Secure firmware validation and update for consumer devices in home networking

IEEE Transactions on Consumer Electronics

Volumn 62, Issue 1, 2016, Pages 39-44

  Choi, Byung Chul ^a   Lee, Seoung Hyeon ^a   Na, Jung Chan ^a   Lee, Jong Hyouk ^b,c  

^a Electronics and Telecommunications Research Institute (ETRI)   (South Korea)

^b Sangmyung University   (South Korea)

^c IEEE   (United States)

Author keywords

authentication; Firmware validation; integrity; security analysis

Indexed keywords

APPLICATION PROGRAMS; AUTHENTICATION; COMPUTER VIRUSES; CONSUMER ELECTRONICS; EMBEDDED SYSTEMS; HOME NETWORKS; PERSONAL COMPUTERS; SECURITY SYSTEMS; SMART CARDS;

ANTIVIRUS SOFTWARES; CONSTRAINED CONDITIONS; FIRMWARE UPDATES; INTEGRITY; MONITORING AND CONTROL; MUTUAL AUTHENTICATION; SECURITY ANALYSIS; STEALTH CAPABILITY;

FIRMWARE;

EID: 84964317984     PISSN: 00983063     EISSN: None     Source Type: Journal    
DOI: 10.1109/TCE.2016.7448561     Document Type: Article

References (17)

1. Gartner, "Gartner Says 4.9 Billion Connected " Things" Will Be in Use in 2015," Gartner Newsroom, November 2014.
2. Proofpoint, "Proofpoint Uncovers Internet of Things (IoT) Cyberattack," Proofpoint Release, January 2014.
3. C. Miller and C. Valaek, "Remote Exploitation of an Unaltered Passenger Vehicle," Black Hat USA, August 2015.
4. E.-S. Lee, H.-J. Lee, K. Lee, and J.-H. Park, "Automating Configuration System and Protocol for Next-Generation Home Appliances," ETRI Journal, vol. 35, no. 6, pp. 1094-1104, December 2013.
5. F.J. Bellido-Outeirino, J.M. Flores-Arias, M. Linan-Reyes, E.J. Palacios-Garcia, and J.J. Luna-Rodriguez, "Wireless Sensor Network and Stochastic Models for Household Power Management," IEEE Transactions on Consumer Electronics, vol. 59, no. 3, pp. 483-491, August 2013.
6. K. Nohl and J. Lell, "BADUSB - On Accessories that Turn Evil," Black Hat USA, August 2014.
7. G. Delugré, "Closer to metal: Reverse engineering the Broadcom NetExtreme's firmware," Hack.lu, October 2010.
8. K. Zetter, "How the NSA's Firmware Hacking Works and Why It's So Unsettling", Wired, February 2015.
9. C. Miller, "Battery Firmware Hacking," Defcon 19, August 2011.
10. A. Cui, M. Costello, and S. Stolfo, "When Firmware Modifications Attack: A Case Study of Embedded Exploitation," Network and Distributed System Security Symposium, February 2013.
11. J.-H. Lee, S.-G. Sohn, B.-H. Chang, and T.-M. Chung, "PKG-VUL: Security Vulnerability Evaluation and Patch Framework for Package-based Systems," ETRI Journal, vol. 31, no. 5, pp. 554-564, October 2009.
12. Y.-M. Tseng, S.-S. Huang, T.-T. Tsai, and L. Tseng, "A Novel ID-Based Authentication and Key Exchange Protocol Resistant to Ephemeral-Secret-Leakage Attacks for Mobile Devices," International Journal of Distributed Sensor Networks, vol. 2015, Article ID 898716, 2015.
13. M. Das, A. Saxena, and V. Gulati, "A Dynamic ID-based Remote User Authentication Scheme," IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp. 629-631, May 2004.
14. K. Mehr and J. Niya, "Securing Mobile Ad Hoc Networks Using Enhanced Identity-Based Cryptography," ETRI Journal, vol. 37, no. 3, pp. 512-522, June 2015.
15. C. Schnorr, "Efficient signature generation by smart cards," Journal of Cryptology, vol. 4, no. 3, pp. 161-174, January 1991.
16. D. He, N. Kumar, and J.-H. Lee, "Secure Pseudonym-based Near Field Communication Protocol for the Consumer Internet of Things," IEEE Transactions on Consumer Electronics, vol. 61, no. 1, pp. 56-62, February 2015.
17. P. Zeng, K. Choo, and D. Sun, "On the Security of an Enhanced Novel Access Control Protocol for Wireless Sensor Networks," IEEE Transactions on Consumer Electronics, vol. 56, no. 2, pp. 566-569, May 2010.