Secure Code Update for Embedded Devices via Proofs of Secure Erasure

Abstract. Remote attestation is the process of verifying internal state of a remote embedded device. It is an important component of many security protocols and applications. Although previously proposed re-mote attestation techniques assisted by specialized secure hardware are effective, they not yet viable for low-cost embedded devices. One no-table alternative is software-based attestation, that is both less costly and more efficient. However, recent results identified weaknesses in some proposed software-based methods, thus showing that security of remote software attestation remains a challenge. Inspired by these developments, this paper explores an approach that relies neither on secure hardware nor on tight timing constraints typi-cal of software-based technqiques. By taking advantage of the bounded memory/storage model of low-cost embedded devices and assuming a small amount of read-only memory (ROM), our approach involves a new primitive – Proofs of Secure Erasure (PoSE-s). We also show that, even though it is effective and provably secure, PoSE-based attestation is not cheap. However, it is particularly well-suited and practical for two other related tasks: secure code update and secure memory/storage erasure. We consider several flavors of PoSE-based protocols and demonstrate their feasibility in the context of existing commodity embedded devices.

And QUIC meets IoT: performance assessment of MQTT over QUIC

We study the performance of the Message Queuing Telemetry Transport Protocol (MQTT) over QUIC. QUIC has been recently proposed as a new transport protocol, and it is gaining relevance at a very fast pace, favored by the support of key players, such as Google. It overcomes some of the limitations of the more widespread alternative, TCP, especially regarding the overhead of connection establishment. However, its use for Internet of Things (IoT) scenarios is still under consideration. In this paper we integrate a GO-based implementation of the QUIC protocol with MQTT, and we compare the performance of this combination with that exhibited by the more traditional MQTT/TLS/TCP approach. We use Linux Containers and we emulate various wireless network technologies by means of the ns3 simulator. The results of an extensive measurement campaign, show that QUIC protocol can indeed yield good performances for typical IoT use cases.The authors are grateful for the funding of the Industrial Doctorates Program from the University of Cantabria (Call 2018). This work has been partially supported by the Basque Government through the Elkartek program under the DIGITAL project (Grant agreement no. KK-2019/00095), as well as by the Spanish Government (Ministerio de Economía y Competitividad, Fondo Europeo de Desarrollo Regional, FEDER) by means of the project FIERCE: Future Internet Enabled Resilient smart CitiEs (RTI2018-093475-AI00)

Secure Code Updates for Smart Embedded Devices based on PUFs

Code update is a very useful tool commonly used in low-end embedded devices to improve the existing functionalities or patch discovered bugs or vulnerabilities. If the update protocol itself is not secure, it will only bring new threats to embedded systems. Thus, a secure code update mechanism is required. However, existing solutions either rely on strong security assumptions, or result in considerable storage and computation consumption, which are not practical for resource-constrained embedded devices (e.g., in the context of Internet of Things). In this work, we propose to use intrinsic device characteristics (i.e., Physically Unclonable Functions or PUF) to design a practical and lightweight secure code update scheme. Our scheme can not only ensure the freshness, integrity, confidentiality and authenticity of code update, but also verify that the update is installed correctly on a specific device without any malicious software. Cloned or counterfeit devices can be excluded as the code update is bound to the unpredictable physical properties of underlying hardware. Legitimate devices in an untrustworthy software state can be restored by filling suspect memory with PUF-derived random numbers. After update installation, the initiator of the code update is able to obtain the verifiable software state from device, and the device can maintain a sustainable post-update secure check by enforcing a secure call sequence. To demonstrate the practicality and feasibility, we also implement the proposed scheme on a low-end MCU platform (TI MSP430) by using onboard SRAM and Flash resources

Cellular, Wide-Area, and Non-Terrestrial IoT: A Survey on 5G Advances and the Road Towards 6G

The next wave of wireless technologies is proliferating in connecting things among themselves as well as to humans. In the era of the Internet of things (IoT), billions of sensors, machines, vehicles, drones, and robots will be connected, making the world around us smarter. The IoT will encompass devices that must wirelessly communicate a diverse set of data gathered from the environment for myriad new applications. The ultimate goal is to extract insights from this data and develop solutions that improve quality of life and generate new revenue. Providing large-scale, long-lasting, reliable, and near real-time connectivity is the major challenge in enabling a smart connected world. This paper provides a comprehensive survey on existing and emerging communication solutions for serving IoT applications in the context of cellular, wide-area, as well as non-terrestrial networks. Specifically, wireless technology enhancements for providing IoT access in fifth-generation (5G) and beyond cellular networks, and communication networks over the unlicensed spectrum are presented. Aligned with the main key performance indicators of 5G and beyond 5G networks, we investigate solutions and standards that enable energy efficiency, reliability, low latency, and scalability (connection density) of current and future IoT networks. The solutions include grant-free access and channel coding for short-packet communications, non-orthogonal multiple access, and on-device intelligence. Further, a vision of new paradigm shifts in communication networks in the 2030s is provided, and the integration of the associated new technologies like artificial intelligence, non-terrestrial networks, and new spectra is elaborated. Finally, future research directions toward beyond 5G IoT networks are pointed out.Comment: Submitted for review to IEEE CS&

Practical analysis framework for software-based attestation scheme

An increasing number of ”smart” embedded devices are employed in our living environment nowadays. Unlike traditional computer systems, these devices are often physically accessible to the attackers. It is therefore almost impossible to guarantee that they are un-compromised, i.e., that indeed the devices are executing the intended software. In such a context, software-based attestation is deemed as a promising solution to validate their software integrity. It guarantees that the software running on the embedded devices are un-compromised without any hardware support. However, designing software-based attestation protocols are shown to be error-prone. In this work, we develop a framework for design and analysis of software-based attestation protocols. We first propose a generic attestation scheme that captures most existing software-based attestation protocols. After formalizing the security criteria for the generic scheme, we apply our analysis framework to several well-known software-based attestation protocols and report various potential vulnerabilities. To the best of our knowledge, this is the first practical analysis framework for software-based attestation protocols.No Full Tex

Even lower latency in IIoT: evaluation of QUIC in industrial IoT scenarios

In this paper we analyze the performance of QUIC as a transport alternative for Internet of Things (IoT) services based on the Message Queuing Telemetry Protocol (MQTT). QUIC is a novel protocol promoted by Google, and was originally conceived to tackle the limitations of the traditional Transmission Control Protocol (TCP), specifically aiming at the reduction of the latency caused by connection establishment. QUIC use in IoT environments is not widespread, and it is therefore interesting to characterize its performance when in over such scenarios. We used an emulation-based platform, where we integrated QUIC and MQTT (using GO-based implementations) and compared their combined performance with the that exhibited by the traditional TCP/TLS approach. We used Linux containers as end devices, and the ns-3 simulator to emulate different network technologies, such as WiFi, cellular, and satellite, and varying conditions. The results evince that QUIC is indeed an appropriate protocol to guarantee robust, secure, and low latency communications over IoT scenarios.The authors are grateful for the funding of the Industrial Doctorates Program from the University of Cantabria (Call 2020). This work has been partially supported by the Basque Government through the Elkartek program under the DIGITAL project (grant agreement number KK-2019/00095), and by the Spanish Government (Ministerio de Economía y Competitividad, Fondo Europeo de Desarrollo Regional, FEDER) by means of the project FIERCE: Future Internet Enabled Resilient smart CitiEs (RTI2018-093475-AI00)

An efficient scheme for applying software updates in pervasive computing applications

The Internet of Things (IoT) offers a vast infrastructure of numerous interconnected devices capable of communicating and exchanging data. Pervasive computing applications can be formulated on top of the IoT involving nodes that can interact with their environment and perform various processing tasks. Any task is part of intelligent services executed in nodes or the back end infrastructure for supporting end users’ applications. In this setting, one can identify the need for applying updates in the software/firmware of the autonomous nodes. Updates are extensions or patches significant for the efficient functioning of nodes. Legacy methodologies deal with centralized approaches where complex protocols are adopted to support the distribution of the updates in the entire network. In this paper, we depart from the relevant literature and propose a distributed model where each node is responsible to, independently, initiate and conclude the update process. Nodes monitor a set of metrics related to their load and the performance of the network and through a time-optimized scheme identify the appropriate time to conclude the update process. We report on an infinite horizon optimal stopping model on top of the collected performance data. The aim is to make nodes capable of identifying when their performance and the performance of the network are of high quality to efficiently conclude the update process. We provide specific formulations and the analysis of the problem while extensive simulations and a comparison assessment reveal the advantages of the proposed solution