A Novel Holistic Security Framework for In-field Firmware Updates

Abstract

The software/firmware running on the electronic devices is regularly updated. In IoT devices, the updates are performed Over the Air (OTA) through internet. In the absence of proper security measures, OTA update feature can be misused. The security threats like firmware reverse engineering, loading unauthorized firmware and loading authorized firmware on unauthorized nodes will lead to misuse of intellectual property, product cloning and denial of service attack. In this paper, we propose a security framework the microcontroller/SoC devices can incorporate for secure in-field OTA firmware update process. The proposed holistic solution support JTAG security, protecting IP rights of original device manufacturer (ODM) and secure OTA update. The security framework is designed using suitable cryptographic algorithms and protocol measures to address all the security threats connected with OTA firmware/software update which is not addressed in the past techniques.