A Secure Framework for OTA Smart Device Ecosystems Using ECC Encryption and Biometrics

  • Miguel Salas
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 381)


As we move towards a world where all the traditional household appliances and basic industrial devices are being transformed into interactive high-computing devices, an ecosystem of these smart devices is emerging. With this impending revolution, often coined the Internet of Things, one of the understated challenges is the security infrastructure that must accompany the deployment of this ecosystem. In this paper we propose a security framework that leverages hierarchical hardware memory mapping, modularity of the Operating System, and an efficient biometric aided ECC cryptosystem to work together towards this security need. We focus on the secure and efficient implementation of OTA updates and inter-device communication. Our work shows that by integrating several novel improvements based on real system considerations with state-of-the art techniques, we can build a commercially feasible security framework for these devices that is 35% faster and 5% more load efficient than current state-of-the-art ECC-based cryptosystems and OTA compression schemes.


OTA security framework biometrics elliptic curve cryptography Internet of Things 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Vermesan, O., Friess, P., Guillemin, P.: The Internet of Things - Strategic Research Roadmap. In: Cluster of European Research Projects on the Internet of Things, CERP-IoT (2009)Google Scholar
  2. 2.
    Linux Foundation: Tizen OS (2012),
  3. 3.
    Oommen, P.: A Framework for Integrated Management of Mobile-Stations Over-the-Air. In: IEEE/IFIP International Symposium on Integrated Network Management Proceedings (2001)Google Scholar
  4. 4.
    Cong Vo, C.: A Framework for Over the Air Provider-initiated Software Deployment on Mobile Devices. In: 19th Australian Conference on Software Engineering, ASWEC (2008)Google Scholar
  5. 5.
    Ling, Y., Tiansheng, H., Caixing, L., Yue, X., Haoen, Z.: A reprogramming protocol based on state machine for wireless sensor network. In: International Conference on Electrical and Control Engineering, ICECE (2010)Google Scholar
  6. 6.
    Brown, S., Sreenan, C.J.: A New Model for Updating Software in Wireless Sensor Networks. IEEE Network, 42–47 (2006)Google Scholar
  7. 7.
    Bing, B.: A Fast and Secure Framework for Over-the-Air Wireless Software Download Using Reconfigurable Mobile Devices. IEEE Communications Magazine, 58–63 (2006)Google Scholar
  8. 8.
    Bauer, J., Bieling, J., Bothe, A., Schwamborn, M.: Selective and Secure Over-The-Air Programming for Wireless Sensor Networks. In: 21st International Conference on Computer Communications and Networks, ICCCN (2012)Google Scholar
  9. 9.
    Nilsson, D., Larson, U.E.: Secure Firmware Updates over the Air in Intelligent Vehicles. In: IEEE International Conference on Communications Workshops, ICC Workshops (2008)Google Scholar
  10. 10.
    Chiang, M., Lu, T.: Two-Stage Diff: An Efficient Dynamic Software Update Mechanism for Wireless Sensor Networks. In: IFIP 9th International Conference on Embedded and Ubiquitous Computing, EUC (2011)Google Scholar
  11. 11.
    Bin Shafi, N., Ali, K., Hassanein, H.S.: No-reboot and Zero-Flash Over-the-air Programming for Wireless Sensor Networks. In: 9th Annual IEEE Communications Society Conference on Sensor Mesh and Ad Hoc Communications and Networks, SECON (2012)Google Scholar
  12. 12.
    Shibata, Y., Kida, T., Fukamachi, S.: Byte Pair Encoding: a text compression scheme that accelerates pattern matching. Technical report DOI-TR-161, Kyshu University (1999)Google Scholar
  13. 13.
    Kiyohara, R.: A New Method of Fast Compression of Program Code for OTA Updates in Consumer Devices. IEEE Transactions on Consumer Electronics, 812–817 (2009)Google Scholar
  14. 14.
    Barker, E., Barker, W., Burr, W.: Recommendation for Key Management. Part 1: General, NIST Special Publication 800-57 (2007)Google Scholar
  15. 15.
    Gupta, K., Silakari, S.: ECC over RSA for Asymmetric Encryption: A Review. IJCSI International Journal of Computer Science Issues, 370–375 (2011)Google Scholar
  16. 16.
    Ganesan, S.: An Efficient Protocol for Resource Constrained Platforms Using ECC. International Journal on Computer Science and Engineering, 89–91 (2009)Google Scholar
  17. 17.
    Chen, D., Nixon, M., Lin, T.: Over the Air Provisioning of Industrial Wireless Devices Using Elliptic Curve Cryptography. In: IEEE International Conference on Computer Science and Automation Engineering, CSAE (2011)Google Scholar
  18. 18.
    Gnanasivam, P.: Ear and Fingerprint Biometrics for Personal Identification. In: International Conference on Signal Processing, Communication, Computing and Networking Technologies, ICSCCN 2011 (2011)Google Scholar
  19. 19.
    Huang, Y., Ao, X., Li, Y.: Multiple Biometrics System based on DavinCi Platform. In: International Symposium on Information Science and Engineering, ISISE (2008)Google Scholar
  20. 20.
    Zhang, Y., Sun, D., Qiu, Z.: Hand-Based Feature Level Fusion for Single Sample Biometrics Recognition. In: International Workshop on Emerging Techniques and Challenges for Hand-Based Biometrics, ETCHB (2010)Google Scholar
  21. 21.
    Nilsson, D., Sun, L., Nakajima, T.: A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs. In: IEEE GLOBECOM Workshops (2008)Google Scholar
  22. 22.
    Guo, X., Huang, S., Nazhandali, L.: Fair and Comprehensive Performance Evaluation of 14 Second Round SHA-3 ASIC Implementations. In: NIST 2nd SHA-3 Candidate Conference (2010)Google Scholar
  23. 23.
  24. 24.
    Euler, L.: Theorematum quorundam ad numeros primos spectantium demonstratio. Commentarii Academiae Scientiarum Petropolitanae 8, 141–146 (1741)Google Scholar
  25. 25.
    National Institute of Standards and Technology: Recommended elliptic curves for federal government use (1999),

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Miguel Salas
    • 1
  1. 1.Microprocessor GroupIntel CorporationFort CollinsUSA

Personalised recommendations