Secure Code Updates for Mesh Networked Commodity Low-End Embedded Devices

@inproceedings{Kohnhuser2016SecureCU,
  title={Secure Code Updates for Mesh Networked Commodity Low-End Embedded Devices},
  author={Florian Kohnh{\"a}user and Stefan Katzenbeisser},
  booktitle={ESORICS},
  year={2016}
}
Mesh networked low-end embedded devices are increasingly used in various scenarios, including industrial control, wireless sensing, robot swarm communication, or building automation. [] Key Result Furthermore, we show that the scheme is practically usable in networks with tens of thousands of devices.
Secure Code Updates for Smart Embedded Devices based on PUFs
TLDR
This work proposes to use intrinsic device characteristics (i.e., Physically Unclonable Functions or PUF) to design a practical and lightweight secure code update scheme that can not only ensure the freshness, integrity, confidentiality and authenticity of code update, but also verify that the update is installed correctly on a specific device without any malicious software.
Scalable Attestation Resilient to Physical Attacks for Embedded Devices in Mesh Networks
TLDR
This paper presents the first scalable attestation protocol for interconnected embedded devices that is resilient to physical attacks, and reduces ommunication complexity and runtimes by orders of magnitude, precisely identifies compromised devices, supports highly dynamic and partitioned network topologies, and is robust against failures.
Securing Over-the-Air Code Updates in Wireless Sensor Networks
TLDR
The chapter presents an overview of various OTA code update techniques for WSNs and their security flaws along with some existing attacks and possible countermeasures, and discusses which attacks can be used more easily with the code update functionality.
SCAPI: a scalable attestation protocol to detect software and physical attacks
TLDR
This paper presents the first scalable attestation protocol that detects physical attacks, based on the assumption that physical attacks require an adversary to capture and disable devices for a noticeable amount of time, and reduces communication complexity and runtimes by orders of magnitude and precisely identifies compromised devices.
Verify&Revive: Secure Detection and Recovery of Compromised Low-end Embedded Devices
TLDR
Verify&Revive is proposed, the first reliable pure-software approach to remote attestation with recovery techniques, targeting the low-end range of IoT devices, showing very low overhead in terms of a memory footprint, performance, and battery lifetime.
Boot Attestation: Secure Remote Reporting with Off-The-Shelf IoT Sensors
TLDR
This work proposes a novel remote attestation scheme, named Boot Attestation, that is particularly optimized for low-cost and resource-constrained embedded devices, and is very light on cryptographic requirements and storage, allowing efficient implementations, even on the most low-end IoT platforms available today.
SecuCode: Intrinsic PUF Entangled Secure Wireless Code Dissemination for Computational RFID Devices
TLDR
This work presents, for the first time, a secure wireless code dissemination (SecuCode) mechanism for CRFIDs by entangling a device intrinsic hardware security primitive—Static Random Access Memory Physical Unclonable Function (SRAM PUF)—to a firmware update protocol.
RIPTE: Runtime Integrity Protection Based on Trusted Execution for IoT Device
TLDR
This paper proposes a novel and practical scheme for software trusted execution based on lightweight trust RIPTE, which combines dynamic measurement and control flow integrity with PUF device binding key and is secure and efficient in IoT device protection at runtime.
Dominance as a New Trusted Computing Primitive for the Internet of Things
TLDR
Cider is presented, a system that can recover IoT devices within a short amount of time, even if attackers have taken root control of every device in a large deployment.
...
1
2
...

References

SHOWING 1-10 OF 37 REFERENCES
Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base
TLDR
Sancus supports extensibility in the form of remote (even third-party) software installation on devices while maintaining strong security guarantees, and can remotely attest to a software provider that a specific software module is running uncompromised.
TrustLite: a security architecture for tiny embedded devices
TLDR
This work describes mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks, and presents the TrustLite security architecture for flexible, hardware-enforced isolation of software modules.
Secure Code Update for Embedded Devices via Proofs of Secure Erasure
TLDR
This paper considers several flavors of PoSE-based protocols and demonstrates their feasibility in the context of existing commodity embedded devices, and takes advantage of the bounded memory/storage model of low-cost embedded devices and assumes a small amount of read-only memory (ROM).
SDRP: A Secure and Distributed Reprogramming Protocol for Wireless Sensor Networks
TLDR
A secure and distributed reprogramming protocol named SDRP is developed, which is the first work of its kind and uses identity-based cryptography to secure the reprograming and to reduce the communication and storage requirements of each node.
SEDA: Scalable Embedded Device Attestation
TLDR
This work presents SEDA, the first attestation scheme for device swarms, and introduces a formal security model for swarm attestation and shows security of the approach in this model.
SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust
TLDR
A new primitive based on hardware-software co-design SMART, a simple, efficient and secure approach for establishing a dynamic root of trust in a remote embedded device that focuses on low-end microcontroller units (MCU) that lack specialized memory management or protection features.
SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust
TLDR
A new primitive based on hardware-software co-design SMART, a simple, efficient and secure approach for establishing a dynamic root of trust in a remote embedded device that focuses on low-end micro-controller units (MCU) that lack specialized memory management or protection features.
Systematic Treatment of Remote Attestation
TLDR
This paper provides a systematic treatment of Remote Attestation, starting with a precise definition of the desired service and proceeding to its systematic deconstruction into necessary and sufficient properties, which are mapped into a minimal collection of hardware and software components that results in secure remote Attestation.
A ROM-friendly secure code update mechanism for WSNs using a stateful-verifier τ-time signature scheme
TLDR
A stateful-verifier T- time signature scheme based on Merkle's one-time signature is proposed for securing existing code image update protocols for WSNs minimizing ROM overhead to 1% on TelosB motes.
Secure Erasure and Code Update in Legacy Sensors
TLDR
Proofs of Secure Erasure is executed to ensure that the sensor’s memory is purged before sending the updated code, ensuring that no other malicious code is being stored.
...
1
2
3
4
...