Secure Over-the-Air (OTA) Firmware Update Mechanism for Resource-Constrained Embedded Devices
DOI:
https://doi.org/10.31838/ESA/03.02.03Keywords:
Secure OTA Update, Firmware Integrity, Embedded Security, ARM Cortex-M, AES-GCM, ECDSA, LoRaWAN, Anti-Rollback, Resource-Constrained DevicesAbstract
Software embedded design systems are also penetrating more and more important areas of application: the Internet of Things (IoT), remote health monitoring, industrial automation, and smart infrastructure, current safe efficient and secure firmware update mechanisms are paramount. The ability associated with over-the-air (OTA) updating of firmware is strictly required in preserving the functioning of devices, exploiting such gaps, and empowering the features after release. But in highly constrained systems (those with limited memory, processing capacity and available energy), conventional secure update interfaces can incur unacceptable overheads or they may not provide complete protection against sophisticated cyber-attacks. In this paper the authors introduce a simple yet lightweight and robust OTA update mechanism built specifically to be used on such constrained platforms. This suggested framework combines the familiar AES-GCM-authenticated encryption to guarantee data confidentiality and integrity, a source authentication technique based on checking digital signatures secured using ECDSA, and a versioning protocol providing the anti-rollback protection using monotonic counters. As part of validating its practicality, the solution is applied and tested with ARM Cortex-M microcontrollers, i.e., STM32 and nRF52840, where communication is performed over low-power wireless networks like LoRaWAN and BLE. A signature of firmware packages via custom-built update server (TLS) will provide secure transfer of updated packages. Experimental scrutinisms indicate that the secure OTA system has very limited overhead in resources (about 14 KB extra flash usage and 3 KB of RAM) and the average update speed is 3.8 seconds with a 256 KB binary image using LoRaWAN. In addition, the system is well adapted to identify and discard a tainted or old firmware image, hence ensuring device immunity against attacks including firmware manipulation, replay, and man-in-the-middle intrusion. The performance highly conforms to the contention that the framework provides a robust degree of security and performance coupled with resource usability hence being ideal to use in real fully embedded applications that have strict limitations. This contribution consists of a scalable, secure OTA approach that builds resilience to the operational integrity and trustworthiness of the distributed embedded system in dynamic and security critical settings.
