Conferences and supporting programme
Secure and Scalable FW Upgrade Mechanisms in the IoT Domain
This paper investigates the security implications of providing a FW upgrade mechanism as a background service in a running main application and what security measures must be implemented to protect the device. Focus will be given to enabling support for synchronized updates of multiple cores/MCUs or multiple devices in a wireless network. The solution presented shows the FW upgrade process as a multi-stage operation. Core to this is an immutable secure boot mechanism. The solution relies on platform security mechanisms to protect the FW and key material, as well as securing the FW upgrade process. This paper will focus on remote controlled device managment operation for the FW upgrade mechanism, like provisioning and use of cryptographic keys as well as controlling the process of doing a FW upgrade. Different strategies of device management will be shown, from manually initiated to fully automated. Solutions for different IoT wireless topologies will be presented, like Bluetooth LE, Bluetooth Mesh, Thread, Zigbee and LTE. This paper show the design process of such a FW upgrade mechanism using the new IETF standard for Software Updates of Internet of Things (IETF SUIT). It describes the operations of the upgrades through a manifest format that is designed to be agnostic to the network protocol in use. This paper will also give details on existing solutions for device management and FW upgrade available in the MCUboot and MCUmgr projects used in the Zephyr RTOS.
--- Date: 28.02.2019 Time: 14:30 - 15:00 Location: Conference Counter NCC Ost