Secure and efficient firmware update for increasing IoT-enabled smart devices

  • PDF / 2,316,213 Bytes
  • 14 Pages / 595.276 x 790.866 pts Page_size
  • 98 Downloads / 190 Views

DOWNLOAD

REPORT


ORIGINAL RESEARCH

Secure and efficient firmware update for increasing IoT‑enabled smart devices Ching‑Hu Lu1   · Chi‑Hsien Liu2 · Zhi‑Hong Chen3 Received: 29 June 2019 / Accepted: 27 August 2020 © Springer-Verlag GmbH Germany, part of Springer Nature 2020

Abstract With the rapidly increasing number of Internet of Things (IoT) devices, various interconnected devices have become targets of growing cyberattacks. Keeping the firmware of an IoT device up-to-date is one feasible way to protect the device against cyberattacks. The existing approaches of firmware update (including distribution and validation) are not scalable in distribution to increasing numbers of devices, however, let alone able to provide reliable validation. To address the above issues, this study proposes a hybrid update scheme, including distributed membership-based firmware sharing for firmware distribution and smart-contract-enabled firmware validation via a blockchain (BC). This hybrid update approach leverages the advantages of a peer-to-peer network and a blockchain. Evaluation of the study has shown that the proposed distributed membership-based firmware sharing is more secure and scalable to an increasing number of devices. The proposed smartcontract-enabled firmware validation is more efficient than the firmware validation in existing studies since it can effectively reduce unwanted repeat validation via a smart contract in a blockchain. In addition, it can help make sure all members of an IoT-enabled service having the right firmware before providing the service to users. Such designs can improve service quality and also reduce as much human intervention to leverage the strengths of an IoT-enabled application or system. Keywords  IoT · Hybrid update scheme · Firmware distribution · Firmware validation · Blockchain · Peer-to-peer · Smart contract

1 Introduction

Electronic supplementary material  The online version of this article (https​://doi.org/10.1007/s1265​2-020-02492​-z) contains supplementary material, which is available to authorized users. * Ching‑Hu Lu [email protected] Chi‑Hsien Liu [email protected] Zhi‑Hong Chen [email protected] 1



Department of Electrical Engineering, National Taiwan University of Science and Technology (NTUST, or Taiwan Tech), Taipei 106, Taiwan, ROC

2



Gifu Enterprise Co., Ltd., Taichung City, Taiwan, ROC

3

Graduate Institute of Information and Computer Education, National Taiwan Normal University, Taipei, Taiwan, ROC



Interconnected and increasing smart devices with automatic or even autonomous ability can now assist with handling day-to-day tasks (Kwon et  al. 2016; Verma et  al. 2018; Zhang et al. 2018). For example, IoT-enabled edge cameras are now increasingly deployed for surveillance-related applications in communities. It is important to increase their essential security with upgradable features (Chen et al. 2017; Dorri et al. 2017b). However, any bugs in the firmware may divulge residents’ private information and lessen their security (Cynthia et al. 2019; Pournaghi et al. 2020). F