Abstract
With a large number of connected Internet of Things (IoT) devices deployed across the world, they have become popular targets of malicious attacks raising great security challenges. Many manufacturers are making great efforts to keep the software on these devices up-to-date to protect the security of these IoT devices. However, the software update process itself may also be manipulated by attackers, such as roll-back attack and replay message attack. Cryptography based solutions may effectively defend against such attacks. However, as many IoT devices are resource-constrained devices, they cannot afford the high resource requirements and heavy computation overhead caused by Cryptography based security solutions.
To protect secure software update for resource-constrained IoT devices, in this paper, we propose a security design and protocol for owner-controlled software updates for IoT devices through blockchain. The introduction of blockchain technology cannot only effectively secure the distribution of software updates for multiple manufacturers with high-availability, improved security, and reduced cost; but also provide a payment platform to facilitate financial transactions between IoT manufacturers and owners.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Global internet of things (IoT) market size and forecast to 2026, June 2019
Newman. IoT report: how internet of things technology growth is reaching mainstream companies and consumers, January 2019
United Nations. World population prospects 2019 data booklet, June 2019
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: mirai and other botnets. Computer 50(7), 80–84 (2017)
Newman. What we know about Friday’s massive east coast internet outage, October 2016
McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80–83 (2004)
Ronen, E., Shamir, A., Weingarten, A.-O., O’Flynn, C.: IoT goes nuclear: creating a ZigBee chain reaction. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 195–212. IEEE (2017)
Nawir, M., Amir, A., Yaakob, N., Lynn, O.B.: Internet of things (IoT): taxonomy of security attacks. In: 2016 3rd International Conference on Electronic Design (ICED), pp. 321–326. IEEE (2016)
Zhang, C., Green, R.: Communication security in internet of thing: preventive measure and avoid DDoS attack over IoT network. In: Proceedings of the 18th Symposium on Communications & Networking, pp. 8–15. Society for Computer Simulation International (2015)
Nakamoto, S., et al.: Bitcoin: a peer-to-peer electronic cash system (2008)
Bider, D., Baushke, M.: SHA-2 data integrity verification for the secure shell (SSH) transport layer protocol. Technical report (2012)
Krejčí, R., Hujňák, O., Švepeš, M.: Security survey of the IoT wireless protocols. In: 2017 25th Telecommunication Forum (TELFOR), pp. 1–4. IEEE (2017)
Pongle, P., Chavan, G.: A survey: attacks on RPL and 6LoWPAN in IoT. In: 2015 International Conference on Pervasive Computing (ICPC), pp. 1–6. IEEE (2015)
Zhang, K., Liang, X., Rongxing, L., Shen, X.: Sybil attacks and their defenses in the internet of things. IEEE Internet Things J. 1(5), 372–383 (2014)
Alsaadi, E., Tubaishat, A.: Internet of things: features, challenges, and vulnerabilities. Int. J. Adv. Comput. Sci. Inf. Technol. 4(1), 1–13 (2015)
Newman, L.H.: The botnet that broke the internet isn’t going away. Wired, December 2016
Smith. University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices, 12 February 2017
Smith. Heartbleed still affects 200,000 devices: Shodan, 12 February 2017
Lee, B., Lee, J.-H.: Blockchain-based secure firmware update for embedded devices in an internet of things environment. J. Supercomput. 73(3), 1152–1167 (2017)
Zhao, Y., Liu, Y., Yu, Y., Li, Y.: Blockchain based privacy-preserving software updates with proof-of-delivery for internet of things. arXiv preprint arXiv:1902.03712 (2019)
Leiba, O., Yitzchak, Y., Bitton, R., Nadler, A., Shabtai, A.: Incentivized delivery network of IoT software updates based on trustless proof-of-distribution. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 29–39. IEEE (2018)
Huh, S., Cho, S., Kim, S.: Managing IoT devices using blockchain platform. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), pp. 464–467. IEEE (2017)
Boudguiga, A., et al.: Towards better availability and accountability for IoT updates by means of a blockchain. In: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 50–58. IEEE (2017)
Yohan, A., Lo, N.-W., Achawapong, S.: Blockchain-based firmware update framework for internet-of-things environment. In: Proceedings of the International Conference on Information and Knowledge Engineering (IKE), pp. 151–155. The Steering Committee of The World Congress in Computer Science, Computer... (2018)
Samaniego, M., Deters, R.: Using blockchain to push software-defined IoT components onto edge hosts. In: Proceedings of the International Conference on Big Data and Advanced Wireless Technologies, p. 58. ACM (2016)
Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security and privacy: the case study of a smart home. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 618–623. IEEE (2017)
Popov, S.: The tangle. cit. on, p. 131 (2016)
Samaniego, M., Deters, R.: Blockchain as a service for IoT. In: 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 433–436. IEEE (2016)
Conner, K.R., Rumelt, R.P.: Software piracy: an analysis of protection strategies. Manag. Sci. 37(2), 125–139 (1991)
Givon, M., Mahajan, V., Muller, E.: Software piracy: estimation of lost sales and the impact on software diffusion. J. Mark. 59(1), 29–37 (1995)
Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin’s peer-to-peer network. In: 24th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2015), pp. 129–144 (2015)
Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. Commun. ACM 61(7), 95–102 (2018)
Duerst, M., Suignard, M.: RFC 3987: internationalized resource identifiers (IRIS). IETF, January 2005
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak specifications. Submission to NIST (round 2), pp. 320–337 (2009)
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)
Acknowledgment
This work was supported by the National Natural Science Foundation of China (61702342) and the Science and Technology Innovation Projects of Shenzhen, China (JCYJ20170302151321095).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Solomon, G.J., Zhang, P., Liu, Y., Brooks, R. (2019). Blockchain Based Owner-Controlled Secure Software Updates for Resource-Constrained IoT. In: Liu, J., Huang, X. (eds) Network and System Security. NSS 2019. Lecture Notes in Computer Science(), vol 11928. Springer, Cham. https://doi.org/10.1007/978-3-030-36938-5_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-36938-5_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36937-8
Online ISBN: 978-3-030-36938-5
eBook Packages: Computer ScienceComputer Science (R0)