Secure Code Updates for Mesh Networked Commodity Low-End Embedded Devices

摘要

Mesh networked low-end embedded devices are increasingly used in various scenarios, including industrial control, wireless sensing, robot swarm communication, or building automation. Recently, more and more software vulnerabilities in embedded systems are disclosed, as they become appealing targets for cyber attacks. In order to patch these systems, an efficient and secure code update mechanism is required. However, existing solutions are unable to provide verifiable code updates for networked commodity low-end embedded devices. This work presents a novel code update scheme which verifies and enforces the correct installation of code updates on all devices in the network. After update distribution and installation, devices mutually attest and verify each others' software state. Devices being in an untrustworthy state are excluded from the network. In this way, the scheme enforces software integrity as well as software up-to-dateness on all devices in the network. Issuing a secure code update, the network operator is able to learn the identity of all trustworthy and all untrustworthy devices. We demonstrate that the proposed scheme is applicable to a wide range of existing commodity low-end embedded systems. Furthermore, we show that the scheme is practically usable in networks with tens of thousands of devices.