A Modular End-to-End Framework for Secure Firmware Updates on Embedded
  Systems by Falas, Solon et al.
1A Modular End-to-End Framework for
Secure Firmware Updates on Embedded Systems
Solon Falas, Student Member, IEEE, Charalambos Konstantinou, Member, IEEE, and Maria K.
Michael, Member, IEEE
Abstract—Firmware refers to device read-only resident code
which includes microcode and macro-instruction -level routines.
For Internet-of-Things (IoT) devices without an operating system,
firmware includes all the necessary instructions on how such
embedded systems operate and communicate. Thus, firmware
updates are an essential part of device functionality. They provide
the ability to patch vulnerabilities, address operational issues, and
improve device reliability and performance during the lifetime of
the system. This process, however, is often exploited by attackers
in order to inject malicious firmware code into the embedded
device. In this paper, we present a framework for secure
firmware updates on embedded systems. The approach is based
on hardware primitives and cryptographic modules, and it can be
deployed in environments where communication channels might
be insecure. The implementation of the framework is flexible
as it can be adapted in regards to the IoT device’s available
hardware resources and constraints. Our security analysis shows
that our framework is resilient to a variety of attack vectors. The
experimental setup demonstrates the feasibility of the approach.
By implementing a variety of test cases on FPGA, we demonstrate
the adaptability and performance of the framework. Experiments
indicate that the update procedure for a 1183kB firmware image
could be achieved, in a secure manner, under 1.73 seconds.
Index Terms—Industrial internet of things, embedded systems,
firmware updates, hardware security, physical unclonable func-
tion.
I. INTRODUCTION
With the advancement of Internet-of-Things (IoT) technol-
ogy, more and more embedded devices (EDs) have perme-
ated our daily lives. Such devices allow physical objects to
become integrable with information. As a result, EDs are
increasingly interdependent and in many cases important to
our safety. For example, critical domains such as Industrial
Control Systems (ICS) are being integrated into Industrial
IoT (IIoT) embedded systems in order to augment traditional
control systems with wireless sensing services and provide
better automation through multiple sensors and measurement
points. This massive deployment of EDs in mission-critical
environments introduces security challenges. Such devices are
highly constrained in terms of performance and resources,
hence it is often infeasible to employ traditional security
techniques as those used in general-purpose computing sys-
tems. The number of incidents causing software failures, data
breaches, and even also physical damage is increasing. For
Solon Falas and Maria K. Michael are with the Dept. of Electrical and Com-
puter Engineering and KIOS Research and Innovation Centre of Excellence,
University of Cyprus (e-mail: falas.solon@ucy.ac.cy, mmichael@ucy.ac.cy)
Charalambos Konstantinou is with the Dept. of Electrical and Computer En-
gineering, FAMU-FSU College of Engineering and the Center for Advanced
Power Systems, Florida State University (e-mail: ckonstantinou@fsu.edu)
instance, malicious adversaries can compromise high-wattage
IoT devices to disrupt the power grid’s normal operation by
manipulating the total load demand [1].
A. Motivation
Firmware is commonly referred to as “the operating system
of an ED” [2]. It is the dedicated software residing in read-only
memory, a layer between software and bare-metal hardware. It
provides low-level control of the device. Firmware has to be
routinely updated in order to fix bugs, address performance
issues, and enhance the functionality of a device. Recent
surveys quantify that there are no significant security gains in
firmware security in recent years [3], [4]. Firmware continues
to be an enticing entry point for attackers. A lot of IoT
devices are often low-cost and produced in high volume.
Moreover, their development time is minimal. Therefore, se-
curity is typically considered of low priority in the production
pipeline. In addition, the process of securely updating the
firmware of EDs while minimizing system downtime, is still an
issue for many system administrators and manufacturers [5].
Mass production of devices manufactured in the IoT domain
may impair cybersecurity efforts. IoT firmware security is
typically not being addressed to the same level as that of
general purpose computers and BIOS security [6]. Lack of
proper security mechanisms during the firmware delivery and
update process may allow malicious adversaries to gain full
control of a device. Consequently, swarms of compromised
IoT devices of different functionality and purpose can launch
coordinated Denial-of-Service (DoS) attacks, e.g., Mirai botnet
[7]. Security can no longer be an afterthought.
Despite efforts of software-based security approaches, ma-
licious threats are growing. These threats exploit bugs in the
operating systems, user applications, and the software itself.
In order to address these challenges, our proposed framework
ensures firmware data integrity and confidentiality by lever-
aging: (1) hardware-based cryptographic primitives, and (2)
hardware-intrinsic characteristics, to perform authentication
procedures. Effective security solutions can benefit assistance
from the underlying hardware, avoiding storage of sensitive
information in non-volatile memories. Chip specific charac-
teristics act as “digital fingerprints” that pair each firmware
image to the correct IoT device recipient while the hardware
cryptocores handle the delivery of the encrypted firmware.
Our technique ensures that IoT devices, often exposed to
external threats, can have their firmware code securely updated
remotely. The cryptographic elements being used in this pro-
cedure include hash functions and encryption algorithms. The
ar
X
iv
:2
00
7.
09
07
1v
1 
 [c
s.C
R]
  1
7 J
ul 
20
20
2Fig. 1. Overview of proposed concept: the PPUF-enabled IoT device requests
a firmware update from the distribution server. The server replies with an
encrypted firmware package. A public PPUF model repository aids in key-
creation on both sides and enables the secure transmission of the firmware
image.
means of digital fingerprinting are demonstrated via Physical
Unclonable Functions (PUFs) [8]. The firmware updates for
IoT devices rely on hardware as a root-of-trust, thus avoiding
reliance on pre-stored software routines.
B. Contributions
The proposed framework is motivated towards low-end EDs,
especially IoT devices typically deployed in industrial settings
and critical infrastructures. These devices are often installed in
remote environments where physical access might be possible.
In this framework, we describe a secure protocol which
integrators (e.g., system designers, IoT infrastructure owners,
etc.) can utilize for remote firmware updates. We enhance our
preliminary work on leveraging hardware primitives to deliver
firmware updates [9], in order to provide an end-to-end secure
and modular framework, incorporating two-way authentication
handshakes, strong confidentiality guarantees, and protection
mechanisms against a variety of possible attacks. Our proposed
methodology provides significant advantages over existing
PUF-based techniques used primarily for authentication pur-
poses:
• We propose an end-to-end framework for secure firmware
updates on embedded systems. The framework does not re-
quire to store secret information in the device’s non-volatile
memory. It focuses on data confidentiality, integrity, and
authenticity, while providing mechanisms that ensure the de-
vice’s availability. The framework includes a fast and secure
firmware update delivery protocol that leverages hardware-
implemented cryptographic primitives to provide high levels
of security against a variety of attacks. Furthermore, it has the
ability to enroll new devices in hostile environments without
prior setup in a secure environment. The framework is also
flexible in terms on cryptographic component choice as such
components can be interchanged to meet different constraints
and requirements.
• The effects of manufacturing variability and the concept
of Public PUFs (PPUFs) are utilized for authentication pur-
poses. The PPUFs’ unique properties allow for device enroll-
ment without prior setup or onboard secrets, a unique feature
presented in this work. In addition, PPUFs are leveraged for
making the firmware update packages chip-specific. Therefore,
compromising a firmware update for a specific device will not
impact the security of same-model devices.
• The security of the approach is evaluated using STRIDE,
a well-known systematic threat modelling approach, showing
strong security guarantees against a variety of popular attack
vectors. The detailed design process describes the goals and
Secure Design Requirements (SDRs) set for maintaining high
performance and security while requiring minimal hardware
resources. STRIDE helps in effectively demonstrating how
each attack is thwarted by SDRs and clearly showing the
protection provided by the features that our protocol employs.
• We examine three indicative configurations, catering
to the diverse device-space of IoT. These configurations,
provide different trade-offs in terms of performance, hard-
ware resources required, and security level. Well documented
hardware-implemented security algorithms are employed in
the design of these configurations. The extensive experimental
setup evaluation takes into account these hardware config-
urations by using industrial off-the-shelf firmware binaries
in order to evaluate the feasibility and applicability of the
approach. The results show promising performance while
keeping significantly high levels of security.
An overview of the proposed concept and high-level system
architecture is presented in Fig. 1. The ED requesting the
firmware update and the Firmware Distribution Server (FDS),
containing the firmware updates, are two PPUF-enabled de-
vices. The Public PUF Model Repository (PPMR) contains
non-sensitive and publicly accessible PPUF models for both
devices. Using these models, the ED and FDS can challenge
each other’s PPUFs as an authentication procedure in the
process of establishing a secure communication channel be-
tween them. The proposed protocol enhances this procedure
with data encryption and integrity mechanisms in order to
realize a secure firmware update delivery from the FDS to
the requesting ED.
C. Paper Organization
The rest of the paper is organized as follows. The secu-
rity primitives considered in our framework are explained in
Section II. The proposed framework for securing firmware
updates in EDs is presented in Section III. The security of
the framework against several attack methods is analyzed in
Section IV. Our testbed and measurements are presented in
Section V. Results are compared to related work on PPUF-
based firmware update security in Section VI. Section VII
concludes the paper.
II. BACKGROUND
Our framework utilizes cryptographic routines implemented
in hardware including encryption algorithms and cryptographic
hash functions. It also uses the concept of PPUF, and its input-
output behavior due to the random variations of the manufac-
turing process, as a hardware root-of-trust for authentication.
PPUFs are a type of PUFs that doesn’t rely on the secrecy of
their internal IC characteristics. They are designed to be fast-
to-execute and slow-to-simulate systems [10]. In this work,
we employ the differential PPUF (dPPUF) as the PPUF for
our framework. dPPUFs do not require accurate timing and
triggering mechanisms due to a layer of arbiters present
3FF1 FF2 FF64 FF1 FF2 FF64
Interstage Network Interstage Network
Interstage Network Interstage Network
Interstage Network Interstage Network
...
...
...
...
...
...
... ...
ARB1 ARB2 ARB64 ...
Interstage Network Interstage Network
... ...
Interstage Network Interstage Network
CLK
r
b
h
Fig. 2. The differential Public PUF (dPPUF) is a series of booster and
represser layers creating two identical structures (left part and right part).
The two sides, however, are different in inherent delays (inertial, propagation,
switching, etc.) due to manufacturing variability. The final arbiter layer
captures the fastest propagating signals and creates the appropriate unique
PUF response [11].
as the last layer of gates before the dPPUF’s output. The
exact architecture of the dPPUF in our methodology can be
seen in Fig. 2. A 256-bit version of the dPPUF is adopted
from [11]. Since PUFs exhibit inherent noise, their responses
require some kind of error correction mechanisms to stabilize
them. Error correction codes, special PUF designs, and other
approaches have been proposed [12] to address this issue.
In this work, without any loss of generality, we consider a
BoseChaudhuriHocquenghem (BCH)-based code-offset fuzzy
extractor as an effective PUF error correction mechanism [13].
The gate-level characterization1 of the dPPUF is performed
by the manufacturer. The resulting IC characteristics are
used to form a software model, which is stored in a public
repository. This software model acts as the “public part” of our
update protocol, enabling faster key-sharing between the com-
municating parties while rendering key recreation infeasible
due to the extreme simulation requirements. Since the public
software model repository and firmware update distribution
servers are owned by the device manufacturer, we assume
that their contents are legitimate and intact. The use of PPUF
leverages this kind of setup to avoid the need for third-party
authenticators. Beyond the hardware characterization phase of
the PPUF, no enrollment procedure is required. Therefore, the
firmware manufacturer can package and send an update to
a device without having to pre-install sensitive data in the
device’s memory or pre-share keys in a safe environment
before device deployment.
An input to the PPUF’s model, i.e., a challenge, produces
an output bit-string, i.e., the response. The challenge and its
corresponding response are also referred to as a Challenge-
1Gate-level characterization is the process of characterizing each gate of
an IC in terms of its physical properties using lasers, micro-probing, and
simulations [14]. Typical characteristics measured include gate width and
length, and properties such as leakage power and switching power.
Response Pair (CRP). This procedure can be completed
relatively fast on dedicated PPUF hardware and the soft-
ware model. However, the opposite procedure, deriving which
challenge created a particular response, is a computationally
intensive task. Thus, the actual PPUF circuit owner can utilize
the hardware to complete this task in a much shorter time
than any kind of model simulation. The gap created between
the simulating party and the actual PPUF owner trying to
derive which challenge creates a known response is known
as the Execution-Simulation Gap (ESG). Due to ESG, the
PPUF model can be stored publicly without any security
implications. This timing difference in conjunction with the
unclonable nature of PUFs serves as our authentication pillar.
The ESG can be manipulated to give as much advantage to the
PPUF owner over the simulating party as needed. Key width,
number of challenges that need to be calculated, and search
space size are all factors that if increased, the gap will also
increase.
The ESG property gives the opportunity to openly share
metadata which can only be utilized by a specified IoT device
recipient. The recipient is the only one who can effectively
utilize the metadata in order to recreate the necessary keys
for establishing a secure communication channel. Timing con-
straints and thresholds, implemented throughout the protocol,
assist each party to make sure that it is communicating with
the correct machine and block unauthorized access.
III. PROPOSED FRAMEWORK
In this section, we provide the details of the proposed
framework. The key concept is to construct a firmware update
package containing the encrypted firmware image as well
as metadata that the manufacturer provides. This informa-
tion allows the ED to securely authenticate and decrypt the
firmware image. Specifically, we leverage the properties of
cryptographic primitives (including encryption modules, hash
algorithms, and PPUF) in a series of steps to create a firmware
update protocol that ensures secure transmission of firmware
packages from providers to device.
A. Secure Design Requirements
The protocol needs to ensure that the device-specific
firmware image can reach the appropriate embedded sys-
tem while being protected by malicious interference during
transmission assuming an insecure communication channel.
Therefore, the protocol design requires guarantees to provide
firmware image integrity, while the update process should
not leak any useful to the attacker information during data
transmission. Also, in case a firmware package gets inter-
cepted, it must prevent any unauthorized party from accessing
its contents. In the event of a corrupted package, the device
should also be able to detect it. Finally, in the event that a
firmware update fails to complete multiple times (either due
to malfunction or malicious interference), a mechanism must
detect it in order to prevent the issue from escalating to on-
board firmware corruption or service disruption.
In order to achieve these objectives, the framework is de-
signed using the Secure Design Requirements (SDRs) below:
4Fig. 3. The proposed framework supports a communication protocol: an elaborate request-response handshake that provides security and modularity. The
ED utilizes the software models stored on the Public PPUF Model Repository (PPMR) to request a firmware update from the Firmware Distribution Server
(FDS). In response, the FDS encrypts and forwards a firmware package to the device with the help of the PPMR.
SDR1 – Monotonic Sequence Numbers: The timestamps in
our firmware update protocol contain monotonically increasing
sequence numbers, e.g., Coordinated Universal Time (UTC)
timestamps such as unix epoch. The device utilizes such
sequence numbers to accept only firmware packages that
are accompanied by newer timestamps than the one already
installed. These sequence numbers can be used in conjunction
with the firmware image revision or version, to protect the
device against firmware roll-back attacks.
SDR2 – Vendor-Device -type Identifiers: Devices must be
able to accept only firmware packages intended for them
based on matching identifiers. The firmware package includes,
besides the image, data that allows the device to “identify”
the vendor, model, hardware revision, software revision, etc.
A large enough PPUF allows for no-collision device-specific
keys, hence making each firmware package chip-specific. This
alleviates the need for product details such as serial numbers
and MAC addresses, consequently minimizing the impact on
firmware payload overhead.
SDR3 – Best-Before Timestamps: Firmware must have an
end-of-life date in order to avoid deprecated updates on
devices that have been offline for some time. Updating a device
to a firmware version that is not the latest, leaves the device
prone to non-zero day vulnerabilities [15]. Devices can check
with current UTC epoch timestamp whether the firmware is
within its expected lifetime period or not, and reject firmware
packages that have a best-before time smaller than the current
time.
SDR4 – Signed Payload: Firmware packages must be digi-
tally signed to: (1) verify the source of the incoming package,
and (2) ensure data integrity. Signing a firmware package
correctly means that the firmware provider sends proper iden-
tifying evidence to the receiver and enables corruption checks
to the message.
SDR5 – Cryptographic Authenticity: The encrypted
firmware image, as well as all other parts of the package,
must have a demonstrable way of proving their authenticity
in order to protect the device from modification attacks. A
cryptographic hash function digest utilized as a checksum
ensures the data integrity of the firmware package.
SDR6 – Firmware Encryption: The firmware image within
the package must be encrypted. This step prevents attack-
ers from getting access to its contents. Without access, the
attackers cannot reverse engineer the firmware and uncover
system functionality, identify possible exploitable backdoors
or zero-day exploits, or simply modify the firmware in order to
damage or control the ED. The proposed protocol incorporates
encryption algorithms implemented in hardware that protect
from unauthorized access to the firmware image.
SDR7 – Embedded Device Availability: The embedded
device must be available for legitimate users and detect
malicious interference that might hamper its usability. An
attacker may try to overload a device with firmware update
requests in order to make it inaccessible. The device must be
able to differentiate between legitimate and malicious firmware
update activity. The protocol includes the security precautions
required to protect the ED’s operation from unauthorized
disruption and attacker-enforced downtime.
B. Firmware Update Protocol Design
The steps of the proposed protocol can be seen in Fig.
3. The firmware update protocol is divided into three main
procedures: i) the ED requests a firmware update from the FDS
with the help of the PPMR for creating the key (steps 1-2 in
Fig. 3), ii) the FDS prepares an encrypted package containing
the firmware image and metadata that only the PPUF-enabled
device can utilize (steps 3-4 in Fig. 3), and iii) the device
verifies the validity and originality of the firmware package’s
contents and then proceeds to decrypt and apply the new image
(step 5 in Fig. 3). The FDS is a server containing the firmware
updates for the EDs while PPMR is a publicly accessible entity
that holds the software model of every PPUF participating in
the communication.
The client is responsible for initiating the firmware update
process for several reasons: (1) this is common practice among
Over-The-Air (OTA) update policies which are prevalent in
5the mobile computing and IoT areas [16], [17], (2) avoid
service disruption at inconvenient times as well as evade
possible catastrophic results in industrial processes that might
be sensitive to slight process deviations, and (3) avoid having
the server broadcasting firmware packages to the candidate
devices which can overload and increase the bandwidth re-
quirements of a network.
i) Embedded Device Firmware Update Request: In step (1),
the ED requesting a firmware update will first pick a random
element (I1) from a very large set of numbers S, using it as
one of the encryption keys. Using S0 + n, we can compactly
represent the set S, where S0 is the initial number of the set
and n represents the offset. This set of numbers can be as
large as the system integrator’s constraints in order to favor
security requirements (by choosing a very large set) or faster
firmware updates (smaller set). We use S as an indicator to
narrow down the search space for a valid challenge-response
pair since the 2256 combinations of possible challenges would
be extraordinarily slow. Then, the element chosen I1, is hashed
(H(I1)) and sent to the PPMR as a challenge to the FDS PPUF
model. In step (2), the PPMR using the H(I1), challenges
the FDS’ PPUF model to create the response O1. In order to
proceed to step (3), the response O1 is sent to the FDS along
with an encrypted (Timestamp)I1 . The Timestamp is used
in order to satisfy SDR1, and the compact representation of
the set S, S0 + n.
The random element I1 chosen to be the PPUF model
challenge is hashed in order not to leak information to an
attacker. Even if an attacker has access to the hashed challenge
and the plaintext response of the PPMR, it is infeasible to get
hold of I1 due to the non-reversible nature of cryptographic
hash functions. The only way to uncover the origins of H(I1)
is to iterate throughout every element Ii in set S, hash it, and
send it to the correct PPMR model until Oi = O1. This brute
force approach demonstrates that I1 can be used as a key to
encrypt the timestamp since it is infeasible to complete this
procedure during simulation.
ii) Encrypted Firmware Package Preparation: In step (3),
the FDS receives [O1, S0 + n, (Timestamp)I1 ] and uses its
own PPUF to determine which I1 ∈ S, when hashed, produces
O1, i.e., it calculates I1. Once this is completed, the FDS
proceeds to decrypt the (Timestamp)I1 using I1 and creates a
temporary Session Key (SK), by using bitwise XOR between
I1 and the Timestamp. The FDS then uses the SK to encrypt
a concatenation of the firmware image (FI) with the firmware
version code (FV ), which includes best-before timestamps,
vendor and device-type identifiers, and software revision code.
As per SDR6, the FI needs to be encrypted when transmitted.
The encrypted FI is accompanied by the aforementioned
metadata in order to satisfy the need for protection against
rollback attacks and avoid ED mismatches, as per SDR2 and
SDR3. Consequently, the FDS selects a random element I2
from S and sends its hash, H(I2), to the PPMR as a challenge
to the ED PPUF model, which in turn will provide the appro-
priate response O2 (step (4)). At the same time, the FDS uses
I2 to re-encrypt (FI||FV )SK to obtain ((FI||FV )SK)I2 .
Finally, the server sends the complete firmware package to the
ED, containing the firmware image as well as the necessary
metadata alongside the response O2 obtained from the PPMR.
The process to determine Ii is performed completely on
hardware. It is considerably faster than a simulating attacker
due to the ESG. The firmware image is encrypted twice, a
process often called signcryption, in order to: (1) ensure that
only the device requesting the firmware is able to decrypt it
correctly and in a reasonable time by using its PPUF’s model,
and (2) for the ED to verify the firmware’s origins. The ED
can ensure that the firmware comes from the authenticated
source because only the FDS is able to decrypt the firmware
update request and recreate the SK on its end during the
set timeframe. This method satisfies both SDR4 and SDR5
since the firmware is digitally signed providing proof of its
authenticity. The process ensures that every firmware update
package delivered to each device is encrypted in a way that
only the indented device can decrypt it. By having chip-
specific firmware update packages we gain significant security
advantages. For example, an attacker might attempt to get
access to a firmware package by creating clone devices in
order to trick the FDS into creating a firmware package
[18]. However, due to the uniqueness of the PPUF any other
device, even cloned ones, cannot decrypt the firmware package
correctly and in a feasible manner. Also, this prevents an
attacker from forwarding a firmware package to a different
device. Chip-specific encryption provides to the integrator the
ability not to rely on forgeable data such as serial numbers or
MAC addresses for device identification.
iii) Firmware Update Verification and Unpacking: Finally,
the ED receives the encrypted firmware package (FP ) as
part of step (5). It then utilizes its PPUF to determine I2
by iterating among all possible H(I2) within the set S in
order to find a matching response to O2. I2 is utilized as
the key to remove the first layer of encryption. The second
pass of decryption needs SK as the decryption key. Since
the ED already knows I1 and the Timestamp, it can create
the SK on its end by using bitwise XOR between the two.
The second decryption procedure reveals the firmware image,
version and other identifiers included in the package. These
identifiers are utilized, as suggested by SDR2 and SDR3, to
confirm the firmware image’s compatibility with the ED and
check the accompanying timestamps. If any of the above steps
ends up in a signature or key mismatch, it is considered as a
failed firmware update attempt and the firmware package’s
data is discarded. If such events happen repeatedly in a short
period of time, the device triggers a cooldown period that
disables firmware updates. Until action is taken by the system
administrator, the firmware updates stay disabled and the
device continues its normal operation, which satisfies SDR7.
C. Framework Features and Characteristics
i) Modularity and Flexibility: Cryptographic primitives can
widely vary in terms of the provided security level and
throughput. In our case, all of them are implemented on
hardware, thus area and performance need to be taken into
consideration. The firmware update protocol in our framework
is designed with modularity in mind; to allow the integrator to
select the cryptographic primitives between different variants
6and types, i.e., encryption/decryption functions, hashing algo-
rithms, and propagation delay-based PPUF. The framework
allows for customization of the proposed solution by taking
into consideration the system’s constraints and requirements.
This is possible because the firmware update protocol does not
rely on certain cryptographic implementations but rather on
their functionality. As a result, hardware-implemented security
primitives with the same functionality can be interchanged
according to the implementation requirements of each deploy-
ment scenario.
ii) Interoperability and Compatibility: The proposed update
procedure is agnostic to how firmware images are distributed.
Firmware images can be delivered to EDs in a variety of ways,
over wired or wireless network protocols. The update mecha-
nism can be adapted to work in any specific case since it can
work in conjunction with any data transmission mechanism or
protocol. Adding to the compatibility of the approach is the
fact that this mechanism can be used for broadcast deliveries
of firmware, which is an important aspect of firmware update
mechanisms for IoT [17]. The same firmware package can be
aimed at a multitude of devices while making sure that only
compatible devices accept them since the package is chip-
specific. These characteristics make the proposed firmware
update protocol appealing to cases that involve large-scale
deployments of EDs.
IV. SECURITY ANALYSIS
To validate the SDRs set in Section III-A and implemented
into the proposed protocol of Section III-B, first we describe
the threat model to highlight the attacker’s capabilities. Then,
we analyze the proposed firmware update protocol for various
threats to examine how these attacks are thwarted by design.
A. Threat Model
In this paper, we consider the Dolev-Yao threat model
where any communication channel between two parties is
considered insecure. The Dolev-Yao adversary is capable of
injecting, eavesdropping, modifying, and blocking messages
on the communication network. Furthermore, we assume that
the adversary is capable of compromising the participants, i.e.,
IoT ED, PPMR, and FDS, gaining full control of them for
the entire update procedure. Specifically, we assume that the
malicious adversary can obtain any data stored in non-volatile
memories of the devices. Also, the adversary can access the
PPMR and ping the domain for info, e.g., send a challenge for
a certain PPUF and get the corresponding simulated response.
It must be noted that this process will always be significantly
slower than performing this procedure directly on hardware
(ESG). However, the adversary cannot mount implementation
attacks2 against the devices, cannot reverse engineer the PUFs
nor obtain intermediate variables stored in flip-flops or on-
device volatile memory such as caches, RAM, and other
temporary registers. Device-level countermeasures for these
2Implementation attacks include side-channel and fault analysis attacks,
probing attacks, hardware reverse engineering and any combinations of them
[19]. They are preventable through hardware intrusion detection and fault
detection mechanisms as well as anti-radiation coating.
attacks is beyond the scope of this paper. The main goal of the
attacker in our scenario is to get hold of the firmware binary
plaintext. This allows the attacker to uncover functionality
about the embedded device that may help in other types of
attacks. It also gives the opportunity to create “trojan-ed”
firmware code by injecting malicious routines or backdoors in
the binary and then tricking the device into accepting it as a
legitimate one. In terms of computing capabilities, the PPMR
and FDS are high-performance computing units capable of
handling strenuous tasks. The attacker has access to similar
hardware and comparable computational capabilities.
B. Security Evaluation
The firmware update process must be secured from rollback
and impersonation attacks. Specifically, the ED should not be
able to install obsolete firmware with known vulnerabilities.
Impersonation attacks (masquerade, man-in-the-middle, spoof-
ing) must also be addressed since the attacker can redirect
traffic and inject malicious data into the insecure channel.
The security objectives of the proposed protocol include: (1)
ensuring the confidentiality of the firmware image, (2) making
the ED able to authenticate its source, and (3) guaranteeing
data integrity.
We perform threat modeling and evaluation using the
STRIDE approach [20], [21]. STRIDE is an acronym for
Spoofing, Tampering, Repudiation, Information Disclosure,
Denial of Service, and Elevation of Privilege. Our choice is
motivated by: (1) STRIDE’s systematic approach revealing
threats in each system component, (2) taking into consideration
all the required security properties such as authentication,
authorization, confidentiality, integrity and non-repudiation,
and (3) the fact that STRIDE provides a clear view of the
consequences of each component’s vulnerabilities and how
they affect the whole system. We evaluate the security of
the proposed framework against the following threats by
examining our SDRs and how they act as countermeasures.
Rollback Firmware (Escalation of Privilege): An attacker
sends a firmware of previous version. The firmware package,
despite being valid, can re-introduce vulnerabilities fixed in
newer firmware versions, aiming to take control over the
device. In the proposed protocol, this is prevented by using
timestamps (SDR1); if the installed firmware’s timestamp is
newer than the firmware update presented to the device, the
device will reject the update.
Mismatched Firmware (Denial of Service): An attacker
sends an unmodified firmware image but for the wrong type
and model of device in order to “brick” it. That firmware
package is signed correctly by the manufacturer. In case the
device mistakenly accepts the update, it could cause hardware
malfunctions, expose security vulnerabilities, or even render
the device totally inoperable. However, our protocol ensures
that the firmware image is accompanied by several device-type
identifiers and it is encrypted in a chip-specific way (SDR2).
Thus, the ED will reject ineligible firmware packages.
Obsolete Firmware Update (Spoofing): This attack is
specifically aimed at EDs that were either offline for a period
of time before coming back online or EDs that were neglected
7and not updated for some time. An attacker targets a device
like these and tries to update the device with an obsolete
firmware image, newer than the one currently installed but
not the latest released firmware version. If there is a known
vulnerability in the provided firmware, it may allow an attacker
to gain control over the device. Such attacks are prevented
due to the best-before timestamps in the firmware package’s
metadata (SDR3). The device rejects firmware packages that
have a best-before time smaller than the current Unix time.
Redirection (Denial of Service/Spoofing): An attacker
redirects network traffic and aims to impersonate FDS. This
may allow the attacker to update a device with a compromised-
modified version of the firmware image. The firmware update
procedure starts with an encrypted request sent from the ED to
the FDS. To decrypt the request, gain access to the timestamp,
and create the correct temporary session key in a reasonable
time, the attacker has to be in possession of the FDS’ actual
PPUF due to the hardware uniqueness. Trying to break the
protocol using brute force approaches means simulating all
possible CRPs of the PPUF. This can take from days to years,
depending on the integrator’s design choices. However, the
device is configured to have a deadline for accepting updates
after the update request has been sent. Therefore, even if the
attacker manages to acquire the unique-per-session key, his/her
response cannot be in time to be accepted as a valid firmware
(SDR1 and SDR3). In case the adversary constructs a firmware
package aiming to launch a guessing attack, SDR4 guarantees
that every firmware package is signed with the temporary
session key so that the device can verify its source.
Unauthenticated Updates (All STRIDE threats): An
attacker tries to install a maliciously modified firmware on a
device, through payload or metadata manipulation, to gain con-
trol of the device. Data manipulation of the firmware package
during its transmission through the insecure channel alters the
hash digest created by the recipient ED. The mismatching hash
digests trigger a firmware update rejection due to corrupted
data (SDR5 and SDR7) and prevent unauthenticated updates.
Reverse Engineering of Firmware Image (All STRIDE
threats): An attacker intercepts the firmware package during
its transmission over the insecure channel. To prepare an
attack, the firmware package is decomposed, decrypted and an-
alyzed, allowing the attacker to perform reverse engineering of
the firmware image in order to exploit possible vulnerabilities
or introduce new modified subroutines. The firmware package
includes an encrypted version of the image, with the key being
created by the hardware of the recipient ED, thus preventing
reverse engineering (SDR6).
V. EXPERIMENTAL SETUP AND RESULTS
The experimental setup used to validate and evaluate the
effectiveness of our proposed methodology is shown in Fig.
4. A Xilinx Kintex7 FPGA emulates the PPUF-enabled ED
while a connected computer acts as both the PPMR and FDS.
The computer is a 64− bit machine with 3.2GHz Intel Core
i5 − 4460 quad-core processor, with 8GB RAM, running on
Windows 10 and connects to the FPGA through a dedicated se-
rial port. The FPGA initiates a firmware update request, while
Fig. 4. Experimental/evaluation setup. The hardware-implemented security
primitives are developed on a FPGA in order to emulate a PPUF-enabled
device. The servers and firmware packaging procedure are carried out on a
computer which is connected to the FPGA through a serial cable.
the computer provides responses from the PPMR, packages the
firmware image and sends it to the FPGA through the serial
port. The FPGA, then, decrypts and validates the firmware.
During this procedure, the FPGA logs and reports the elapsed
time back to the computer.
We use Python’s library pycryptodome to implement the
software for encryption and hashing on the computer’s side.
The simulation model of the dPPUF, present in the PPMR,
is developed in C++ for demonstration purposes. The serial
cable, connecting the computer and the FPGA, uses a 115200
baud rate, 8 data bits, no parity, 1 stop bit and no flow
control. The firmware update request contains 20 bits for the
compact representation of the set S, 128 bits for the encrypted
timestamp and 256 bits for the response O1. The additional
metadata accompanying the encrypted firmware image, the
computer sends to the FPGA, amount to 256 and 10 bits for
the response O2 and firmware version code FV , respectively.
Both firmware update request and (FI||FV ) are accompanied
by a 256−bit or 512−bit hash digest, depending on the hash
functions used (SHA-256 or SHA-3), utilized as a checksum
value.
In order to emulate manufacturing variation on the dPPUF’s
design, we randomize each gate’s switching delays on the
FPGA (shown in Fig. 2). The design consists of multiple
alternating layers of boosters (2-input XOR gates) and re-
pressers (NAND-based circuit), using the default configuration
suggested in [11]. However, we increase the width of the
dPPUF from 64 bits to 256 in order to enhance the simulation
complexity, hence providing better security guarantees. To
validate the entropy of the design, we conduct test runs
of the CRP functionality of the dPPUF using 10k input
vectors. Using the Strict Avalanche Criterion (SAC), i.e., the
probability that an output bit will switch for inputs of hamming
distances 1, we test the randomness of the output and its ability
to be correlated to the input. The results show that the design is
adequately random, as suggested in [11], showing an average
switching probability of 0.3425. The set S, which the protocol
requires as a seed of random keys, is set to a range of 106.
The FPGA emulates the dPPUF-enabled device in order
to better represent a real scenario. In order to achieve this,
both dPPUF and the corresponding security primitives are
implemented on hardware using VHDL. The FPGA clocks
at 100MHz across all components to represent a resource-
8TABLE I
HARDWARE RESOURCES REQUIRED
BY COMPONENTS IMPLEMENTED ON THE FPGA
Components LUT (#) FF (#)
dPPUF 766 275
SIMON 275 201
SHA-256 1330 753
Twofish 1272 690
AES-GCM 2671 1568
SHA-3 (Keccak) 2605 2244
TABLE II
EMBEDDED DEVICE CONFIGURATIONS
AND TOTAL RESOURCE REQUIREMENTS
Configurations PPUF Encryption Hashing Total ResourcesLUT (#) FF (#)
Lightweight
dPPUF
SIMON SHA-256 2366 1210Midweight Twofish 3313 1699
Heavyweight AES-GCM SHA-3 5894 4068
constrained device found in IoT environments. Using this
configuration, we can accurately monitor the overhead and
performance of the unpacking process in order to demonstrate
the viability of our proposed methodology. The hardware-
implemented cryptographic components used are presented in
Table I alongside their requirements in hardware resources
of the FPGA. We utilize a 256-bit dPPUF, two different
cryptographic hash functions, and three different encryp-
tion/decryption modules. Specifically, we choose SHA-256
and SHA-3 (512-bit version) as the hash functions to be tested.
For encryption/decryption, SIMON (64-bit block size and
128-bit key), Twofish (128-bit) and AES-GCM (128-bit) are
chosen. This selection of primitives provides a comprehensive
view on how state-of-the-art cryptographic functions of differ-
ent security capabilities, performance and area requirements
can be integrated into the proposed framework.
To present the flexibility and modularity of our design, we
utilize three different use cases representing different EDs.
The cases’ names reflect their relative hardware resources
utilization, hence the names Lightweight, Midweight, and
Heavyweight. These scenarios showcase three dPPUF-enabled
devices, unique in constraints and requirements in terms of
security guarantees and resource utilization. The range from
Lightweight to Heavyweight indicates the trade-off between re-
sources and performance plus security level. The Lightweight
case is the least expensive in hardware resources and also
lowest in performance and security. On the contrary, the
Heavyweight case is the fastest and most secure configuration
with the largest hardware overhead. These configurations are
created with existing IoT devices in mind. For example, the
Lightweight configuration can be used in ultra-low power
devices such as battery-operated smart sensors. The Midweight
configuration is suitable for more capable IoT devices such
as microprocessor-enabled smart appliances (e.g., smart WiFi
light bulbs), while the Heavyweight configuration is designed
for more heavy-duty devices such as PLCs. Table II shows the
hardware utilization by Xilinx Vivado Design Suite 2019.2
after the default optimizations occur (hence the disparity
between Table I and Table II). The plug-and-play functionality
TABLE III
TIME TO COMPLETE THE UPDATE PROCEDURE IN SECONDS
Configuration/
Firmware Image
Sercos III
233kB
Zelio Logic
323kB
Modicon
1183kB
Lightweight 0.3407 0.4722 1.7296
Midweight 0.3356 0.4653 1.7041
Heavyweight 0.3338 0.4627 1.6946
TABLE IV
COMPARISON WITH RELATED AUTHENTICATION PROTOCOLS
Method Area Overhead PerformanceLUT (#) FF (#)
Aysu et al. [22] 3543 1275 0.061 sec
Lightweight 2366 1210 0.064 sec
Che et al. [23] 6038 1724 1.25 sec
Heavyweight 5894 4068 0.015 sec
of the framework enables the easy evaluation of different
combinations. The presented components and modules are
indicative and do not restrict the device integrator’s selection
if the components are of similar functionality.
In addition to the different component configurations, we
utilize three commercial firmware files (acquired from the ven-
dors’ websites) for testing our framework. We selected images
for constrained embedded systems deployed in environments
such as ICS and IIoT: these include a Sercos III field bus
interface module, a Zelio Logic SR2/SR3 smart relay, and
a Modicon M258 logic controller. We match these firmware
images with all the hardware configurations to evaluate the
performance of the framework and examine the impact of
hardware selection on the overall performance of the device
during the firmware update procedure. Table III shows the
results of these experiments. The updating procedure, de-
pending on the firmware size, can take between 0.3 to 1.72
seconds. The performance of the proposed approach provides
significant improvements over traditional updating procedures
that, in some cases, can take hours to complete [5]. Observing
these configurations and their respective times to complete
the updating procedure, we can conclude that performance
is relative to resource usage, e.g., the Heavyweight config-
uration outperforms the less resource-heavy configurations.
Also, the most demanding, in resources, cryptomodules (AES-
GCM, SHA-3) provide the best security guarantees among the
implemented encryption and hash functions.
VI. RELATED WORK
IoT manufacturers often provide the firmware images re-
quired for device operation online via their website. It has been
shown that web crawlers can search and automatically acquire
images of industrial equipment available in the market [24].
Firmware images can also be acquired through physical access,
by forcing memory dumps of on-board memory modules
[25]. Access to firmware files and code can reveal device
functionality. Firmware modification can have severe repercus-
sions on the system operation, thus firmware is typically an
alluring target for malicious actors. The severity of firmware
9attacks, specifically for the ICS and IIoT domain, has been
shown in literature for devices such as programmable logic
controllers and protection relays [2], [26]. Attacks have also
been targeting other generic EDs such as printers, cameras, and
network switches [24], [27]. The need for firmware security
measures is now more urgent than ever.
To the best of our knowledge, there are no reports in
literature leveraging PPUF-based end-to-end encryption to im-
plement secure authentication protocols for firmware updates.
In contrast to the existing techniques, our PPUF-based frame-
work preserves firmware integrity and provides security from
various threats (as discussed in Section IV-B), not considered
by existing techniques. Our flexible framework demonstrates
the ability to be reconfigured in terms of hardware components
while also giving the ability to EDs to be deployed in-field
without any secure enrollment phase or hardcoded secrets
within the ED’s non-volatile memory.
Similar approaches, utilizing different PUFs and other
cryptographic primitives implemented in hardware, are only
authentication-oriented protocols, such as [22], [23]. We
present a comparison between the aforementioned method-
ologies with our approach in Table IV. In order to perform
a meaningful comparison with respect to performance, we
isolate the authentication part of our framework. We assume
that the authentication procedure takes place from step (1)
to step (5), excluding the firmware image’s encryption and
decryption procedures. Observe that the overhead hardware
of our Lightweight and Heavyweight configuration reported in
Table IV includes the LUT and FF for encryption/decryption.
Our framework’s flexibility to consider different configurations
allows for comparison with both of the aforementioned related
works.
In [22], the authors utilize a combination of components
similar to our Lightweight setup, including the SIMON en-
cryption core. However, their methodology does not take data
integrity into account, therefore it does not utilize any hash
functions. As shown in Table IV, our framework performs
as well as the one proposed by the authors. However, our
implementation requires much fewer resources on the FPGA,
even though the PUF used by [22] is an SRAM PUF, a much
less resource-heavy component than the dPPUF. In [23], the
authors demonstrate an authentication protocol that provides
confidentiality and mutual authentication, without addressing
data integrity issues, by utilizing a hardware-embedded path
delay (HELP) PUF. The PUF derives randomness from path
delay variance within a hardware implementation of AES. The
work shows comparable resource usage to our Heavyweight
configuration by requiring almost the same amount of LUTs
but significantly fewer FFs. Our implementation, however, per-
forms better than the mechanism proposed by [23] by requiring
orders of magnitude less time to complete the authentication
procedure.
Other related, authentication-oriented works, such as [28]–
[31], cannot be compared directly to our work due to the lack
of adequate quantitative data. In addition, such approaches
have fundamental differences with our proposed concept and
exhibit several drawbacks when compared to our methodology.
They require an initial setup step in a secure environment. This
initial setup often assumes a trusted third party server which
coordinates the handshakes and distributes keys over a secure
channel before the ED’s deployment. Our framework alleviates
the need for an enrollment phase (on top of PUF hardware
characterization) and the necessity for a secure channel. While
the argument that the PPMR is a third party server is valid,
we do not rely on its trustworthiness nor we assume that
its contents are secret. The PPMR’s contents are publicly
available.
VII. CONCLUSIONS AND FUTURE WORK
In this paper, we develop a flexible and secure firmware
update framework that is suitable for the diverse device-space
of an IoT system. This framework’s main contributions are
adhoc device deployment without pre-installed security keys,
fast firmware updates to remote devices, chip-specific firmware
package encryption, ensure confidentiality and authenticity of
the firmware binary through the use of PPUFs and other
hardware-implemented cryptographic primitives, and an end-
to-end approach that beyond authentication takes data integrity
into account. Our experimental setup demonstrates the flexi-
bility and security of our approach by selecting alternative
underlying security primitives and testing the communication
protocol against several attack vectors. A proof-of-concept im-
plementation with commercial-of-the-shelf embedded devices’
firmware images verifies the practicality of the approach.
As future research, the proposed methodology will be exam-
ined under large-scale embedded device deployment scenarios
that employ peer-to-peer network connectivity. For example,
a swarm of IoT devices could utilize this protocol to perform
peer-to-peer firmware delivery and authentication. Another
direction, of our future work, is applying the proposed frame-
work in specific application domains such as autonomous
vehicles, where the protocol would be used to update the
vehicles through a vehicle-to-infrastructure communication
channel.
ACKNOWLEDGMENT
This work has been supported by the EU Horizon 2020
research and innovation programme under grant agreement No
739551 (KIOS CoE) and from the Government of the Repub-
lic of Cyprus through the Directorate General for European
Programmes, Coordination and Development. Partial support
was also provided by the Woodrow W. Everett, Jr. SCEEE
Development Fund in cooperation with the Southeastern As-
sociation of Electrical Engineering Department Heads.
REFERENCES
[1] S. Soltan, P. Mittal, and H. V. Poor, “Blackiot: Iot botnet of high
wattage devices can disrupt the power grid,” in 27th {USENIX} Security
Symposium ({USENIX} Security 18), 2018, pp. 15–32.
[2] Z. Basnight, J. Butts, J. Lopez Jr, and T. Dube, “Firmware modification
attacks on programmable logic controllers,” International Journal of
Critical Infrastructure Protection, vol. 6, no. 2, pp. 76–84, 2013.
[3] C. I. T. Lab, “Binary hardening in iot products,” Aug 2019. [Online].
Available: https://cyber-itl.org/2019/08/26/iot-data-writeup.html
[4] P. Thompson and S. Zatko, “Build safety of software in 28 popular home
routers,” Cyber-ITL, Dec 2018.
10
[5] C. Eaton, “Hacked: Energy industry’s controls provide an alluring
target for cyberattacks,” 2017. [Online]. Available: http://www.
houstonchronicle.com/
[6] A. Mocker, “Tuya: Revised update process hacked again,” Nov 2019.
[Online]. Available: https://www.heise.de/
[7] T. Seals, “Mirai botnet sees big 2019 growth, shifts focus to
enterprises,” 2019. [Online]. Available: https://threatpost.com/
[8] G. E. Suh and S. Devadas, “Physical unclonable functions for device
authentication and secret key generation,” in Design Automation Con-
ference, 2007. DAC’07. 44th ACM/IEEE. IEEE, 2007, pp. 9–14.
[9] S. Falas, C. Konstantinou, and M. K. Michael, “A hardware-based
framework for secure firmware updates on embedded systems,” in
2019 IFIP/IEEE 27th International Conference on Very Large Scale
Integration (VLSI-SoC). IEEE, 2019, pp. 198–203.
[10] M. Potkonjak and V. Goudar, “Public physical unclonable functions,”
Proceedings of the IEEE, vol. 102, no. 8, pp. 1142–1156, 2014.
[11] M. Potkonjak, S. Meguerdichian, A. Nahapetian, and S. Wei, “Differ-
ential public physically unclonable functions: architecture and applica-
tions,” in Proceedings of the 48th Design Automation Conference, 2011,
pp. 242–247.
[12] B. Colombier, L. Bossuet, V. Fischer, and D. He´ly, “Key reconciliation
protocols for error correction of silicon puf responses,” IEEE Transac-
tions on Information Forensics and Security, vol. 12, no. 8, pp. 1988–
2002, 2017.
[13] Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “Fuzzy extractors:
How to generate strong keys from biometrics and other noisy data,”
SIAM journal on computing, vol. 38, no. 1, pp. 97–139, 2008.
[14] F. Koushanfar, P. Boufounos, and D. Shamsi, “Post-silicon timing
characterization by compressed sensing,” in Proceedings of the 2008
IEEE/ACM International Conference on Computer-Aided Design. IEEE
Press, 2008, pp. 185–189.
[15] Common Vulnerabilities and Exposures (CVE®) List, The MITRE
Corporation, “CVE-2017-5698,” Feb 2017. [Online]. Available: https:
//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5698
[16] “Zigbee cluster library,” Dec 2019. [Online]. Available: https:
//zigbeealliance.org/developer resources/zigbee-cluster-library/
[17] B. Moran, M. Meriac, H. Tschofenig, and D. Brown, “A firmware update
architecture for internet of things devices,” Internet-Draft draft-moran-
suit-architecture-02, IETF, 2019.
[18] R. Karri, O. Sinanoglu, and J. Rajendran, “Physical unclonable functions
and intellectual property protection techniques,” in Fundamentals of IP
and SoC Security. Springer, 2017, pp. 199–222.
[19] T. Popp, “An introduction to implementation attacks and countermea-
sures,” in 2009 7th IEEE/ACM International Conference on Formal
Methods and Models for Co-Design. IEEE, 2009, pp. 108–115.
[20] L. Kohnfelder and P. Garg, “The threats to our products,” Microsoft
Interface, Microsoft Corporation, vol. 33, 1999.
[21] R. Khan, K. McLaughlin, D. Laverty, and S. Sezer, “Stride-based threat
modeling for cyber-physical systems,” in 2017 IEEE PES Innovative
Smart Grid Technologies Conference Europe (ISGT-Europe). IEEE,
2017, pp. 1–6.
[22] A. Aysu, E. Gulcan, D. Moriyama, P. Schaumont, and M. Yung, “End-
to-end design of a puf-based privacy preserving authentication protocol,”
in International Workshop on Cryptographic Hardware and Embedded
Systems. Springer, 2015, pp. 556–576.
[23] W. Che, M. Martin, G. Pocklassery, V. K. Kajuluri, F. Saqib, and
J. Plusquellic, “A privacy-preserving, mutual puf-based authentication
protocol,” Cryptography, vol. 1, no. 1, p. 3, 2017.
[24] A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti, “A large-scale
analysis of the security of embedded firmwares,” in 23rd {USENIX}
Security Symposium ({USENIX} Security 14), 2014, pp. 95–110.
[25] C. Konstantinou, A. Keliris, and M. Maniatakos, “Taxonomy of firmware
trojans in smart grid devices,” in Power and Energy Society General
Meeting (PESGM), 2016. IEEE, 2016, pp. 1–5.
[26] C. Konstantinou and M. Maniatakos, “Impact of firmware modification
attacks on power systems field devices,” in Smart Grid Communications,
2015 IEEE International Conference on. IEEE, 2015, pp. 283–288.
[27] A. Cui, M. Costello, and S. Stolfo, “When firmware modifications attack:
A case study of embedded exploitation,” Columbia, Academic Commons,
2013.
[28] H. Akhundov, E. Sluis, S. Hamdioui, and M. Taouil, “Public-key based
authentication architecture for iot devices using puf,” in CSEIT, 11 2019,
pp. 353–371.
[29] J. R. Wallrabenstein, “Practical and secure iot device authentication
using physical unclonable functions,” in 2016 IEEE 4th International
Conference on Future Internet of Things and Cloud (FiCloud). IEEE,
2016, pp. 99–106.
[30] A. Braeken, “Puf based authentication protocol for iot,” Symmetry,
vol. 10, no. 8, p. 352, 2018.
[31] U. Chatterjee, V. Govindan, R. Sadhukhan, D. Mukhopadhyay, R. S.
Chakraborty, D. Mahata, and M. M. Prabhu, “Building puf based
authentication and key exchange protocol for iot without explicit crps
in verifier database,” IEEE Transactions on Dependable and Secure
Computing, vol. 16, no. 3, pp. 424–437, 2018.
Solon Falas (S’18) received his B.Sc. in Computer
Engineering from the Department of Electrical and
Computer Engineering of the University of Cyprus
in 2017. He is currently a Ph.D student in the De-
partment of Electrical and Computer Engineering at
the University of Cyprus and a Researcher at KIOS
Research and Innovation Center of Excellence. His
research interests include, but not limited to, cyber-
physical, embedded systems, and hardware security.
Charalambos Konstantinou (S’11-M’18) received
his Ph.D. in Electrical Engineering from New
York University (NYU), NY and the Dipl.-Ing.
(M.Eng.) degree in Electrical and Computer En-
gineering from National Technical University of
Athens (NTUA), Greece. He is currently an As-
sistant Professor of Electrical and Computer Engi-
neering with Florida A&M University and Florida
State University (FAMU-FSU) College of Engineer-
ing and the Center for Advanced Power Systems,
FSU, Tallahassee, FL, USA. He is the Director of
the Decision & Secure Systems Laboratory (https://dss-lab.github.io/) and
his research interests include cyber-physical and embedded systems security
with focus on power systems. He is the recipient of the 2020 Myron Zucker
Student-Faculty Grant Award from IEEE Foundation, the Southeastern Center
for Electrical Engineering Education (SCEEE) Young Faculty Development
Award 2019, and the best paper award at the VLSI-SoC 2018. He is currently
the Secretary of the IEEE Task Force on Cyber-Physical Interdependence for
Power System Operation and Control.
Maria K. Michael (S’99-M’02) is an Associate Pro-
fessor at the Department of Electrical and Computer
Engineering at the University of Cyprus. She is also
a founding member and the Director of Education
and Training at the KIOS Research and Innovation
Center of Excellence, also at the University of
Cyprus. Maria has a Ph.D. degree from the ECE
Dept of Southern Illinois University, Carbondale-
USA. Her research expertise falls in the areas of test
and reliability of digital circuits and chip-level archi-
tectures, with emphasis on embedded and general-
purpose multicore systems reliability and on-line testing, dynamic/intelligent
parallel CAD algorithms for automatic testing and fault simulation, intelligent
methods for design, test and fault tolerance, delay test and emerging fault
models. Recent research interests expand to design and optimisation of
embedded systems and other chip-level architectures, dynamic self-detecting
and self-healing architectures, and dependability and security in the hardware
backbone of cyber-physical systems. She has published numerous papers in
high-caliber refereed journals and international conferences and she serves
on steering, organising and program committees of several IEEE and ACM
conferences in the areas of test and reliability. She is a co-recipient of a Best
Paper Award of MSE 2009. She is a member of the IEEE and the ACM.
