Basic Search / Detailed Display

Author: 許祐晨
Yu-Cheng Hsu
Thesis Title: 基於區塊鏈技術的物聯網軟體更新框架
A Blockchain-based Software Update Framework for Internet of Things
Advisor: 羅乃維
Nai-Wei Lo
Committee: 吳宗成
Tzong-Chen Wu
Shi-Cho Cha
Degree: 碩士
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2020
Graduation Academic Year: 108
Language: 英文
Pages: 57
Keywords (in Chinese): 軟體更新區塊鏈MQTT
Keywords (in other languages): software update, blockchain technology, Message Queuing Telemetry Transport protocol
Reference times: Clicks: 58Downloads: 3
School Collection Retrieve National Library Collection Retrieve Error Report
  • 隨著數位轉型時代的到來,物聯網應用的蓬勃發展帶動了眾多周邊產業的興起,舉凡智慧家居、智慧城市、智慧醫療等。如何確保所使用的物聯網裝置是否安全,在實務上被寄予高度重視。過去幾年,針對軟體漏洞發生了幾起大規模的DDoS攻擊,並在短時間內造成嚴重傷害,因此,我們需要一套有效的軟體更新解決方案。



    With the debut of digital transformation epoch, the vigorous development of IoT applications has led to the rise of many peripheral industries like smart homes, smart cities, smart healthcare, etc. The practical issue of how to ensure the security of deployed IoT devices is highly valued. Over the past few years, several large-scale DDoS attacks have exploited software vulnerabilities on IoT devices, and cause severe damage in a short time. Therefore, an effective software update solution on IoT devices is in demand.

    In this thesis, a software update framework based on blockchain technology and MQTT protocol is proposed. It is suitable for scenarios that gateways are used to communicate externally and manage multiple IoT devices internally. MQTT servers are installed in corresponding blockchain nodes to support automatic real-time software update delivery. Blockchain technology is used to store software update release records by manufacturers so that users can use records to verify the source and integrity of received software updates. Other than that, smart contracts are adopted to store users' purchasing record, provide inquiries for users about MQTT servers and related keys, and provide subscription services for users about dedicated IoT devices, etc.

    A framework prototype is constructed and experiments are conducted. Based on the experimental results, the proposed framework can effectively and securely deliver software updates to targeted gateways in real-time scale. In addition, the results also show that the proposed framework combining existing blockchain and MQTT technologies may be a more efficient way for software updates than traditional solutions.

    摘要 I Abstract II 誌謝 III Table of Contents IV List of Figures VI List of Tables VII Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation and Contribution 3 Chapter 2 Preliminaries 6 2.1 Blockchain Technology 6 2.2 MQTT Protocol 7 2.3 ECDH Key Exchange Protocol 8 Chapter 3 Literature Review 10 3.1 Firmware and Software Update 10 3.2 Centralized OTA Software Update 11 3.3 Blockchain-based Software 11 3.4 MQTT-based Software Update 13 Chapter 4 Proposed Framework 15 4.1 Role and Architecture 15 4.2 Assumptions 17 4.3 IoT Device Purchase and Software Update Process 18 4.4 Smart Contracts in the Proposed Framework 20 4.5 MQTT Setup 23 4.6 Three-Phases Operation in the Proposed Framework 25 4.7 Blockchain Node Management 28 Chapter 5 Experiment and Analysis 35 5.1 Experimental Environment 35 5.2 Performance Analysis 36 5.3 Security Analysis 41 Chapter 6 Conclusion and Future Work 43

    [1] "Global IoT market will grow to 24.1 billion devices in 2030, generating $1.5 trillion annual revenue," Transforma Insights, 19 May. 2020. [Online]. Available: 2030. [Accessed 5 Jul. 2020].
    [2] "OWASP IoT Top 10 2018," Open Web Application Security Project, 2018. [Online]. Available: [Accessed 5 Jul. 2020].
    [3] "Inside the infamous Mirai IoT Botnet: A Retrospective Analysis," Cloudflare, 15 Dec. 2017. [Online]. Available: a-retrospective-analysis/. [Accessed 5 Jul. 2020].
    [4] "Botnets never Die, Satori REFUSES to Fade Away," Network Security Research Lab at 360, 15 Jun. 2018. [Online]. Available: satori-refuses-to-fade-away-en/. [Accessed 5 Jul. 2020].
    [5] "New VPNFilter malware targets at least 500K networking devices worldwide," Cisco Talos Intelligence Group, 23 May. 2018. [Online]. Available: [Accessed 5 Jul. 2020].
    [6] "Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?," Trustwave, 1 Aug. 2018. [Online]. Available: resources/blogs/spiderlabs-blog/mass-mikrotik-router-infection-first-wecryptojack- brazil-then-we-take-the-world/. [Accessed 5 Jul. 2020].
    [7] Juan Manuel Harán, "Campaña de criptojacking afecta a más de 200.000 routers MikroTik: Brasil el país más perjudicado," Welivesecurity, 3 Aug. 2018. [Online]. Available: afecta-mas-de-200-000-routers-mikrotik-brasil-el-pais-mas-afectado/. [Accessed 5 Jul. 2020].
    [8] S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System," Apr. 2008. [Online]. Available: [Accessed 5 Jul. 2020].
    [9] Cloud Native Computing Foundation, "etcd," GitHub repository, [Online]. Available: [Accessed 5 Jul. 2020].
    [10] "MQTT Version 5.0," OASIS Message Queuing Telemetry Transport (MQTT) TC, 7 Mar. 2019. [Online]. Available: pdf. [Accessed 5 Jul. 2020].
    [11] R. Hassan, K. Markantonakis and R.-N. Akram, "Can You Call the Software in Your Device be Firmware?," 2016 IEEE 13th International Conference on e-Business Engineering (ICEBE), pp. 188-195, 2016.
    [12] H. Tschofenig and S. Farrell, "Report from the Internet of Things Software Update (IoTSU) Workshop 2016," RFC 8240, 2017.
    [13] G. Jurkovic and V. Sruk, "Remote firmware update for constrained embedded systems," 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1019-1023, 2014.
    [14] S.-G. Hong, N.-S. Kim and T. Heo, "A smartphone connected software updating framework for IoT devices," 2015 International Symposium on Consumer Electronics (ISCE), pp. 1-2, 2015.
    [15] S. Dhakal, F. Jaafar and P. Zavarsky, "Private Blockchain Network for IoT Device Firmware Integrity Verification and Update," 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE), pp. 164-170, 2019.
    [16] M. Son and H. Kim, "Blockchain-based secure firmware management system in IoT environment," 2019 21st International Conference on Advanced Communication Technology (ICACT), pp. 142-146, 2019.
    [17] A. Pillai, M. Sindhu and K.-V. Lakshmy, "Securing Firmware in Internet of Things using Blockchain," 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS), pp. 329-334, 2019.
    [18] M.-N. Islam and S. Kundu, "Remote Configuration of Integrated Circuit Features and Firmware Management via Smart Contract," 2019 IEEE International Conference on Blockchain (Blockchain), pp. 325-331, 2019.
    [19] A. Yohan, N.-W. Lo and L.-P. Santoso, "Secure and Lightweight Firmware Update Framework for IoT Environment," 2019 IEEE 8th Global Conference on Consumer Electronics (GCCE), pp. 684-685, 2019.
    [20] S. Choi and J. Lee, "Blockchain-Based Distributed Firmware Update Architecture for IoT Devices," in IEEE Access, vol. 8, pp. 37518-37525, 2020. [21] N.-W. Lo and S.-H. Hsu, "A Secure IoT Firmware Update Framework Based on MQTT Protocol," 40th Anniversary International Conference on Information Systems Architecture and Technology, 2020.
    [22] Nick Lethaby, "A more secure and reliable OTA update architecture for IoT devices," Texas Instruments, 2018. [Online]. Available: 47 [Accessed 5 Jul. 2020].
    [23] "Xively platform APIs," Xively, [Online]. Available: [Accessed 5 Jul. 2020].
    [24] "Dr. Speed 測速軟體," Chunghwa Telecom, [Online]. Available: [Accessed 5 Jul. 2020].
    [25] Web3 Labs, "web3j-quorum," GitHub repository, 5 Jan. 2017. [Online]. Available: [Accessed 5 Jul. 2020].
    [26] "Arlo Introduces Next-Generation Pro Series With The All-New Pro 3 Security Camera System," Arlo, 23 Sep. 2019. [Online]. Available: about/press-releases/2019/ARLO-Pro3-Release.aspx. [Accessed 5 Jul. 2020].
    [27] "How do I update my Arlo firmware manually?," Arlo, 23 Sep. 2019. [Online]. Available: [Accessed 5 Jul. 2020].