一种嵌入式设备固件安全更新方案

doi:10.16180/j.cnki.issn1007-7820.2023.08.003

Abstract

Abstract:

In view of the security problem of embedded device firmware update, this study proposes a multi-check firmware security update scheme based on hash, symmetric and asymmetric encryption algorithms. In this study, the master key pairs, temporary key pairs, shared key and hash chain are designed to protect firmware update from identity authentication, data encryption, integrity check and other aspects, which can effectively prevent illegal users, firmware tampering, firmware data leakage, replay attack, firmware rollback and other attacks. In this study, the concrete implementation of the security update scheme is carried out. The experiment results show that compared with the ISP(In System Programming) and IAP(In Application Pragramming) technologies without any security protection, the scheme achieves the security protection of the whole process of firmware update at the time cost of about 7% and 11%, it provides a safe and reliable update method for embedded device firmware update.

Key words: firmware update, firmware security, embedded system, identity authentication, digital signature, Hash chain, integrity checking, symmetric encryption

CLC Number:

TN918.4

ZENG Xiangyi,LIU Wei,XIAO Hao. A Firmware Security Update Scheme for Embedded Devices[J].Electronic Science and Technology, 2023, 36(8): 14-18.

Figures/Tables 5

Figure 1.

Figure 2.

Table 1.

Figure 3.

Table 2.

References 20

[1]	Huynh-Van D, Tran-Quoc K, Quan L E T. An empirical study on approaches of internet of things reconfiguration[C]. Hue: Proceedings of the IEEE Seventh International Conference on Communications and Electronics, 2018:13-17.
[2]	魏星. 基于改进DNS协议的移动网络支付安全通信协议模型[J]. 电子科技, 2021, 34(9):54-57.
	Wei Xing. Mobile network payment secure communication protocol model based on improved DNS protocol[J]. Electronic Science and Technology, 2021, 34(9):54-57.
[3]	Lee B, Lee J H. Blockchain-based secure firmware update for embedded devices in an internet of things environment[J]. The Journal of Supercomputing, 2017, 73(3):1152-1167. doi: 10.1007/s11227-016-1870-0
[4]	武恪, 李超超, 杨兴达, 等. 车载控制器FOTA固件安全多重校验方案[J]. 电子测量技术, 2021, 44(22):7-13.
	Wu Ke, Li Chaochao, Yang Xingda, et al. Multiple check scheme of the security of vehicle-mounted controller FOTA[J]. Electronic Measurement Technology, 2021, 44(22):7-13.
[5]	陈长, 王铮, 胡俊. 基于SiTCP通信协议的FPGA可回滚远程固件更新方法[J]. 核技术, 2020, 43(11):42-46.
	Chen Zhang, Wang Zheng, Hu Jun. FPGA remote firmware update method based on SiTCP communication protocol with rollback function[J]. Nuclear Techniques, 2020, 43(11):42-46.
[6]	郭俊, 虞致国, 洪广伟, 等. 基于RISC-V处理器的固件更新系统设计[J]. 计算机工程与应用, 2022, 58(4):298-303. doi: 10.3778/j.issn.1002-8331.2008-0384
	Guo Jun, Yu Zhiguo, Hong Guangwei, et al. Design of firmware update system based on RISC-V processor[J]. Computer Engineering and Applications, 2022, 58(4):298-303. doi: 10.3778/j.issn.1002-8331.2008-0384
[7]	Yang W M. Design of UART downloading for multi-process micro-kernel embedded OS on ARM[J]. Applied Mechanics and Materials, 2013, 2607(389):843-848.
[8]	Keleman L, Matić D, Popović M, et al. Secure firmware update in embedded systems[C]. Berlin: Proceedings of IEEE the Ninth International Conference on Consumer Electronics, 2019:43-48.
[9]	Yohan A, Lo N-W. An over-the-blockchain firmware update framework for IoT devices[C]. Kaohsiung: Proceedings of the IEEE Conference on Dependable and Secure Computing, 2018:52-59.
[10]	Dhobi R, Gajjar S, Parmar D, et al. Secure firmware update over the air using TrustZone[C]. Vellore: Proceedings of the Innovations in Power and Advanced Computing Technologies, 2019:22-26.
[11]	Stringham G. Hardware/firmware interface design: Best practices for improving embedded systems development[M]. Amsterdam:Newnes, 2009:67-72.
[12]	赵亚新, 郭玉东, 舒辉. 基于JTAG的嵌入式设备固件分析技术[J]. 计算机工程与设计, 2014, 35(10):3410-3415.
	Zhao Yaxin, Guo Yudong, Shu Hui. Analysis technology of embedded device firmware based on JTAG[J]. Computer Engineering and Design, 2014, 35(10):3410-3415.
[13]	王巍, 俞冠中, 靳子洋. 基于Cortex-M的嵌入式设备固件更新方法研究[J]. 单片机与嵌入式系统应用, 2021, 21(6):69-73.
	Wang Wei, Yu Guanzhong, Jin Ziyang. Method of updating firmware for embedded devices based on Cortex-M[J]. Microcontrollers & Embedded Systems, 2021, 21(6):69-73.
[14]	杨磊磊. 基于uC/OS-Ⅱ的射频读写器嵌入式软件系统设计与开发[D]. 上海: 上海交通大学, 2019:33-37.
	Yang Leilei. The design and development of the embedded software system of the RF reader based on uC/OS-II[D]. Shanghai: Shanghai Jiao Tong University, 2019:33-37.
[15]	刘波. 物联网设备空中固件升级技术研究与系统实现[D]. 杭州: 浙江大学, 2020:48-58.
	Liu Bo. Research and system implementation of over-the-air firmware upgrade technology for IoT devices[D]. Hangzhou: Zhejiang University, 2020:48-58.
[16]	Wu D, Hussain M J, Li S, et al. R2: Over-the-air reprogramming on computational RFIDs[C]. Orlando: Proceedings of the IEEE International Conference on RFID, 2016:84-88.
[17]	朱琼. 基于嵌入式移动智能终端固件升级系统的设计与实现[D]. 西安: 西安电子科技大学, 2014:57-63.
	Zhu Qiong. Design and implementation of firmware upgrade system based on embedded mobile intelligent terminal[D]. Xi'an: Xidian University, 2014:57-63.
[18]	付春流, 陈德旺, 尚艳艳, 等. 基于IAP的硬件在环测试系统升级研究[J]. 电子测量技术, 2020, 43(7):157-160.
	Fu Chunliu, Chen Dewang, Shang Yanyan, et al. Research on upgrade of hardware-in-the-loop test system based on IAP[J]. Electronic Measurement Technology, 2020, 43(7):157-160.
[19]	檀朝新, 张杨, 马柱, 等. 基于IAP技术的远程固件更新系统设计与实现[J]. 中国医疗器械杂志, 2019, 43(6):425-428.
	Tan Chaoxin, Zhang Yang, Ma Zhu, et al. Design and implementation of remote firmware update system based on IAP technology[J]. Chinese Journal of Medical Instrumentation, 2019, 43(6):425-428.
[20]	Tyree Z, Bridges R A, Combs F L, et al. Exploiting the shape of CAN data for in-vehicle intrusion detection[C]. Chicago: Proceedings of IEEE the Eighty-eighth Vehicular Technology Conference, 2018:62-69.

固件大小 /kB	ISP方案 /ms	IAP方案 /ms	本文方案 /ms	较ISP比例 /%	较IAP比例 /%
24	675	648	725	7.41	11.88
40	1 114	1 074	1 193	7.09	11.08
104	2 758	2 673	2 963	7.43	10.85
160	4 266	4 126	4 573	7.20	10.83
192	5 174	4 991	5 572	7.69	11.64
248	6 762	6 516	7 294	7.87	11.94

序号	攻击阶段	攻击方式	识别结果
1	更新请求	非法用户	成功
2	更新请求	非法固件	成功
3	固件下载	回滚攻击	成功
4	固件下载	重放攻击	成功
5	固件下载	篡改固件密文	成功
6	固件下载	篡改哈希链	成功
7	固件更新	篡改固件明文	成功
8	固件更新	篡改固件签名	成功

A Firmware Security Update Scheme for Embedded Devices

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 20

Related Articles 15

Metrics

Comments

Recommended 0

[1]	SHAO Heyi. Electronic Identity Authentication and Comparison Device for Motor Vehicles Based on Smart Phone [J]. Electronic Science and Technology, 2019, 32(10): 83-86.
[2]	SUN Bo,GUO Weisheng. The Method of Analog Quantity Measure and Calibrate of Mobile Frequency Convertor [J]. , 2017, 30(9): 82-.
[3]	MEI Tao,HUANG Baolei,XU Xiaoguang. Design and Realization of Network Driver Model in Embedded System [J]. , 2016, 29(4): 111-.
[4]	WANG Shizhi,Ma Zining. Research on Mobile OA System Based on Hybrid Key Digital Signature Technology [J]. , 2016, 29(2): 167-.
[5]	XIE Hui,WANG Guoqi,LEI Wan,ZHENG Tao. A Lightweight File Secure Management Scheme for Small and Middle Enterprise [J]. , 2016, 29(2): 169-.
[6]	ZENG Xiaobo,YI Zhizhong,JIAO Xin. High-Speed Hardware Design and Implementation of AES Algorithm Based on 51 Core [J]. , 2016, 29(1): 36-.
[7]	LIU Chengliang,WANG Chunfeng,LIN Jinbiao. Real-time Detection of Biological Denitrification Parameters Based on μC/OS-II [J]. , 2015, 28(8): 138-.
[8]	ZHOU Shuying,LIN Fanqiang,ZHOU Jingyu. Multi-flavor Cereal Nutrition Soymilk Machine with Vending Function [J]. , 2015, 28(6): 176-.
[9]	ZHANG Lei,SHI Weibin. Design of HD Camera Driver Based on DM6467T [J]. , 2015, 28(10): 155-.
[10]	HU Yufeng. Research on Embedded Eye Tracking System Based on OpenCV [J]. , 2014, 27(9): 58-.
[11]	GUO Changsheng,GONG Tao,FAN Tiantian,ZHENG Huake. A Drowning Feature Recognition System Based on AIS [J]. , 2014, 27(7): 171-.
[12]	YAN Chenyang,YAN Yisong,LI Taotao. Network Server Design Based on MPC8313E [J]. , 2014, 27(6): 160-.
[13]	YAN Lin,LU Chen. An Improved ECDSA Based on the Fast Scalar Multiplication Algorithm [J]. , 2014, 27(4): 23-.
[14]	CUI Qiang-Qiang, JIN Tong-Biao. Design of Reinforced Computer Motherboard Based on COMe Module [J]. , 2014, 27(2): 92-.
[15]	FU Zhe, LI Qing-Xia, WANG Huan-Huan. An Improved Bidirectional Authentication and Dynamic Password [J]. , 2014, 27(1): 150-.