物聯網設備在過去幾年的快速增長帶來了便利
在人的生命中。 大量安裝的物聯網設備使該設備成為可能
製造商（供應商）難以維護物聯網設備。 單程
維護IoT設備是通過固件更新。 供應商可以
添加新功能，增強安全性並重新配置IoT設備
通過固件更新。 但是，固件更新過程
並非沒有風險。 有幾個著名的攻擊目標
固件更新過程。 在本論文中，我們提出了一種強大而輕便的方法
使用跳過鏈技術確保固件更新安全性的框架。
利用跳過鏈的前向鏈接，提議的協議可以
有效地進行對等固件更新驗證。 基於原型
關於擬議框架的構建和評估。 而且，我們的
提議的框架也被證明是安全的，可以承受一些
眾所周知的攻擊。

The rapid growth of IoT devices in past few years brings convenience
in human life. The huge amount of installed IOT devices makes the device
manufacturer (vendor) difficult to maintain the IoT devices. One way
to maintain the IoT device is through the firmware update. Vendor can
add new functionality, enhance the security and re-configure the IoT device
through a firmware update. However, the firmware update process
is not without risk. There are several well-known attacks those targets the
firmware update process. In this thesis, we propose a robust and lightweight
framework that ensure the firmware update security using skipchain technology.
Utilizing the skipchain’s forward link, the proposed protocol can
do peer-to-peer firmware update verification efficiently. A prototype based
on the proposed framework is constructed and evaluated. Moreover, our
proposed framework is also proven to be secure and could withstand some
well-known attacks.

Contents
Recommendation Letter . . . . . . . . . . . . . . . . . . . . . . . . i
Approval Letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . iv
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
List of Pseudocodes . . . . . . . . . . . . . . . . . . . . . . . . . . xi
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Literature Review . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1 Cyber Attack on Firmware and Remote Firmware Update
for Embedded Device . . . . . . . . . . . . . . . . . . . . 6
2.2 Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3 Skiplist . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.4 Skipchain . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.5 Blockchain-based Firmware Update Framework . . . . . . 15
3 System Environment and Protocol Designs . . . . . . . . . . . . 17
3.1 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . 17
v
3.2 Skipchain Overview . . . . . . . . . . . . . . . . . . . . . 18
3.3 Architecture Design . . . . . . . . . . . . . . . . . . . . . 20
3.4 Protocol Design . . . . . . . . . . . . . . . . . . . . . . . 29
3.4.1 Firmware Update Verification Protocol . . . . . . 31
3.4.2 Firmware Update Peer-to-Peer Verification Protocol 33
3.4.3 Firmware Update Execution Protocol . . . . . . . 36
4 Prototype Design and Implementation . . . . . . . . . . . . . . 38
4.1 Prototype Design . . . . . . . . . . . . . . . . . . . . . . 38
4.1.1 Key Exchange Procedure . . . . . . . . . . . . . . 38
4.1.2 AES Encryption Function . . . . . . . . . . . . . 42
4.1.3 AES Decryption Function . . . . . . . . . . . . . 43
4.2 Prototype Implementation . . . . . . . . . . . . . . . . . 44
5 Security and Performance Analyses . . . . . . . . . . . . . . . . 46
5.1 Security Analysis . . . . . . . . . . . . . . . . . . . . . . 48
5.2 Protocol Verification Using Scyther Tool . . . . . . . . . . 53
5.2.1 Data Secrecy . . . . . . . . . . . . . . . . . . . . 54
5.2.2 Aliveness . . . . . . . . . . . . . . . . . . . . . . 55
5.2.3 Non-injective Agreement and Non-injective Synchronisation
. . . . . . . . . . . . . . . . . . . . . 55
5.3 Performance Analysis . . . . . . . . . . . . . . . . . . . . 56
vi
5.4 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

References
[1] K. Salah and M. Ahmad Khan, “Iot security: Review, blockchain solutions, and open challenges,”
Future Generation Computer Systems, 11 2017.
[2] Gartner, “Gartner Says 8.4 Billion Connected ”Things” Will Be in Use in 2017, Up 31 Percent
From 2016.” https://www.gartner.com/newsroom/id/3598917, 2014. [Online; accessed 30-
November-2018].
[3] A. Cui, M. Costello, and S. J. Stolfo, “When firmware modifications attack: A case study of embedded
exploitation.,” in NDSS [3].
[4] C. Miller and A. Labs, “Battery firmware hacking.” https://media.blackhat.com/bh-us-11/
Miller/BH_US_11_Miller_Battery_Firmware_Public_WP.pdf/, 2011.
[5] K. Zetter, “How the nsa’s firmware hacking works and why it’s so unsettling.” https://www.wired.
com/2015/02/nsa-firmware-hacking//, 2015.
[6] R. Hassan, K. Markantonakis, and R. N. Akram, “Can you call the software in your device be
firmware?,” IEEE 13th International Conference on e-Business Engineering (ICEBE), 2016.
[7] M. J. Gajjar, Mobile Sensors and Context-Aware Computing. San Francisco, CA, USA: Morgan Kaufmann
Publishers Inc., 1st ed., 2017.
[8] B.-C. Choi, S.-H. Lee, J.-C. Na, and J.-H. Lee, “Secure firmware validation and update for consumer
devices in home networking,” pp. 39–44, IEEE Transactions on Consumer Electronics, 2016.
[9] P. Point, “Proofpoint uncovers internet of things (iot) cyberattack.” https://www.proofpoint.
com/us/proofpoint-uncovers-internet-things-iot-cyberattack, 2014.
[10] S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system.” https://bitcoin.org/bitcoin.
pdf.
[11] B. Ford, “How do you know it’s on the blockchain? with a skipchain.” https://bford.github.
io/2017/08/01/skipchain/.
[12] K. Doddapaneni, R. Lakkundi, S. Rao, S. G. Kulkarni, and B. Bhat, “Secure fota object for iot,” in 2017
IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops), pp. 154–159, Oct
2017.
[13] A. Back, “Hashcash - a denial of service counter-measure.” http://www.hashcash.org/papers/
hashcash.pdf, 2002.
[14] S. Nakamoto, “Proof of work.” https://en.bitcoin.it/wiki/Proof_of_work.
[15] William Pugh, “Concurrent maintenance of skip lists.” https://drum.lib.umd.edu/handle/
1903/542, 1989.
[16] Wikipedia, “Skip list — Wikipedia, the free encyclopedia.” [Online; accessed 2-December-2018].
[17] J. I. Munro, T. Papadakis, and R. Sedgewick, “Deterministic skip lists,” in Proceedings of the Third Annual
ACM-SIAM Symposium on Discrete Algorithms, SODA ’92, (Philadelphia, PA, USA), pp. 367–
375, Society for Industrial and Applied Mathematics, 1992.
[18] K. Nikitin, E. Kokoris-Kogias, P. Jovanovic, L. Gasser, N. Gailly, I. Khoffi, J. Cappos, and B. Ford,
“Chainiac: Proactive software-update transparency via collectively signed skipchains and verified
builds.” Cryptology ePrint Archive, Report 2017/648, 2017. https://eprint.iacr.org/2017/
648.
[19] E. Syta, I. Tamas, D. Visher, D. I. Wolinsky, P. Jovanovic, L. Gasser, N. Gailly, I. Khoffi, and B. Ford,
“Keeping authorities ”honest or bust” with decentralized witness cosigning,” in 2016 IEEE Symposium
on Security and Privacy (SP), pp. 526–545, May 2016.
[20] B. Lee, S. Malik, S. Wi, and J.-H. Lee, “Firmware verification of embedded devices based on a
blockchain,” in Quality, Reliability, Security and Robustness in Heterogeneous Networks (J.-H. Lee
and S. Pack, eds.), (Cham), pp. 52–61, Springer International Publishing, 2017.
[21] A. Boudguiga, N. Bouzerna, L. Granboulan, A. Olivereau, F. Quesnel, A. Roger, and R. Sirdey, “Towards
better availability and accountability for iot updates by means of a blockchain,” in 2017 IEEE
European Symposium on Security and Privacy Workshops (EuroS PW), April 2017.
[22] C. P. Schnorr, “Efficient identification and signatures for smart cards,” in Advances in Cryptology —
CRYPTO’ 89 Proceedings (G. Brassard, ed.), (New York, NY), pp. 239–252, Springer New York,
1990.
[23] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans. Inf. Theor., vol. 22, pp. 644–
654, Sept. 2006.
[24] Wikipedia, “Pbkdf2.” [Online; accessed 20-December-2018].
[25] A. Yohan, N.-W. Lo, and S. Achawapong, “Blockchain-based firmware update framework for internetof-
things environment,” in Proceedings of the 2018 International Conference on Information and
Knowledge Engineering, IKE’18, pp. 151–155, CSREA Press, 2018.
[26] J. F. Cremers, C and Mauw, Sjouke and Vink, Erik, “Dening authentication in a trace model,” 07 2004.
[27] W. Dai, “Crypto++ 5.6.0 benchmarks.” https://www.cryptopp.com/benchmarks.html, 2009.
[28] K.-H. Yeh, C. Su, K.-K. R. Choo, and W. Chiu, “A novel certificateless signature scheme for smart objects
in the internet-of-things,” in MDPI, (Philadelphia, PA, USA), pp. 367–375, Society for Industrial
and Applied Mathematics, 1992.
[29] G. S. Tanwar, G. Singh, and V. Gaur, “Secured encryption - concept and challenge,” International
Journal of Computer Application, vol. 2, May 2010.