Internet of Things (IoT) is becoming an important technology for improving quality of life nowadays, IoT connects products from industries such as healthcare, public infrastructure, transportation, and smart home. A large number of IoT devices need to be managed correctly and secure from the recent cyber-attack. In this thesis, we propose the firmware update framework for the Internet of Things environment. Our goal is to verify the firmware update process from a legitimate vendor and ensure the integrity of firmware. In our framework, we utilize blockchain technology and smart contract to design a framework model to support firmware update. We also de-sign several security protocols to secure our firmware verification and update process-es. In our proposed framework, a vendor creates a smart contract to update the latest firmware and a smart contract is validated by nodes in the blockchain network. Moreover, we considered the push-method for the firmware update, which can guar-antee a vendor will update the latest firmware for their manufactured devices to patch vulnerabilities as soon as possible.

[1] Gartner, "Gartner says 4.9 billion connected "things" will be in use in 2017, up 31 percent from 2016," [Online]. Accessed on: January 2018, Available: https://www.gartner.com/newsroom/id/3598917
[2] M. A. Khan and K. Salah, "IoT security: Review, blockchain solutions, and open challenges," Future Generation Computer Systems, 2017.
[3] OWASP, "IoT Vulnerabilities Project," [Online]. Accessed on: January 2018, Available: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Vulnerabilities
[4] R. Hassan, K. Markantonakis, and R. N. Akram, "Can you call the software in your device be firmware," in IEEE 13th International Conference on e-Business Engineering, Macau, 2016, pp. 188-195.
[5] A. Cui, M. Costello, and S. J. Stolfo, "When firmware modifications attack - a case study of embedded exploitation," in Proceedings of the 20th Symposium on Network and Distributed System Security, The Internet Society, 2013.
[6] S. Nakamoto, "Bitcoin: a peer-to-peer electronic cash system," [Online]. Accessed on: January 2018, Available: https://bitcoin.org/bitcoin.pdf
[7] Ethereum/WiKi, "Ethereum white paper," [Online]. Accessed on: January 2018, Available: https://github.com/ethereum/wiki/wiki/White-Paper
[8] K. Christidis and M. Devetsikiotis, "Blockchains and smart contracts for the Internet of Things," IEEE Access, vol. 4, pp. 2292-2303, 2016.
[9] N. Kshetri, "Blockchain's roles in strengthening cybersecurity and protecting privacy," Telecommunications Policy, vol. 41, no. 10, pp. 1027-1038, 2017.
[10] "Introduction to smart contracts," [Online]. Accessed on: January 2018, Available: http://solidity.readthedocs.io/en/latest/introduction-to-smart-contracts.html
[11] M. A. Prada-Delgado, A. Vazquez-Reyes, and I. Baturone, "Trustworthy firmware update for internet-of-things devices using physical unclonable functions," in Global Internet of Things Summit, Geneva, 2017, pp. 1-5.
[12] K. Doddapaneni, R. Lakkundi, S. Rao, S. G. Kulkarni, and B. Bhat, "Secure FoTA Object for IoT," in 2017 IEEE 42nd Conference on Local Computer Networks Workshops, Singapore, 2017, pp. 154-159.
[13] B.-C. Choi, H.-H. Lee, J.-C. Na, and J.-H. Lee, "Secure firmware validation and update for consumer devices in home networking," IEEE Transactions on Consumer Electronics, vol. 62, no. 1, pp. 39-44, 2016.
[14] D. T. T. Anh, M. Zhang, B. C. Ooi, and G. Chen, "Untangling Blockchain: A Data Processing View of Blockchain Systems," IEEE Transactions on Knowledge and Data Engineering, 2018.
[15] F. Tschorsch and B. Scheuermann, "Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2084-2123, 2016.
[16] D. Mingxiao, M. Xiaofeng, Z. Zhe, W. Xiangwei, and C. Qijun, "A review on consensus algorithm of blockchain," in IEEE International Conference on Syetems, Man, and Cybernetics, Banff, 2017, pp. 2567-2572.
[17] Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, "An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends," in 2017 IEEE International Congress on Big Data (BigData Congress), Honolulu, 2017, pp. 557-564.
[18] F. Dai, Y. Shi, N. Meng, L. Wei, and Z. Ye, "From bitcoin to cybersecurity - a comparative study of blockchain applications and security issues," in 4th International Conference on Systems and Infomatics, Hangzhou, 2017, pp. 975-979.
[19] A. Kaushik, A. Choudhary, C. Ektare, and D. Thomas, "Blockchain literature survey," in 2nd IEEE International Conference on Recent Trends in Electronics Information & Communication Technology, Bangalore, 2017, pp. 2145-2148.
[20] Y. Sompolinsky and A. Zohar, "Secure hight-rate transaction processing in bitcoin," Financial Cryptography and Data Security, vol. 8975, pp. 507-527, 2015.
[21] A. Bahga and V. K. Madisetti, "Blockchain Platform for Industrial Internet of Things," Journal of Software Engineering and Applications, vol. 09, no. 10, pp. 533-546, 2016.
[22] J.-H. Lee, S. Malik, S. Wi, and B. Lee, "Firmware verification of embedded devices based on a blockchain," Proceeding of Quality, Reliability, Security and Robustness in Heterogeneous Networks, pp. 52-61, 2016.
[23] B. Lee and J.-H. Lee, "Blockchain-based secure firmware update for embedded devices in an Internet of Things environment," The Journal of Supercomputing, vol. 73, no. 3, pp. 1152-1167, 2016.
[24] A. Boudguiga et al., "Towards Better Availability and Accountability for IoT Updates by Means of a Blockchain," in 2017 IEEE European Symposium on Security and Privacy Workshops, Paris, 2017, pp. 50-58.
[25] M. Banerjee, J. Lee, and K.-K. R. Choo, "A blockchain future to Internet of Things security: A position paper," Digital Communications and Networks, 2017.
[26] S.-H. Hsu, "A secure IoT firmware update mechanism based on MQTT protocol," Master, Department of Information Management, National Taiwan University of Science and Technology, 2017.
[27] G. Wood, "Ethereum: a secure decentralised generalised transaction ledgers," Ethereum Project Yellow Paper, no. EP-150 Revision, 2017.
[28] "Ethereum Homestead Documentation," [Online]. Accessed on: January 2018, Available: http://ethdocs.org/en/latest/contracts-and-transactions/account-types-gas-and-transactions.html#eoa-vs-contract-accounts
[29] E. Stenberg, "Keys considerations for software updates for embedded linux and IoT," [Online]. Accessed on: January 2018, Available: http://www.linuxjournal.com/content/key-considerations-software-updates-embedded-linux-and-iot?page=0,2