Secure Boot and Firmware Update Framework for ARM Cortex-M Embedded IoT Devices

Abstract

The paper presents a lightweight and well-impervious security framework suitable to ARM Cortex-M-based IOEs embedded devices, which will serve an important purpose of presenting secure boot and firmware update operations in resource-constrained systems. As IoT implementations and applications in sensitive parts of our life like healthcare, smart infrastructure, and industrial control systems increase exponentially, embedded devices become more exposed to firmware tampering, write malicious code and update securities. The framework that is proposed addresses such threats by employing a multi-layered cryptographic approach, suitable to the framework by symmetric encryption with the use of AES-GCM, offering confidentiality, elliptic curve digital signature algorithm (ECDSA) providing authentication, and the SHA-256 hash to provide integrity verification. A trusted bootloader (« a procedure incorporating cryptographic functions used to secure a bootloader implementation »,) in a trusted ROM who administers cryptographic verification of the firmware signature with the help of a hardware-based root of trust prior to handing off control to the application firmware. As an additional measure the rollback protection is implemented with the help of version control to avoid firmware downgrade until known vulnerabilities are eliminated. The firmware update process allows encrypted over-the-air ( OTA ) update process to execute safe remote updates, storing the data maliciously and risking transmission. An atomic and fail safe update process is achieved through double-buffering. The experimental system was used and tested on STM32F429 Cortex-M4 microcontroller, and it successfully detected unauthorized modification of the firmware and was able to withstand rollback attacks. Performance evaluation with the bootloader as the benchmark shows the latency was only 10 milliseconds and the number of Flash memory usage was less than 0.05 percent. These outcomes confirm the application of the framework in the low-power and memory-constrained embedded systems without undermining state-of-the-art security assurances. The approach is compared to the current solutions in security to show a very usable set of efficiency, scalability and ease of implementation, which makes the presented approach an optimal one to be used in production IoT systems. A discussion on future improvements is provided wherein they would want to integrate it with hardware security modules and supporting quantum-resilient cryptographic primitives that would make the system secure in the long term.