An Approach to Remote Update Embedded Systems in the Internet of Things
DOI:
https://doi.org/10.5753/jisa.2023.3078Abstract
There is a growing initiative on the part of regulatory bodies to employ control over firmware emissions destined for Internet of Things (IoT) devices. In this scenario, this paper presents a new approach, called SOTARU, which proposes the use of a consortium Blockchain among embedded system manufacturers as a way to allow access to the update history of devices from multiple manufacturers through a single infrastructure. The security and robustness of the proposal were evaluated with the help of the Common Open Research Emulator (CORE) distributed network emulator. As a result, it was found that SOTARU stands out in terms of security when compared to other approaches proposed in the literature, as well as being functional even in high latency scenarios.
Downloads
References
Ahrenholz, J., Danilov, C., Henderson, T. R., and Kim, J. H. (2008). CORE: A real-time network emulator. In MILCOM 2008 - 2008 IEEE Military Communications Conference. IEEE. DOI: 10.1109/milcom.2008.4753614.
Barker, E. B. and Dang, Q. H. (2015). Recommendation for key management part 3: Application-specific key management guidance. National Institute of Standards and Technology. DOI: 10.6028/nist.sp.800-57pt3r1.
Baza, M., Nabil, M., Lasla, N., Fidan, K., Mahmoud, M., and Abdallah, M. (2018). Blockchain-based firmware update scheme tailored for autonomous vehicles. DOI: 10.1109/WCNC.2019.8885769.
Bettayeb, M., Nasir, Q., and Talib, M. A. (2019). Firmware update attacks and security for IoT devices. In Proceedings of the ArabWIC 6th Annual International Conference Research Track on - ArabWIC 2019. ACM Press. DOI: 10.1145/3333165.3333169.
Choi, S. and Lee, J.-H. (2020). Blockchain-based distributed firmware update architecture for IoT devices. IEEE Access, 8:37518-37525. DOI: 10.1109/access.2020.2975920.
Dudewicz, E. J. and Meulen, E. C. V. D. (1981). Entropy-based tests of uniformity. Journal of the American Statistical Association, 76(376):967-974. DOI: 10.1080/01621459.1981.10477750.
INMETRO (2016). Vocabulário internacional de termos de metrologia legal : Portaria INMETRO n. 150 de 29 de março de 2016 / INMETRO. INMETRO. Available online [link].
Inmetro (2022). Regulamento Técnico Metrológico Consolidado para Bombas Medidoras de Combustíveis Líquidos: Portaria INMETRO n. 159 de 31 de Março de 2022. Diário Oficial da União, Brasília, DF, 64 edition. Available online [link].
Jones, M., Bradley, J., and Sakimura, N. (2015). JSON Web Signature (JWS). Number 7515 in Request for Comments. RFC Editor. DOI: 10.17487/RFC7515.
Lopez-Viana, R., Diaz, J., Diaz, V. H., and Martinez, J.-F. (2020). Continuous delivery of customized SaaS edge applications in highly distributed IoT systems. IEEE Internet of Things Journal, 7(10):10189-10199. DOI: 10.1109/jiot.2020.3009633.
Machado, R., Almeida, R. B., da Rosa, D. Y. L., Lopes, J. L. B., Pernas, A. M., and Yamin, A. C. (2017). EXEHDA-HM: A compositional approach to explore contextual information on hybrid models. Future Gener. Comput. Syst., 73:1-12. DOI: 10.1016/j.future.2017.03.005.
Mahesh, N. (2021). Azure network round-trip latency statistics. Available online [link].
Moran, B., Tschofenig, H., Brown, D., and Meriac, M. (2021). A Firmware Update Architecture for Internet of Things. Number 9019 in Request for Comments. RFC Editor. DOI: 10.17487/RFC9019.
Mtetwa, N. S., Tarwireyi, P., Sibeko, C. N., Abu-Mahfouz, A., and Adigun, M. (2022). Blockchain-based security model for LoRaWAN firmware updates. Journal of Sensor and Actuator Networks, 11(1):5. DOI: 10.3390/jsan11010005.
Peter, C. S., Oliveira, T., Monks, E. M., Motta, F. P., Barbosa, J. L. V., and Yamin, A. C. Y. (2021). iota: An approach to secure over-the-air updates on the internet of things scenario. In Anais do XXVII Simpósio Brasileiro de Sistemas Multimídia e Web, pages 173-176, Porto Alegre, RS, Brasil. SBC. DOI: 10.1145/3470482.3479630.
Tsaur, W.-J., Chang, J.-C., and Chen, C.-L. (2022). A highly secure IoT firmware update mechanism using blockchain. Sensors, 22(2):530. DOI: 10.3390/s22020530.
Wang, H., Zheng, Z., Xie, S., Dai, H. N., and Chen, X. (2018). Blockchain challenges and opportunities: a survey. International Journal of Web and Grid Services, 14(4):352. DOI: 10.1504/ijwgs.2018.10016848.
Wust, K. and Gervais, A. (2018). Do you need a blockchain? In 2018 Crypto Valley Conference on Blockchain Technology (CVCBT). IEEE. DOI: 10.1109/cvcbt.2018.00011.
Yohan, A. and Lo, N.-W. (2018). An over-the-blockchain firmware update framework for IoT devices. In 2018 IEEE Conference on Dependable and Secure Computing (DSC). IEEE. DOI: 10.1109/desec.2018.8625164.
Yokotani, T. and Sasaki, Y. (2016). Comparison with HTTP and MQTT on required network resources for IoT. In 2016 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC). IEEE. DOI: 10.1109/iccerec.2016.7814989.