Secure Software Update and IP Protection for Untrusted Devices in the Internet of Things Via Physically Unclonable Functions

Christopher Huth, Paul Duplys, Tim Güneysu

In: Proceedings of the IEEE PerCom Workshop on Security, Privacy and Trust for IoT. IEEE International Workshop on Security, Privacy and Trust for IoT (SPT-IoT-2016) befindet sich PerCom 2016 March 14-14 Sydney Australia Seiten 1-6 2016.


We are on the brink of a new era, the Internet of Things. Security threats will rise with an increasing number of devices, since typical sensor nodes refrain from resource intense, seasoned security measures. Hence, we have to assume that sensor nodes will receive software updates more frequently. Particularly IP providers in the emerging market of specialized software will want their software protected during an update process. We propose a novel protocol by integrating different trust establishing techniques, to allow secure software updates on nodes already infected with malware. In short, a device has to prove the erasure of its memory within a time constraint and a physically unclonable function binds the newly downloaded software IP to the target platform. We surveyed several commercial smart home systems and analysed the security of our protocol. Compared to existing solutions, our protocol offers stronger IP protection under a more powerful attacker model, while the implementation costs are comparable to those of the existing protocols.

Deutsches Forschungszentrum für Künstliche Intelligenz
German Research Center for Artificial Intelligence