一种嵌入式设备固件安全更新方案

doi:10.16180/j.cnki.issn1007-7820.2023.08.003

摘要/Abstract

摘要：

针对嵌入式设备固件更新的安全问题,文中提出了一种基于哈希、对称、非对称加密算法的多重校验固件安全更新方案。通过主密钥对、临时密钥对、共享密钥以及哈希链等设计,从身份认证、数据加密、完整性校验等多个方面对固件更新进行安全防护,可以有效预防非法用户、固件篡改、固件数据泄露、重放攻击、固件回滚等攻击。文中对此安全更新方案进行了具体实现,实验结果显示该方案相较于无任何安全防护的ISP(In System Programming)和IAP(In Application Pragramming)技术,在时间成本方面分别增加约7%和11%的情况下实现了对固件更新的全流程安全防护,为嵌入式设备的固件更新提供了一种安全、可靠的更新方法。

关键词: 固件更新, 固件安全, 嵌入式系统, 身份认证, 数字签名, 哈希链, 完整性校验, 对称加密

Abstract:

In view of the security problem of embedded device firmware update, this study proposes a multi-check firmware security update scheme based on hash, symmetric and asymmetric encryption algorithms. In this study, the master key pairs, temporary key pairs, shared key and hash chain are designed to protect firmware update from identity authentication, data encryption, integrity check and other aspects, which can effectively prevent illegal users, firmware tampering, firmware data leakage, replay attack, firmware rollback and other attacks. In this study, the concrete implementation of the security update scheme is carried out. The experiment results show that compared with the ISP(In System Programming) and IAP(In Application Pragramming) technologies without any security protection, the scheme achieves the security protection of the whole process of firmware update at the time cost of about 7% and 11%, it provides a safe and reliable update method for embedded device firmware update.

Key words: firmware update, firmware security, embedded system, identity authentication, digital signature, Hash chain, integrity checking, symmetric encryption

中图分类号:

TN918.4

曾祥义,刘伟,肖昊. 一种嵌入式设备固件安全更新方案[J]. 电子科技, 2023, 36(8): 14-18.

ZENG Xiangyi,LIU Wei,XIAO Hao. A Firmware Security Update Scheme for Embedded Devices[J]. Electronic Science and Technology, 2023, 36(8): 14-18.

图/表 5

图1

图2

表1

图3

表2

参考文献 20

[1]	Huynh-Van D, Tran-Quoc K, Quan L E T. An empirical study on approaches of internet of things reconfiguration[C]. Hue: Proceedings of the IEEE Seventh International Conference on Communications and Electronics, 2018:13-17.
[2]	魏星. 基于改进DNS协议的移动网络支付安全通信协议模型[J]. 电子科技, 2021, 34(9):54-57.
	Wei Xing. Mobile network payment secure communication protocol model based on improved DNS protocol[J]. Electronic Science and Technology, 2021, 34(9):54-57.
[3]	Lee B, Lee J H. Blockchain-based secure firmware update for embedded devices in an internet of things environment[J]. The Journal of Supercomputing, 2017, 73(3):1152-1167. doi: 10.1007/s11227-016-1870-0
[4]	武恪, 李超超, 杨兴达, 等. 车载控制器FOTA固件安全多重校验方案[J]. 电子测量技术, 2021, 44(22):7-13.
	Wu Ke, Li Chaochao, Yang Xingda, et al. Multiple check scheme of the security of vehicle-mounted controller FOTA[J]. Electronic Measurement Technology, 2021, 44(22):7-13.
[5]	陈长, 王铮, 胡俊. 基于SiTCP通信协议的FPGA可回滚远程固件更新方法[J]. 核技术, 2020, 43(11):42-46.
	Chen Zhang, Wang Zheng, Hu Jun. FPGA remote firmware update method based on SiTCP communication protocol with rollback function[J]. Nuclear Techniques, 2020, 43(11):42-46.
[6]	郭俊, 虞致国, 洪广伟, 等. 基于RISC-V处理器的固件更新系统设计[J]. 计算机工程与应用, 2022, 58(4):298-303. doi: 10.3778/j.issn.1002-8331.2008-0384
	Guo Jun, Yu Zhiguo, Hong Guangwei, et al. Design of firmware update system based on RISC-V processor[J]. Computer Engineering and Applications, 2022, 58(4):298-303. doi: 10.3778/j.issn.1002-8331.2008-0384
[7]	Yang W M. Design of UART downloading for multi-process micro-kernel embedded OS on ARM[J]. Applied Mechanics and Materials, 2013, 2607(389):843-848.
[8]	Keleman L, Matić D, Popović M, et al. Secure firmware update in embedded systems[C]. Berlin: Proceedings of IEEE the Ninth International Conference on Consumer Electronics, 2019:43-48.
[9]	Yohan A, Lo N-W. An over-the-blockchain firmware update framework for IoT devices[C]. Kaohsiung: Proceedings of the IEEE Conference on Dependable and Secure Computing, 2018:52-59.
[10]	Dhobi R, Gajjar S, Parmar D, et al. Secure firmware update over the air using TrustZone[C]. Vellore: Proceedings of the Innovations in Power and Advanced Computing Technologies, 2019:22-26.
[11]	Stringham G. Hardware/firmware interface design: Best practices for improving embedded systems development[M]. Amsterdam:Newnes, 2009:67-72.
[12]	赵亚新, 郭玉东, 舒辉. 基于JTAG的嵌入式设备固件分析技术[J]. 计算机工程与设计, 2014, 35(10):3410-3415.
	Zhao Yaxin, Guo Yudong, Shu Hui. Analysis technology of embedded device firmware based on JTAG[J]. Computer Engineering and Design, 2014, 35(10):3410-3415.
[13]	王巍, 俞冠中, 靳子洋. 基于Cortex-M的嵌入式设备固件更新方法研究[J]. 单片机与嵌入式系统应用, 2021, 21(6):69-73.
	Wang Wei, Yu Guanzhong, Jin Ziyang. Method of updating firmware for embedded devices based on Cortex-M[J]. Microcontrollers & Embedded Systems, 2021, 21(6):69-73.
[14]	杨磊磊. 基于uC/OS-Ⅱ的射频读写器嵌入式软件系统设计与开发[D]. 上海: 上海交通大学, 2019:33-37.
	Yang Leilei. The design and development of the embedded software system of the RF reader based on uC/OS-II[D]. Shanghai: Shanghai Jiao Tong University, 2019:33-37.
[15]	刘波. 物联网设备空中固件升级技术研究与系统实现[D]. 杭州: 浙江大学, 2020:48-58.
	Liu Bo. Research and system implementation of over-the-air firmware upgrade technology for IoT devices[D]. Hangzhou: Zhejiang University, 2020:48-58.
[16]	Wu D, Hussain M J, Li S, et al. R2: Over-the-air reprogramming on computational RFIDs[C]. Orlando: Proceedings of the IEEE International Conference on RFID, 2016:84-88.
[17]	朱琼. 基于嵌入式移动智能终端固件升级系统的设计与实现[D]. 西安: 西安电子科技大学, 2014:57-63.
	Zhu Qiong. Design and implementation of firmware upgrade system based on embedded mobile intelligent terminal[D]. Xi'an: Xidian University, 2014:57-63.
[18]	付春流, 陈德旺, 尚艳艳, 等. 基于IAP的硬件在环测试系统升级研究[J]. 电子测量技术, 2020, 43(7):157-160.
	Fu Chunliu, Chen Dewang, Shang Yanyan, et al. Research on upgrade of hardware-in-the-loop test system based on IAP[J]. Electronic Measurement Technology, 2020, 43(7):157-160.
[19]	檀朝新, 张杨, 马柱, 等. 基于IAP技术的远程固件更新系统设计与实现[J]. 中国医疗器械杂志, 2019, 43(6):425-428.
	Tan Chaoxin, Zhang Yang, Ma Zhu, et al. Design and implementation of remote firmware update system based on IAP technology[J]. Chinese Journal of Medical Instrumentation, 2019, 43(6):425-428.
[20]	Tyree Z, Bridges R A, Combs F L, et al. Exploiting the shape of CAN data for in-vehicle intrusion detection[C]. Chicago: Proceedings of IEEE the Eighty-eighth Vehicular Technology Conference, 2018:62-69.

固件大小 /kB	ISP方案 /ms	IAP方案 /ms	本文方案 /ms	较ISP比例 /%	较IAP比例 /%
24	675	648	725	7.41	11.88
40	1 114	1 074	1 193	7.09	11.08
104	2 758	2 673	2 963	7.43	10.85
160	4 266	4 126	4 573	7.20	10.83
192	5 174	4 991	5 572	7.69	11.64
248	6 762	6 516	7 294	7.87	11.94

序号	攻击阶段	攻击方式	识别结果
1	更新请求	非法用户	成功
2	更新请求	非法固件	成功
3	固件下载	回滚攻击	成功
4	固件下载	重放攻击	成功
5	固件下载	篡改固件密文	成功
6	固件下载	篡改哈希链	成功
7	固件更新	篡改固件明文	成功
8	固件更新	篡改固件签名	成功