomaly Detection
  • N K Nainar
  • C M Pignataro
  • R Asati
N.K. Nainar, C.M. Pignataro, R. Asati, "Block Chain Based IoT Device Identity Verification and Anomaly Detection" U.S. Patent Application No. 15/098,518, 2016.
Updatechain: Using Merkle Trees for Software Updates
  • H Halpin
H. Halpin, "Updatechain: Using Merkle Trees for Software Updates", 2016. Available: https://courses.csail.mit.edu/6.857/2016/files/28.pdf.
Software Updates for Wireless Connected Lighting Systems: requirements, challenges, and recommendations
  • zappaterra
L. Zappaterra, E. Dijk, "Software Updates for Wireless Connected Lighting Systems: requirements, challenges, and recommendations", Internet of Things Software Update Workshop (IoTSU), 2016.
Device and method for providing firmware update service
  • kim
J.Y. Kim, "Device and method for providing firmware update service", U.S. Patent Application No. 13/048,111, 2010.
Network Configuration Management by ManageEngine Network Configuration Manager
  • C Manageengine
ManageEngine, c. (2018). Network Configuration Management by ManageEngine Network Configuration Manager. [online]
Block Chain Based IoT Device Identity Verification and Anomaly Detection
  • nainar
A Blockchain future to Internet of Things security
  • banerje