Many embedded systems are complex, and it is often required that the firmware in these systems are updatable by the end-user. For economical and confidentiality reasons, it is important that these systems only accept firmware approved by the firmware producer.
This project work focuses on creating a security enhanced firmware update procedure that is suitable for use in embedded systems. The common elements of embedded systems are described and various candidate algorithms are compared as candidates for firmware verification. Patents are used as a base for the proposal of a security enhanced update procedure. We also use attack trees to perform a threat analysis on an update procedure.
The results are a threat analysis of a home office router and the proposal of an update procedure. The update procedure will only accept approved firmware and prevents reversion to old, vulnerable, firmware versions. The firmware verification is performed using the hash function SHA-224 and the digital signature algorithm RSA with a key length of 2048. The selection of algorithms and key lengths mitigates the threat of brute-force and cryptanalysis attacks on the verification algorithms and is believed to be secure through 2030.
Source: Linköping University
Author: Abrahamsson, David
- Modeling and Optimization Techniques for Efficient Implementation of Parallel Embedded Systems (Electronics Project)
- Embedded System for Sensor Communication and Security (Electronics Project)
- 3D EM/MPM Medical Image Segmentation Using an FPGA Embedded Design Implementation (Electronics Project)
- Workflow Management Systems, their Security and Access Control Mechanisms (Computer Project)
- Instrumentation of timed automata for formal verification of timed properties (Electronics Project)
- Web System Security (Computer Project)
- Design and program multi-processor platform for high-performance embedded processing