Secure firmware validation and update for consumer devices in home networking
- 7 April 2016
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Consumer Electronics
- Vol. 62 (1), 39-44
- https://doi.org/10.1109/tce.2016.7448561
Abstract
Embedded systems are more than ever present in consumer electronics devices such as home routers, personal computers, smartphones, smartcards, various sensors to name a few. Firmware, which is embedded software specifically designed for monitoring and control in resource constrained conditions, was not a major attack target. However, recent serious cyber attacks focus on firmware rather than application or operating system levels, because exploiting the firmware level offers stealth capabilities, e.g., anti-virus software and operating system cannot reveal such a firmware level exploit. A firmware validation that ensures firmware integrity is thus required to detect firmware tempering attacks. A remote firmware update is also required for consumer devices connected to the Internet. In this paper, a secure firmware validation and update scheme is introduced for consumer devices in a home networking environment. The proposed scheme utilizes an IDbased mutual authentication and key derivation to securely distribute a firmware image. A firmware fragmentation with hash chaining is also applied to guarantee authenticity of the fragmented firmware image. Security analysis results are presented while considerations are discussed.Keywords
This publication has 9 references indexed in Scilit:
- Securing Mobile Ad Hoc Networks Using Enhanced Identity-Based CryptographyETRI Journal, 2015
- A Novel ID-Based Authentication and Key Exchange Protocol Resistant to Ephemeral-Secret-Leakage Attacks for Mobile DevicesInternational Journal of Distributed Sensor Networks, 2015
- Secure pseudonym-based near field communication protocol for the consumer internet of thingsIEEE Transactions on Consumer Electronics, 2015
- Automating Configuration System and Protocol for Next-Generation Home AppliancesETRI Journal, 2013
- Wireless sensor network and stochastic models for household power managementIEEE Transactions on Consumer Electronics, 2013
- On the security of an enhanced novel access control protocol for wireless sensor networksIEEE Transactions on Consumer Electronics, 2010
- PKG-VUL: Security Vulnerability Evaluation and Patch Framework for Package-Based SystemsETRI Journal, 2009
- A dynamic ID-based remote user authentication schemeIEEE Transactions on Consumer Electronics, 2004
- Efficient signature generation by smart cardsJournal of Cryptology, 1991