Abstract
Recently massive Internet of Things have been deployed around the world. With data collected from sensors and functionalities provided by micro-controller based devices, new applications have emerged through big data analytics and autonomous real-time system responses. To support quality of service for deployed IoT devices, firmware update is a necessary task for IoT vendors. However, malicious attackers have been penetrated traditional firmware update processes and mechanisms to compromise deployed IoT devices, and launch destructive attacks through these controlled devices. In this paper, a secure IoT firmware update framework based on MQTT protocol is proposed. We picture a general firmware update model with IoT devices, gateway devices, firmware distribution broker servers, and firmware deployment servers of IoT vendors. Based on this model, a secure firmware update mechanism is developed to help IoT devices authenticate the source of received firmware and verify the integrity of the received firmware. MQTT protocol is adopted in the proposed framework to efficiently distribute new versions of firmware for IoT vendors. Cryptologic primitives such as Elliptic Curve based Diffie-Hellman key exchange and key-hashed message authentication code are used to secure the proposed process and corresponding protocols. Security analysis is conducted to evaluate security strength of the proposed framework.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Choi, B.C., Lee, S.H., Na, J.C., Lee, J.H.: Secure firmware validation and update for consumer devices in home networking. IEEE Trans. Consum. Electron. 62(1), 39–44 (2016)
Yadav, P., Vishwakarma, S.: Application of Internet of Things and big data towards a smart city. In: The 3rd International Conference On Internet of Things: Smart Innovation and Usages (2018)
Choi, H., Song, J., Yi, K.: Brightics-IoT: towards effective industrial IoT platforms for connected smart factories. In: IEEE International Conference on Industrial Internet (2018)
OASIS: MQTT Version 3.1.1 Plus Errata 01. http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html. Accessed 30 Apr 2019
Thota, P., Kim, Y.: Implementation and comparison of M2M protocols for Internet of Things. In: 2016 4th International Conference on Applied Computing and Information Technology/3rd International Conference on Computational Science/Intelligence and Applied Informatics/1st International Conference on Big Data, Cloud Computing, Data Science and Engineering (ACIT-CSII-BCD), pp. 43–48 (2016)
IETF: The Constrained Application Protocol. https://tools.ietf.org/html/rfc7252. Accessed 30 Apr 2019
Ranjan, A.K., Hussain, M.: Terminal authentication in M2M communications in the context of Internet of Things. Proc. Comput. Sci. 89, 34–42 (2016)
Lavanya, Natarajan: Lightweight authentication for COAP based IOT. In: The 6th International Conference on the Internet of Things, pp. 167–168 (2016)
Bamasag, O.O., Youcef-Toumi, K.: Towards continuous authentication in Internet of Things based on secret sharing scheme. In: The 2015 Workshop on Embedded Systems Security (WESS 2015), Amsterdam, Netherlands (2015)
Butun, I., Erol-Kantarci, M., Kantarci, B., Song, H.: Cloud-centric multi-level authentication as a service for secure public safety device networks. IEEE Commun. Mag. 54(4), 47–53 (2016)
Hernandez-Ramos, J.L., Pawlowski, M.P., Jara, A.J., Skarmeta, A.F., Ladid, L.: Toward a lightweight authentication and authorization framework for smart objects. IEEE J. Sel. Areas Commun. 33(4), 690–702 (2015)
Kumar, P., Gurtov, A., Iinatti, J., Ylianttila, M., Sain, M.: Lightweight and secure session-key establishment scheme in smart home environments. IEEE Sens. J. 16(1), 254–264 (2016)
Hassan, R., Markantonakis, K., Akram, R.N.: Can you call the software in your device be firmware? In: 2016 IEEE 13th International Conference on e-Business Engineering (ICEBE), pp. 188–195 (2016)
Chandra, H., Anggadjaja, E., Wijaya, P.S., Gunawan, E.: Internet of Things: Over-the-Air (OTA) firmware update in lightweight mesh network protocol for smart urban development. In: 2016 22nd Asia-Pacific Conference on Communications, pp. 115–118 (2016)
Nilsson, D.K., Sun, L., Nakajima, T.: A framework for self-verification of firmware updates over the air in vehicle ECUs. In: 2008 IEEE GLOBECOM Workshops, pp. 1–5 (2008)
Acknowledgment
The authors gratefully acknowledge the support from the Taiwan Information Security Center (TWISC) and Ministry of Science and Technology, Taiwan, under the Grant Numbers MOST 105-2221-E-011-080-MY3, MOST 107-2218-E-011-012, MOST 107-2218-E-011-002, MOST 108-2221-E-011-063 and MOST 108-2221-E-011-065.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Lo, NW., Hsu, SH. (2020). A Secure IoT Firmware Update Framework Based on MQTT Protocol. In: Borzemski, L., Świątek, J., Wilimowska, Z. (eds) Information Systems Architecture and Technology: Proceedings of 40th Anniversary International Conference on Information Systems Architecture and Technology – ISAT 2019. ISAT 2019. Advances in Intelligent Systems and Computing, vol 1050. Springer, Cham. https://doi.org/10.1007/978-3-030-30440-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-30440-9_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30439-3
Online ISBN: 978-3-030-30440-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)