Onboarding and Software Update Architecture for IoT Devices

Abstract

The vast number of in-use Internet of Things (IoT) devices is by consensus, expected to continue rapid growth. These devices are subject to an expanding list of attacks that exploit both software vulnerabilities and design choices. This highlights the importance of architectural design of management for cryptographic keys involved in both initial configuration (onboarding) and secure, automatic update of device software and firmware. Low-level IoT devices with constrained processors and smaller registers and caches are computationally challenged to carry out desktop- and server-type public-key cryptographic operations, e.g., as needed for key establishment and authentication of software updates. To this end, we design and prototype an architecture for onboarding and secure software update of low-level IoT devices (8-bit). It uses elliptic curve cryptography (Curve25519), authenticated key establishment, and a known continuity-based key-locking mechanism that uses a public key embedded in a current software image to verify the signature on a software update. We also provide an informal security analysis. The design addresses the scenario of a transfer of update authority, e.g., when a manufacturer ceases to provide ongoing software updates upon going out of business.