A Modular End-to-End Framework for Secure Firmware Updates on Embedded Systems

Firmware refers to device read-only resident code which includes microcode and macro-instruction-level routines. For Internet-of-Things (IoT) devices without an operating system, firmware includes all the necessary instructions on how such embedded systems operate and communicate. Thus, firmware updates are essential parts of device functionality. They provide the ability to patch vulnerabilities, address operational issues, and improve device reliability and performance during the lifetime of the system. This process, however, is often exploited by attackers in order to inject malicious firmware code into the embedded device. In this article, we present a framework for secure firmware updates on embedded systems. This approach is based on hardware primitives and cryptographic modules, and it can be deployed in environments where communication channels might be insecure. The implementation of the framework is flexible, as it can be adapted in regards to the IoT device’s available hardware resources and constraints. Our security analysis shows that our framework is resilient to a variety of attack vectors. The experimental setup demonstrates the feasibility of the approach. By implementing a variety of test cases on FPGA, we demonstrate the adaptability and performance of the framework. Experiments indicate that the update procedure for a 1183-kB firmware image could be achieved, in a secure manner, under 1.73 seconds.

Download Full-text

Robustness and Unpredictability for Double Arbiter PUFs on Silicon Data: Performance Evaluation and Modeling Accuracy

Electronics ◽

10.3390/electronics9050870 ◽

2020 ◽

Vol 9 (5) ◽

pp. 870 ◽

Cited By ~ 1

Author(s):

Meznah A. Alamro ◽

Khalid T. Mursi ◽

Yu Zhuang ◽

Ahmad O. Aseeri ◽

Mohammed Saeed Alkatheiri

Keyword(s):

Performance Evaluation ◽

Integrated Circuits ◽

Security Analysis ◽

Limited Resource ◽

Security Issues ◽

Non Volatile Memory ◽

Secret Keys ◽

Iot Devices ◽

And Performance ◽

Secure Authentication

Classical cryptographic methods that inherently employ secret keys embedded in non-volatile memory have been known to be impractical for limited-resource Internet of Things (IoT) devices. Physical Unclonable Functions (PUFs) have emerged as an applicable solution to provide a keyless means for secure authentication. PUFs utilize inevitable variations of integrated circuits (ICs) components, manifest during the fabrication process, to extract unique responses. Double Arbiter PUFs (DAPUFs) have been recently proposed to overcome security issues in XOR PUF and enhance the tolerance of delay-based PUFs against modeling attacks. This paper provides comprehensive risk analysis and performance evaluation of all proposed DAPUF designs and compares them with their counterparts from XOR PUF. We generated different sets of real challenge–response pairs CRPs from three FPGA hardware boards to evaluate the performance of both DAPUF and XOR PUF designs using special-purpose evaluation metrics. We show that none of the proposed designs of DAPUF is strictly preferred over XOR PUF designs. In addition, our security analysis using neural network reveals the vulnerability of all DAPUF designs against machine learning attacks.

Download Full-text

Attribute-Based User Revocable Data Integrity Audit for Internet-of-Things Devices in Cloud Storage

Security and Communication Networks ◽

10.1155/2020/8837456 ◽

2020 ◽

Vol 2020 ◽

pp. 1-10

Author(s):

Yaowei Wang ◽

Chen Chen ◽

Zhenwei Chen ◽

Jiangyong He

Keyword(s):

Internet Of Things ◽

Cloud Storage ◽

Security Analysis ◽

Data Integrity ◽

Third Party ◽

Iot Devices ◽

And Performance ◽

Data Auditing ◽

Cloud Storage Environment ◽

Access To Data

Mobile crowdsensing (MCS) is a sensing paradigm exploiting the capabilities of mobile devices (Internet-of-Things devices, smartphones, etc.) to gather large volume of data. MCS has been widely used in cloud storage environment. However, MCS often faces the challenge of data integrity and user revocation issues. To solve these challenges, this paper uses attribute-based revocable signature mechanisms to construct a data integrity auditing scheme for IoT devices in the cloud storage environment. Users use attribute private keys to generate attribute signatures, and limit the user’s permission to use shared data through access policy control. Only when the user attribute is included in the global attribute set, and the attribute threshold is not less than the specified number, the user can use the attribute key for the data to generate a valid signature that can be authenticated under the control of the signature strategy. At the same time, the group manager (GM) can send secret information to a third-party auditor (TPA) to track the creator of the signature, to withdraw the user’s access to data when the business changes, and realize the safe revocation of user group membership. Formal security analysis and experimental results show that the proposed data-auditing solution is suitable for IoT devices in the cloud storage environment with respect to security and performance.

Download Full-text

Bringing Security to The Smallest Embedded Systems

10.34048/2017.1.f5 ◽

2017 ◽

Author(s):

JOSEPH YIU

Keyword(s):

Internet Of Things ◽

Embedded Systems ◽

Low Cost ◽

Security Requirements ◽

The Internet ◽

Security Measures ◽

Significant Challenge ◽

Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

Download Full-text

TwoTowers 4.0: towards the integration of security analysis and performance evaluation

XXIV International Conference of the Chilean Computer Science Society ◽

10.1109/qest.2004.1348055 ◽

2004 ◽

Author(s):

A. Aldini ◽

M. Bernardo

Keyword(s):

Performance Evaluation ◽

Security Analysis ◽

And Performance

Download Full-text

Incorporation of Nitrogen Atoms at Si/SiO2 Interfaces of Field Effect Transistors (FETs) to Improve Device Reliability

MRS Proceedings ◽

10.1557/proc-405-321 ◽

1995 ◽

Vol 405 ◽

Cited By ~ 1

Author(s):

G. Lucovsky ◽

D. R. Lee ◽

Z. Jing ◽

J. L. Whitten ◽

C. Parker ◽

...

Keyword(s):

Field Effect ◽

Field Effect Transistors ◽

Scale Model ◽

Budget Process ◽

Interface Chemistry ◽

Device Reliability ◽

On Line ◽

Low Thermal Budget ◽

Device Properties ◽

Improve Device

AbstractIncorporation of N-atoms at the Si-Si02 interface in field effect transistors, FETs, with ultrathin dielectrics (≤ 5.5 nm) improves device reliability. Four aspects of our recent research on nitrided Si-Si02 interfaces are discussed in this paper: i) the low-temperature/low-thermal budget process by which interface chemistry is controlled, and optimized; ii) the use of on-line and off-line diagnostics to determine the spatial confinement and concentration of interfacial N-atom incorporation; iii) comparisons of device properties for non-nitrided and nitrided interfaces; and iv) the proposal of an atom-scale model for the role that interfacial N-atoms play in improving device reliability.

Download Full-text

Testing embedded systems using test cases generated through combinatorial techniques

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.7.10282 ◽

2018 ◽

Vol 7 (2.7) ◽

pp. 146

Author(s):

Lakshmi Prasad Mudarakola ◽

J K.R. Sastry ◽

V Chandra Prakash

Keyword(s):

Embedded Systems ◽

Embedded System ◽

Traffic Control ◽

Nuclear Reactor ◽

Test Cases ◽

Critical Systems ◽

Daily Lives ◽

Intelligent Devices ◽

Wireless Infrastructure ◽

Combinatorial Methods

Thorough testing of embedded systems is required especially when the systems are related to monitoring and controlling the mission critical and safety critical systems. The embedded systems must be tested comprehensively which include testing hardware, software and both together. Embedded systems are highly intelligent devices that are infiltrating our daily lives such as the mobile in your pocket, and wireless infrastructure behind it, routers, home theatre system, the air traffic control station etc. Software now makes up 90% of the value of these devices. In this paper, authors present different methods to test an embedded system using test cases generated through combinatorial techniques. The experimental results for testing a TMCNRS (Temperature Monitoring and Controlling Nuclear Reactor System) using test cases generated from combinatorial methods are also shown.

Download Full-text

Adjacency-Hash-Table Based Public Auditing for Data Integrity in Mobile Cloud Computing

Wireless Communications and Mobile Computing ◽

10.1155/2018/3471312 ◽

2018 ◽

Vol 2018 ◽

pp. 1-12

Author(s):

Wenqi Chen ◽

Hui Tian ◽

Chin-Chen Chang ◽

Fulin Nan ◽

Jing Lu

Keyword(s):

Cloud Computing ◽

High Speed ◽

Security Analysis ◽

Hash Table ◽

The State ◽

Public Auditing ◽

The Arts ◽

High Speed Data ◽

And Performance ◽

Data Updating

Cloud storage, one of the core services of cloud computing, provides an effective way to solve the problems of storage and management caused by high-speed data growth. Thus, a growing number of organizations and individuals tend to store their data in the cloud. However, due to the separation of data ownership and management, it is difficult for users to check the integrity of data in the traditional way. Therefore, many researchers focus on developing several protocols, which can remotely check the integrity of data in the cloud. In this paper, we propose a novel public auditing protocol based on the adjacency-hash table, where dynamic auditing and data updating are more efficient than those of the state of the arts. Moreover, with such an authentication structure, computation and communication costs can be reduced effectively. The security analysis and performance evaluation based on comprehensive experiments demonstrate that our protocol can achieve all the desired properties and outperform the state-of-the-art ones in computing overheads for updating and verification.

Download Full-text

Towards Secure Network Computing Services for Lightweight Clients Using Blockchain

Wireless Communications and Mobile Computing ◽

10.1155/2018/2051693 ◽

2018 ◽

Vol 2018 ◽

pp. 1-12 ◽

Cited By ~ 22

Author(s):

Yang Xu ◽

Guojun Wang ◽

Jidian Yang ◽

Ju Ren ◽

Yaoxue Zhang ◽

...

Keyword(s):

Service Providers ◽

Security Analysis ◽

Service Provisioning ◽

Network Computing ◽

Security Risks ◽

Blockchain Technology ◽

Computing Services ◽

Viable Solution ◽

Secure Network ◽

Iot Devices

The emerging network computing technologies have significantly extended the abilities of the resource-constrained IoT devices through the network-based service sharing techniques. However, such a flexible and scalable service provisioning paradigm brings increased security risks to terminals due to the untrustworthy exogenous service codes loading from the open network. Many existing security approaches are unsuitable for IoT environments due to the high difficulty of maintenance or the dependencies upon extra resources like specific hardware. Fortunately, the rise of blockchain technology has facilitated the development of service sharing methods and, at the same time, it appears a viable solution to numerous security problems. In this paper, we propose a novel blockchain-based secure service provisioning mechanism for protecting lightweight clients from insecure services in network computing scenarios. We introduce the blockchain to maintain all the validity states of the off-chain services and edge service providers for the IoT terminals to help them get rid of untrusted or discarded services through provider identification and service verification. In addition, we take advantage of smart contracts which can be triggered by the lightweight clients to help them check the validities of service providers and service codes according to the on-chain transactions, thereby reducing the direct overhead on the IoT devices. Moreover, the adoptions of the consortium blockchain and the proof of authority consensus mechanism also help to achieve a high throughput. The theoretical security analysis and evaluation results show that our approach helps the lightweight clients get rid of untrusted edge service providers and insecure services effectively with acceptable latency and affordable costs.

Download Full-text

Secretly Pruned Convolutional Codes: Security Analysis and Performance Results

IEEE Transactions on Information Forensics and Security ◽

10.1109/tifs.2016.2537262 ◽

2016 ◽

Vol 11 (7) ◽

pp. 1500-1514 ◽

Cited By ~ 1

Author(s):

Nicholas Kolokotronis ◽

Alexandros Katsiotis ◽

Nicholas Kalouptsidis

Keyword(s):

Security Analysis ◽

Convolutional Codes ◽

And Performance ◽

Performance Results

Download Full-text

Remote Data Possession Checking Scheme with Supporting Efficient Group User Authority Management for Shared Cloud Data

10.21203/rs.3.rs-884701/v1 ◽

2021 ◽

Author(s):

Yilin Yuan ◽

Jianbiao Zhang ◽

Wanshan Xu ◽

Xiao Wang ◽

Yanhui Liu

Keyword(s):

Security Analysis ◽

Public Auditing ◽

Cloud Data ◽

The Public ◽

Shared Data ◽

Identity Based ◽

And Performance ◽

Data Auditing ◽

Data Checking ◽

Remote Data

Abstract Under the shared big data environment, most of the existing data auditing schemes rarely consider the authorization management of group users. Meanwhile, how to deal with the shared data integrity is a problem that needs to be pondered. Thus, in this paper, we propose a novel remote data checking possession scheme which achieves group authority management while completing the public auditing. To perform authority management work, we introduce a trusted entity – group manager. We formalize a new algebraic structure operator named authorization invisible authenticator (AIA). Meanwhile, we provide two versions of AIA scheme: basic AIA scheme and standard AIA scheme. The standard AIA scheme is constructed based on the basic AIA scheme and user information table (UIT), with advanced security and wider applicable scenarios. By virtue of standard AIA scheme, the group manager can perfectly and easily carry out authority management, including enrolling, revoking, updating. On the basis of the above, we further design a public auditing scheme for non-revoked users’ shared data. The scheme is based on identity-based encryption (IBE), which greatly reduce the necessary certificate management cost. Furthermore, the detailed security analysis and performance evaluation demonstrate that the scheme is safe and feasible.

Download Full-text