Abstract
Sensors require frequent over-the-air reprogramming to patch software errors, replace code, change sensor configuration, etc. Given their limited computational capability, one of the few workable techniques to secure code update in legacy sensors would be to execute Proofs of Secure Erasure (PoSE) which ensure that the sensor’s memory is purged before sending the updated code. By doing so, the updated code can be loaded onto the sensor with the assurance that no other malicious code is being stored. Although current PoSE proposals rely on relatively simple cryptographic constructs, they still result in considerable energy and time overhead in existing legacy sensors.
In this paper, we propose a secure code update protocol which considerably reduces the overhead of existing proposals. Our proposal naturally combines PoSE with All or Nothing Transforms (AONT); we analyze the security of our scheme and evaluate its performance by means of implementation on MicaZ motes. Our prototype implementation only consumes 371 bytes of RAM in TinyOS2, and improves the time and energy overhead of existing proposals based on PoSE by almost 75 %.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In case the code size to be updated is smaller than the total writable memory of the device, the verifier pads the code with zeros until it reaches the device’s memory size.
- 2.
As shown in [22], computing an HMAC-SHA1 over 648 KB of data in a MicaZ mote requires almost 90 s.
- 3.
The maximum claimed transmission throughput of TI-CC2420 radio chip used in MicaZ motes is 250 kbps, which translates to 31250 bytes/sec. However, our experiments show that the effective throughput is around 8860 bytes/sec using TinyOS 2.0.
- 4.
For that purpose, we extended the ProgFlash interface using AVR Libc.
- 5.
In this case, the probability to detect that a prover did not delete 1,000 bits of its old code is 0.9.
References
ATmega128 Datasheet: Available from http://www.atmel.com/images/doc2467.pdf
MicaZ: Wireless Measurement System. http://www.openautomation.net/uploadsproductos/micaz_datasheet.pdf
Building a Secure System using TrustZone Technology (2009). http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD 29-GENC-009492C_trustzone_security_whitepaper.pdf
Software Guard Extensions Programming Reference (2013). https://software.intel.com/sites/default/files/329298-001.pdf
Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, SecureComm 2008, pp. 9:1–9:10. ACM, New York, NY, USA (2008)
Bauer, S., Priyantha, N.B.: Secure data deletion for linux file systems. In: Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10, SSYM 2001. USENIX Association, Berkeley, CA, USA (2001)
Boyko, V.: On the security properties of OAEP as an all-or-nothing transform. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 503–518. Springer, Heidelberg (1999)
Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 400–409. ACM, New York, NY, USA (2009)
Deng, J., Han, R., Mishra, S.: Secure code distribution in dynamically programmable wireless sensor networks. In: Proceedings of the 5th International Conference on Information Processing in Sensor Networks, IPSN 2006, pp. 292–300. ACM, New York, NY, USA (2006)
Desai, A.: The security of all-or-nothing encryption: protecting against exhaustive key search. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 359–375. Springer, Heidelberg (2000)
Dutta, P.K., Hui, J.W., Chu, D.C., Culler, D.E.: Securing the deluge network programming system. In: Proceedings of the 5th International Conference on Information Processing in Sensor Networks, IPSN 2006, pp. 326–333. ACM, New York, NY, USA (2006)
Eldefrawy, K., Francillon, A., Perito, D., Tsudik, G.: SMART: secure and minimal architecture for (establishing a dynamic) root of trust. In: NDSS 2012, 19th Annual Network and Distributed System Security Symposium, San Diego, USA, 5–8 February 2012
Jakobsson, M., Johansson, K.-A.: Practical and secure software-based attestation. In: LightSec (2011)
Jakobsson, M., Stewart, G.: Mobile malware: why the traditional AV paradigm is doomed, and how to use physics to detect undesirable routines. In: BlackHat (2013)
Juels, A., Jr., B.S.K.: PORs: proofs of retrievability for large files. In: ACM Conference on Computer and Communications Security, pp. 584–597 (2007)
Karame, G.O., Soriente, C., Lichota, K., Capkun, S.: Securing cloud data in the new attacker model. IACR Cryptology ePrint Archive 2014, p. 556 (2014)
Karlof, C., Sastry, N., Wagner, D.: Tinysec: a link layer security architecture for wireless sensor networks. In: Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems, SenSys 2004, pp. 162–175. ACM, New York, NY, USA (2004)
Koeberl, P., Schulz, S., Sadeghi, A.-R., Varadharajan, V.: Trustlite: a security architecture for tiny embedded devices. In: Proceedings of the Ninth European Conference on Computer Systems, EuroSys 2014, pp. 10:1–10:14. ACM, New York, NY, USA (2014)
Liu, A., Ning, P.: Tinyecc: a configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of the 7th International Conference on Information Processing in Sensor Networks, IPSN 2008, IEEE Computer Society, Washington, DC, USA (2008)
Martinovic, I., Pichota, P., Schmitt, J.B.: Jamming for good: a fresh approach to authentic communication in wsns. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 161–168. ACM, New York, NY, USA (2009)
Payne, W.H., Rabung, J.R., Bogyo, T.P.: Coding the lehmer pseudo-random number generator. Commun. ACM 12(2), 85–86 (1969)
Perito, D., Tsudik, G.: Secure code update for embedded devices via proofs of secure erasure. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 643–662. Springer, Heidelberg (2010)
Reardon, J., Basin, D., Capkun, S.: Sok: secure data deletion. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 301–315. IEEE Computer Society, Washington, DC, USA (2013)
Reardon, J., Ritzdorf, H., Basin, D., Capkun, S.: Secure data deletion from persistent media. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 271–284. ACM, New York, NY, USA (2013)
Rivest, R.L.: All-or-nothing encryption and the package transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997)
Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: Scuba: secure code update by attestation in sensor networks. In: Proceedings of the 5th ACM Workshop on Wireless Security, WiSe 2006, pp. 85–94. ACM, New York, NY, USA (2006)
Seshadri, A., Perrig, A., Doorn, L.V., Khosla, P.: Swatt: software-based attestation for embedded devices. In: Proceedings of the IEEE Symposium on Security and Privacy (2004)
Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 552–561. ACM, New York, NY, USA (2007)
Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008)
Shankar, U., Chew, M., Tygar, J.D.: Side effects are not sufficient to authenticate software. In: Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM 2004, pp. 7–7. USENIX Association, Berkeley, CA, USA (2004)
Stinson, D.R.: Something about all or nothing (transforms). Des. Codes Crypt. 22(2), 133–138 (2001)
Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: scalable sensor network simulation with precise timing. In: Proceedings of the 4th International Symposium on Information Processing in Sensor Networks, IPSN 2005. IEEE Press, Piscataway, NJ, USA (2005)
Ugus, O., Westhoff, D., Bohli, J.-M.: A rom-friendly secure code update mechanism for wsns using a stateful-verifier t-time signature scheme. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 29–40. ACM, New York, NY, USA (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Karame, G.O., Li, W. (2015). Secure Erasure and Code Update in Legacy Sensors. In: Conti, M., Schunter, M., Askoxylakis, I. (eds) Trust and Trustworthy Computing. Trust 2015. Lecture Notes in Computer Science(), vol 9229. Springer, Cham. https://doi.org/10.1007/978-3-319-22846-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-22846-4_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22845-7
Online ISBN: 978-3-319-22846-4
eBook Packages: Computer ScienceComputer Science (R0)