Skip to main content
SpringerLink
Log in

A Secure IoT Firmware Update Scheme Against SCPA and DoS Attacks

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

In the IEEE S&P 2017, Ronen et al. exploited side-channel power analysis (SCPA) and approximately 5 000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware. Based on the recovered key, the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things (IoT) security issues. Inspired by the work of Ronen et al., we propose an AES-CCM-based firmware update scheme against SCPA and denial of service (DoS) attacks. The proposed scheme applied in IoT terminal devices includes two aspects of design (i.e., bootloader and application layer). Firstly, in the bootloader, the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time, which can effectively counter an SCPA attack. Secondly, in the application layer, using the proposed handshake protocol, the IoT device can access the IoT server to regain update permission, which can defend against DoS attacks. Moreover, on the STM32F405+M25P40 hardware platform, we implement Philips’ and the proposed modified schemes. Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps, the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Li W, Song H, Zeng F. Policy-based secure and trustworthy sensing for Internet of things in smart cities. IEEE Internet of Things Journal, 2018, 5(2): 716-723. https://doi.org/10.1109/JIOT.2017.2720635.

    Article  Google Scholar 

  2. Patton M, Gross E, Chinn R et al. Uninvited connections: A study of vulnerable devices on the internet of things (IoT). In Proc. the 2014 IEEE Joint Intelligence and Security Informatics Conference, Sept. 2014, pp.232-235. https://doi.org/10.1109/JISIC.2014.43.

  3. Antonakakis M, April T, Bailey M et al. Understanding the Mirai Botnet. In Proc. the 26th USENIX Security Symposium, Aug. 2017, pp.1093-1110.

  4. Kim J, Chou P H. Energy-efficient progressive remote update for flash-based firmware of networked embedded systems. ACM Transactions on Design Automation of Electronic Systems, 2010, 16(1): Article No. 7. https://doi.org/10.1145/1870109.1870116.

  5. Wurm J, Hoang K, Arias O et al. Security analysis on consumer and industrial IoT devices. In Proc. the 21st Asia and South Pacific Design Automation Conference, Jan. 2016, pp.519-524. https://doi.org/10.1109/ASPDAC.2016.7428064.

  6. Radanliev P, De Roure D, Cannady S et al. Economic impact of IoT cyber risk — Analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance. In Proc. the 2018 Living in the Internet of Things: Cybersecurity of the IoT, Mar. 2018, Article No. 3. https://doi.org/10.1049/cp.2018.0003.

  7. Cui A, Costello M, Stolfo S. When firmware modifications attack: A case study of embedded exploitation. In Proc. the 20th Annual Network and Distributed System Security Symposium, Feb. 2013. https://doi.org/10.7916/D8P55NKB.

  8. Ronen E, Shamir A, Weingarten A O, O’Flynn C. IoT goes nuclear: Creating a ZigBee chain reaction. In Proc. the 2017 IEEE Symposium on Security and Privacy, May 2017, pp.195-212. https://doi.org/10.1109/SP.2017.14.

  9. Idrees M S, Schweppe H, Roudier Y et al. Secure automotive on-board protocols: A case of over-the-air firmware updates. In Proc. the 3rd Int. Workshop. Communication Technologies for Vehicles, Mar. 2011, pp.224-238. https://doi.org/10.1007/978-3-642-19786-4_20.

  10. Steger M, Karner M, Hillebrand J et al. Applicability of IEEE 802.11s for automotive wireless software updates. In Proc. the 13th International Conference on Telecommunications, Jul. 2015. https://doi.org/10.1109/ConTEL.2015.7231190.

  11. Prada-Delgado M A, Vázquez-Reyes A, Baturone I. Trustworthy firmware update for Internet-of-Thing devices using physical unclonable functions. In Proc. the 2017 Global Internet of Things Summit, Jun. 2017. https://doi.org/10.1109/GIOTS.2017.8016282.

  12. Choi B C, Lee S H, Na J C, Lee J H. Secure firmware validation and update for consumer devices in home networking. IEEE Transactions on Consumer Electronics, 2016, 62(1): 39-44. https://doi.org/10.1109/TCE.2016.7448561.

    Article  Google Scholar 

  13. Yohan A, Lo N W. An over-the-blockchain firmware update framework for IoT devices. In Proc. the 2018 IEEE Conference on Dependable and Secure Computing, Dec. 2018. https://doi.org/10.1109/DESEC.2018.8625164.

  14. Lee B, Lee J H. Blockchain-based secure firmware update for embedded devices in an Internet of Things environment. The Journal of Supercomputing, 2017, 73(3): 1152-1167. https://doi.org/10.1007/s11227-016-1870-0.

    Article  Google Scholar 

  15. Asokan N, Nyman N, Rattanavipanon N et al. ASSURED: Architecture for secure software update of realistic embedded devices. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2018, 37(11): 2290-2300. https://doi.org/10.1109/TCAD.2018.2858422.

    Article  Google Scholar 

  16. O’Flynn C, Chen Z. Side channel power analysis of an AES-256 bootloader. In Proc. the 28th IEEE Canadian Conference on Electrical and Computer Engineering, May 2015, pp.750-755. https://doi.org/10.1109/CCECE.2015.7129369.

  17. Guillen O M, De Santis F, Brederlow R, Sigl G. Towards side-channel secure firmware updates. In Proc. the 9th Int. Symp. Foundations and Practice of Security, Oct. 2016, pp.345-360.

  18. Dworkin M. Recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality. Technical Report, National Institute of Standards and Technology, 2004. https://nvlp-ubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8-00-38c.pdf, Dec. 2019.

  19. IEEE. IEEE Standard for Information technology—Telecommunications and information exchange between systems — Local and metropolitan area networks — Specific requirements — Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11, Jul. 2004.

  20. Dworkin M. Recommendation for block cipher modes of operation: Methods and techniques. Technical Report, National Institute of Standards and Technology, 2001. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecial-publication800-38a.pdf, Dec. 2019.

  21. Kocher P, Jaffe J, Jun B. Differential power analysis. In Proc. the 19th Annual Int. Cryptology Conf., Aug. 1999, pp.388-397. https://doi.org/10.1007/3-540-48405-1_25.

  22. Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In Proc. the 6th International Workshop on Cryptographic Hardware and Embedded Systems, Aug. 2004, pp.16-29. https://doi.org/10.1007/978-3-540-28632-5_2.

Download references

Author information

Authors and Affiliations

  1. School of Cyber Science and Technology, Shandong University, Qingdao, 266237, China

    Yan-Hong Fan, Mei-Qin Wang, Yan-Bin Li, Kai Hu & Mu-Zhou Li

  2. Key Laboratory of Cryptologic Technology and Information Security (Shandong University), Ministry of Education, Qingdao, 266237, China

    Yan-Hong Fan, Mei-Qin Wang, Yan-Bin Li, Kai Hu & Mu-Zhou Li

Authors
  1. Yan-Hong Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mei-Qin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yan-Bin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kai Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mu-Zhou Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mei-Qin Wang.

Supplementary Information

ESM 1

(PDF 349 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fan, YH., Wang, MQ., Li, YB. et al. A Secure IoT Firmware Update Scheme Against SCPA and DoS Attacks. J. Comput. Sci. Technol. 36, 419–433 (2021). https://doi.org/10.1007/s11390-020-9831-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-020-9831-8

Keywords

Search

Navigation