Liem Peter Santoso
Secure and Trusted Firmware Update Framework for IoT Environment
管理學院 - 資訊管理系
Department of Information Management
|Thesis Publication Year:||2019|
|Graduation Academic Year:||107|
|Keywords (in Chinese):||韌體更新 、點對點驗證|
|Keywords (in other languages):||Skipchain, Peer-to-peer verification|
|Reference times:||Clicks: 114 Downloads: 8|
|School Collection Retrieve National Library Collection Retrieve Error Report|
The rapid growth of IoT devices in past few years brings convenience
in human life. The huge amount of installed IOT devices makes the device
manufacturer (vendor) difficult to maintain the IoT devices. One way
to maintain the IoT device is through the firmware update. Vendor can
add new functionality, enhance the security and re-configure the IoT device
through a firmware update. However, the firmware update process
is not without risk. There are several well-known attacks those targets the
firmware update process. In this thesis, we propose a robust and lightweight
framework that ensure the firmware update security using skipchain technology.
Utilizing the skipchain’s forward link, the proposed protocol can
do peer-to-peer firmware update verification efficiently. A prototype based
on the proposed framework is constructed and evaluated. Moreover, our
proposed framework is also proven to be secure and could withstand some
 K. Salah and M. Ahmad Khan, “Iot security: Review, blockchain solutions, and open challenges,”
Future Generation Computer Systems, 11 2017.
 Gartner, “Gartner Says 8.4 Billion Connected ”Things” Will Be in Use in 2017, Up 31 Percent
From 2016.” https://www.gartner.com/newsroom/id/3598917, 2014. [Online; accessed 30-
 A. Cui, M. Costello, and S. J. Stolfo, “When firmware modifications attack: A case study of embedded
exploitation.,” in NDSS .
 C. Miller and A. Labs, “Battery firmware hacking.” https://media.blackhat.com/bh-us-11/
 K. Zetter, “How the nsa’s firmware hacking works and why it’s so unsettling.” https://www.wired.
 R. Hassan, K. Markantonakis, and R. N. Akram, “Can you call the software in your device be
firmware?,” IEEE 13th International Conference on e-Business Engineering (ICEBE), 2016.
 M. J. Gajjar, Mobile Sensors and Context-Aware Computing. San Francisco, CA, USA: Morgan Kaufmann
Publishers Inc., 1st ed., 2017.
 B.-C. Choi, S.-H. Lee, J.-C. Na, and J.-H. Lee, “Secure firmware validation and update for consumer
devices in home networking,” pp. 39–44, IEEE Transactions on Consumer Electronics, 2016.
 P. Point, “Proofpoint uncovers internet of things (iot) cyberattack.” https://www.proofpoint.
 S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system.” https://bitcoin.org/bitcoin.
 B. Ford, “How do you know it’s on the blockchain? with a skipchain.” https://bford.github.
 K. Doddapaneni, R. Lakkundi, S. Rao, S. G. Kulkarni, and B. Bhat, “Secure fota object for iot,” in 2017
IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops), pp. 154–159, Oct
 A. Back, “Hashcash - a denial of service counter-measure.” http://www.hashcash.org/papers/
 S. Nakamoto, “Proof of work.” https://en.bitcoin.it/wiki/Proof_of_work.
 William Pugh, “Concurrent maintenance of skip lists.” https://drum.lib.umd.edu/handle/
 Wikipedia, “Skip list — Wikipedia, the free encyclopedia.” [Online; accessed 2-December-2018].
 J. I. Munro, T. Papadakis, and R. Sedgewick, “Deterministic skip lists,” in Proceedings of the Third Annual
ACM-SIAM Symposium on Discrete Algorithms, SODA ’92, (Philadelphia, PA, USA), pp. 367–
375, Society for Industrial and Applied Mathematics, 1992.
 K. Nikitin, E. Kokoris-Kogias, P. Jovanovic, L. Gasser, N. Gailly, I. Khoffi, J. Cappos, and B. Ford,
“Chainiac: Proactive software-update transparency via collectively signed skipchains and verified
builds.” Cryptology ePrint Archive, Report 2017/648, 2017. https://eprint.iacr.org/2017/
 E. Syta, I. Tamas, D. Visher, D. I. Wolinsky, P. Jovanovic, L. Gasser, N. Gailly, I. Khoffi, and B. Ford,
“Keeping authorities ”honest or bust” with decentralized witness cosigning,” in 2016 IEEE Symposium
on Security and Privacy (SP), pp. 526–545, May 2016.
 B. Lee, S. Malik, S. Wi, and J.-H. Lee, “Firmware verification of embedded devices based on a
blockchain,” in Quality, Reliability, Security and Robustness in Heterogeneous Networks (J.-H. Lee
and S. Pack, eds.), (Cham), pp. 52–61, Springer International Publishing, 2017.
 A. Boudguiga, N. Bouzerna, L. Granboulan, A. Olivereau, F. Quesnel, A. Roger, and R. Sirdey, “Towards
better availability and accountability for iot updates by means of a blockchain,” in 2017 IEEE
European Symposium on Security and Privacy Workshops (EuroS PW), April 2017.
 C. P. Schnorr, “Efficient identification and signatures for smart cards,” in Advances in Cryptology —
CRYPTO’ 89 Proceedings (G. Brassard, ed.), (New York, NY), pp. 239–252, Springer New York,
 W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans. Inf. Theor., vol. 22, pp. 644–
654, Sept. 2006.
 Wikipedia, “Pbkdf2.” [Online; accessed 20-December-2018].
 A. Yohan, N.-W. Lo, and S. Achawapong, “Blockchain-based firmware update framework for internetof-
things environment,” in Proceedings of the 2018 International Conference on Information and
Knowledge Engineering, IKE’18, pp. 151–155, CSREA Press, 2018.
 J. F. Cremers, C and Mauw, Sjouke and Vink, Erik, “Dening authentication in a trace model,” 07 2004.
 W. Dai, “Crypto++ 5.6.0 benchmarks.” https://www.cryptopp.com/benchmarks.html, 2009.
 K.-H. Yeh, C. Su, K.-K. R. Choo, and W. Chiu, “A novel certificateless signature scheme for smart objects
in the internet-of-things,” in MDPI, (Philadelphia, PA, USA), pp. 367–375, Society for Industrial
and Applied Mathematics, 1992.
 G. S. Tanwar, G. Singh, and V. Gaur, “Secured encryption - concept and challenge,” International
Journal of Computer Application, vol. 2, May 2010.