More Web Proxy on the site http://driver.im/

research-article

Open access

RoSym: Robust Symmetric Key Based IoT Software Upgrade Over-the-Air

Authors:

Pegah Nikbakht Bideh,

Christian GehrmannAuthors Info & Claims

CPSIoTSec '22: Proceedings of the 4th Workshop on CPS & IoT Security and Privacy

Pages 35 - 46

https://doi.org/10.1145/3560826.3563381

Published: 07 November 2022 Publication History

Abstract

Internet of Things (IoT) firmware upgrade has turned out to be a challenging task with respect to security. While Over-The-Air (OTA) software upgrade possibility is an essential feature to achieve security, it is also most sensitive to attacks and lots of different firmware upgrade attacks have been presented in the literature. Several security solutions exist to tackle these problems. We observe though that most prior art solutions are public key-based, they are not flexible with respect to firmware image distribution principles and it is challenging to make a design with good Denial-Of-Service (DoS) attacks resistance. Apart from often being rather resource demanding, a limitation with current public key-based solutions is that they are not quantum computer resistant. Hence, in this paper, we take a new look into the firmware upgrade problem and propose RoSym, a secure, firmware distribution principle agnostic, and DoS protected upgrade mechanism purely based on symmetric cryptography. We present an experimental evaluation on a real testbed environment for the scheme. The results show that the scheme is efficient in comparison to other state of the art solutions. We also make a formal security verification of RoSym showing that it is robust against different attacks.

Supplementary Material

MP4 File (cpsiot707-nikbakht-bideh.mp4)

In this video I present RoSym or Robust Symmetric Key Based IoT Software Upgrade Over-the-Air. RoSym is a software upgrade solution for resource constrained IoT devices. I describe the features of RoSym and update procedure on both server and device sides in the video. I also present the implementation details and our evaluation results and finally I concluded with the conclusions.

Download
40.02 MB

References

[1]

Farah Afianti, Titiek Suryani, et al. 2018. Dynamic cipher puzzle for efficient broadcast authentication in wireless sensor networks. Sensors 18, 11 (2018), 4021.

[2]

Konstantinos Arakadakis, Pavlos Charalampidis, Antonis Makrogiannakis, and Alexandros Fragkiadakis. 2021. Firmware Over-the-Air Programming Techniques for IoT Networks - A Survey. ACM Comput. Surv. 54, 9, Article 178 (oct 2021), 36 pages. https://doi.org/10.1145/3472292

Digital Library

[3]

Nils Aschenbruck, Jan Bauer, Jakob Bieling, Alexander Bothe, and Matthias Schwamborn. 2012. Selective and secure over-the-air programming for wireless sensor networks. In 21st International Conference on Computer Communications and Networks (ICCCN). IEEE, 1--6.

[4]

N Asokan, Thomas Nyman, Norrathep Rattanavipanon, Ahmad-Reza Sadeghi, and Gene Tsudik. 2018. ASSURED: Architecture for secure software update of realistic embedded devices. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 37, 11 (2018), 2290--2300.

[5]

Ward Beullens. 2021. The Design and Cryptanalysis of Post-Quantum Digital Signature Algorithms. KU Leuven. https://www.esat.kuleuven.be/cosic/publications/ thesis-417.pdf

[6]

Bruno Blanchet, Ben Smyth, Vincent Cheval, and Marc Sylvestre. 2018. ProVerif 2.00: automatic cryptographic protocol verifier, user manual and tutorial. Version from (2018), 05--16.

[7]

Stephen Brown and Cormac Sreenan. 2013. Software Updating in Wireless Sensor Networks: A Survey and Lacunae. Journal of Sensor and Actuator Networks 2, 4 (Nov 2013), 717--760. https://doi.org/10.3390/jsan2040717

[8]

Jing Deng, Richard Han, and Shivakant Mishra. 2006. Secure code distribution in dynamically programmable wireless sensor networks. In Proceedings of the 5th international conference on Information processing in sensor networks. 292--300.

Digital Library

[9]

D. Dolev and A. C. Yao. 1981. On the Security of Public Key Protocols. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (SFCS '81). IEEE Computer Society, Washington, DC, USA, 350--357. https: //doi.org/10.1109/SFCS.1981.32

Digital Library

[10]

FIPS PUB DRAFT. 2014. 202. SHA-3 Standard: Permutation-Based hash and extendable-output functions. Information Technology Laboratory, National Institute of Standards and Technology. Recovered on May (2014).

[11]

Prabal K Dutta, JonathanWHui, David C Chu, and David E Culler. 2006. Securing the deluge network programming system. In 5th International Conference on Information Processing in Sensor Networks. IEEE, 326--333.

Digital Library

[12]

Yan-Hong Fan, Mei-Qin Wang, Yan-Bin Li, Kai Hu, and Muzhou Li. 2021. A Secure IoT Firmware Update Scheme Against SCPA and DoS Attacks. J. Comput. Sci. Technol. 36, 2 (2021), 419--433. https://doi.org/10.1007/s11390-020--9831--8

[13]

J. Ferreira, J. N. Soares, R. Jardim-Goncalves, and C. Agostinho. 2017. Management of IoT Devices in a Physical Network. In 21st International Conference on Control Systems and Computer Science (CSCS). 485--492.

[14]

F. Palombini G. Selander, J. Mattsson. 2019. Object Security for Constrained RESTful Environments (OSCORE). https://tools.ietf.org/html/rfc8613. [Online; accessed 24-March-2021].

[15]

Christian Gehrmann, Marco Tiloca, and Rikard Höglund. 2015. SMACK: Short message authentication check against battery exhaustion in the Internet of Things. In 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON). IEEE, 274--282.

Digital Library

[16]

Lov K. Grover. 1996. A Fast Quantum Mechanical Algorithm for Database Search. In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing (Philadelphia, Pennsylvania, USA) (STOC '96). Association for Computing Machinery, New York, NY, USA, 212--219. https://doi.org/10.1145/ 237814.237866

Digital Library

[17]

Daojing He, Chun Chen, Sammy Chan, and Jiajun Bu. 2011. SDRP: A secure and distributed reprogramming protocol for wireless sensor networks. IEEE Transactions on Industrial Electronics 59, 11 (2011), 4155--4163.

[18]

Daojing He, Chun Chen, Sammy Chan, and Jiajun Bu. 2012. DiCode: DoSresistant and distributed code dissemination in wireless sensor networks. IEEE Transactions on Wireless Communications 11, 5 (2012), 1946--1956.

[19]

Jonathan W Hui and David Culler. 2004. The dynamic behavior of a data dissemination protocol for network programming at scale. In Proceedings of the 2nd international conference on Embedded networked sensor systems. 81--94.

Digital Library

[20]

Sangwon Hyun, Peng Ning, An Liu, and Wenliang Du. 2008. Seluge: Secure and dos-resistant code dissemination in wireless sensor networks. In 2008 International Conference on Information Processing in Sensor Networks. IEEE, 445--456.

Digital Library

[21]

Wassim Itani, Ayman Kayssi, and Ali Chehab. 2009. PETRA: a secure and energyefficient software update protocol for severely-constrained network devices. In Proceedings of the 5th ACM symposium on QoS and security for wireless and mobile networks. 37--43.

Digital Library

[22]

Irene Joseph, Prasad B. Honnavalli, and B. R. Charanraj. 2022. Detection of DoS Attacks on Wi-Fi Networks Using IoT Sensors. In Sustainable Advanced Computing, Sagaya Aurelia, Somashekhar S. Hiremath, Karthikeyan Subramanian, and Saroj Kr. Biswas (Eds.). Springer Singapore, Singapore, 549--558.

[23]

Donnie H Kim, Rajeev Gandhi, and Priya Narasimhan. 2007. Exploring symmetric cryptography for secure network reprogramming. In 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07). IEEE, 17--17.

Digital Library

[24]

Jun Young Kim, Wen Hu, Hossein Shafagh, and Sanjay Jha. 2016. Seda: Secure over-the-air code dissemination protocol for the internet of things. IEEE Transactions on Dependable and Secure Computing 15, 6 (2016), 1041--1054.

[25]

Hugo Krawczyk, Mihir Bellare, and Ran Canetti. 1997. HMAC: Keyed-hashing for message authentication.

[26]

Ioannis Krontiris and Tassos Dimitriou. 2011. Scatter--secure code authentication for efficient reprogramming in wireless sensor networks. International Journal of Sensor Networks 10, 1--2 (2011), 14--24.

[27]

Patrick E Lanigan, Rajeev Gandhi, and Priya Narasimhan. 2006. Sluice: Secure dissemination of code updates in sensor networks. In 26th IEEE international conference on Distributed Computing Systems (ICDCS'06). IEEE, 53--53.

Digital Library

[28]

JongHyup Lee, LeeHyung Kim, and Taekyoung Kwon. 2015. Flexicast: Energyefficient software integrity checks to build secure industrial wireless active sensor networks. IEEE Transactions on Industrial Informatics 12, 1 (2015), 6--14.

[29]

Bo Meng, Wei Wang, and Wei Chen. 2012. Verification of Resistance of Denial of Service Attacks in Extended Applied Pi Calculus with ProVerif. J. Comput. 7, 4 (2012), 890--899.

[30]

Adrian Perrig, Robert Szewczyk, Justin Douglas Tygar, Victor Wen, and David E Culler. 2002. SPINS: Security protocols for sensor networks. Wireless networks 8, 5 (2002), 521--534.

[31]

FIPS PUB. 2012. Secure hash standard (shs). Fips pub 180, 4 (2012).

[32]

Tie Qiu, Xize Liu, Min Han, Huansheng Ning, and Dapeng Oliver Wu. 2017. A secure time synchronization protocol against fake timestamps for large-scale Internet of Things. IEEE Internet of Things Journal 4, 6 (2017), 1879--1889.

[33]

Eyal Ronen, Adi Shamir, Achi-OrWeingarten, and Colin O'Flynn. 2017. IoT Goes Nuclear: Creating a ZigBee Chain Reaction. In IEEE Symposium on Security and Privacy (SP). 195--212. https://doi.org/10.1109/SP.2017.14

[34]

Mark D Ryan and Ben Smyth. 2011. Applied pi calculus. In Formal Models and Techniques for Analyzing Security Protocols. Ios Press, 112--142.

[35]

David Sanchez. 2007. Secure, accurate and precise time synchronization for wireless sensor networks. In Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks. 105--112.

Digital Library

[36]

Zakir Ahmad Sheikh and Yashwant Singh. 2021. Lightweight De-authentication DoS Attack Detection Methodology for 802.11 Networks Using Sniffer. In Proceedings of Second International Conference on Computing, Communications, and Cyber-Security, Pradeep Kumar Singh, S?awomir T. Wierzcho?, Sudeep Tanwar, Maria Ganzha, and Joel J. P. C. Rodrigues (Eds.). Springer Singapore, Singapore, 67--80.

[37]

Jaewoo Shim, Kyeonghwan Lim, Jaemin Jeong, Seong-je Cho, Minkyu Park, and Sangchul Han. 2017. A case study on vulnerability analysis and firmware modification attack for a wearable fitness tracker. IT Converg. Pract 5, 4 (2017), 25--33.

[38]

Hailun Tan, Diethelm Ostry, John Zic, and Sanjay Jha. 2013. A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networks. Computers & security 32 (2013), 36--55.

[39]

Luca Verderame, Antonio Ruggia, and Alessio Merlo. 2021. PATRIOT: Anti- Repackaging for IoT Firmware. CoRR abs/2109.04337 (2021). arXiv:2109.04337 https://arxiv.org/abs/2109.04337

[40]

Mande Xie, Urmila Bhanja, Guiyi Wei, Yun Ling, Mohammad Mehedi Hassan, and Atif Alamri. 2015. SecNRCC: a loss-tolerant secure network reprogramming with confidentiality consideration for wireless sensor networks. Concurrency and Computation: Practice and Experience 27, 10 (2015), 2668--2680.

Digital Library

Cited By

Shahabadkar RNandeeswar SSoman RSangeetha G(2024)Insights of Evolving Methods Towards Screening of AI-Enhanced Malware in IoT EnvironmentArtificial Intelligence Algorithm Design for Systems10.1007/978-3-031-70518-2_57(694-704)Online publication date: 26-Nov-2024
https://doi.org/10.1007/978-3-031-70518-2_57
Bhattacharjee AMahmood HLu SAmmar NGanlath AShi W(2023)Edge-Assisted Over-the-Air Software Updates2023 IEEE 9th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC58953.2023.00013(18-27)Online publication date: 1-Nov-2023
https://doi.org/10.1109/CIC58953.2023.00013

Index Terms

RoSym: Robust Symmetric Key Based IoT Software Upgrade Over-the-Air
1. Security and privacy
  1. Network security
    1. Security protocols

Recommendations

Internet of Things: information security challenges and solutions

Keeping up with the burgeoning Internet of Things (IoT) requires staying up to date on the latest network attack trends in dynamic and complicated cyberspace, and take them into account while developing holistic information security (IS) approaches for ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things
SERVICES '15: Proceedings of the 2015 IEEE World Congress on Services

The Internet of Things (IoT) devices have become popular in diverse domains such as e-Health, e-Home, e-Commerce, and e-Trafficking, etc. With increased deployment of IoT devices in the real world, they can be, and in some cases, already are subject to ...
IoT cybersecurity threats mitigation via integrated technical and non-technical solutions

With the growing number of connected devices to the internet every day, and the rapid development and deployment of internet of things (IoT), the number of security threats and vulnerabilities posed to these are also increased. Also, the use of IoT in the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CPSIoTSec '22: Proceedings of the 4th Workshop on CPS & IoT Security and Privacy

November 2022

77 pages

ISBN:9781450398763

DOI:10.1145/3560826

Program Chairs:
Earlence Fernandes
University of California, San Diego, USA
,
Cristina Alcaraz
University of Malaga, Spain

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Wallenberg AI, Autonomous Systems and Software Program
Swedish Foundation for Strategic Research

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2022

CA, Los Angeles, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
327
Total Downloads

Downloads (Last 12 months)141
Downloads (Last 6 weeks)16

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shahabadkar RNandeeswar SSoman RSangeetha G(2024)Insights of Evolving Methods Towards Screening of AI-Enhanced Malware in IoT EnvironmentArtificial Intelligence Algorithm Design for Systems10.1007/978-3-031-70518-2_57(694-704)Online publication date: 26-Nov-2024
https://doi.org/10.1007/978-3-031-70518-2_57
Bhattacharjee AMahmood HLu SAmmar NGanlath AShi W(2023)Edge-Assisted Over-the-Air Software Updates2023 IEEE 9th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC58953.2023.00013(18-27)Online publication date: 1-Nov-2023
https://doi.org/10.1109/CIC58953.2023.00013

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents