Paper 2017/991

Secure Code Updates for Smart Embedded Devices based on PUFs

Wei Feng, Yu Qin, Shijun Zhao, Ziwen Liu, Xiaobo Chu, and Dengguo Feng

Abstract

Code update is a very useful tool commonly used in low-end embedded devices to improve the existing functionalities or patch discovered bugs or vulnerabilities. If the update protocol itself is not secure, it will only bring new threats to embedded systems. Thus, a secure code update mechanism is required. However, existing solutions either rely on strong security assumptions, or result in considerable storage and computation consumption, which are not practical for resource-constrained embedded devices (e.g., in the context of Internet of Things). In this work, we propose to use intrinsic device characteristics (i.e., Physically Unclonable Functions or PUF) to design a practical and lightweight secure code update scheme. Our scheme can not only ensure the freshness, integrity, confidentiality and authenticity of code update, but also verify that the update is installed correctly on a specific device without any malicious software. Cloned or counterfeit devices can be excluded as the code update is bound to the unpredictable physical properties of underlying hardware. Legitimate devices in an untrustworthy software state can be restored by filling suspect memory with PUF-derived random numbers. After update installation, the initiator of the code update is able to obtain the verifiable software state from device, and the device can maintain a sustainable post-update secure check by enforcing a secure call sequence. To demonstrate the practicality and feasibility, we also implement the proposed scheme on a low-end MCU platform (TI MSP430) by using onboard SRAM and Flash resources.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Firmware UpdateSecure Code UpdatePhysically Unclonable Function (PUF)Remote AttestationEmbedded Security
Contact author(s)
vonwaist @ gmail com
History
2017-12-20: revised
2017-10-11: received
See all versions
Short URL
https://ia.cr/2017/991
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/991,
      author = {Wei Feng and Yu Qin and Shijun Zhao and Ziwen Liu and Xiaobo Chu and Dengguo Feng},
      title = {Secure Code Updates for Smart Embedded Devices based on {PUFs}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/991},
      year = {2017},
      url = {https://eprint.iacr.org/2017/991}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.