research-article

Secure and user-friendly over-the-air firmware distribution in a portable faraday cage

Authors:

Martin Striegel,

Florian Jakobsmeier,

Georg SiglAuthors Info & Claims

WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 173 - 183

https://doi.org/10.1145/3395351.3399342

Published: 21 July 2020 Publication History

Abstract

Setting up a large-scale wireless sensor networks (WSNs) is challenging, as firmware must be distributed and trust between sensor nodes and a backend needs to be established. To perform this task efficiently, we propose an approach named Box, which utilizes an intelligent Faraday Cage (FC). The FC acquires firmware images and secret keys from a backend, patches the firmware with the keys and deploys those customized images over-the-air (OTA) to sensor nodes placed in the FC. Electromagnetic (EM) shielding protects this exchange against passive attackers. We place few demands on the sensor node, not requiring additional hardware components or firmware customized by the manufacturer. We describe this novel workflow, implement the Box and a backend system and demonstrate the feasibility of our approach by batch-deploying firmware to multiple commercial off-the-shelf (COTS) sensor nodes. We conduct a user-study with 31 participants with diverse backgrounds and find, that our approach is both faster and more user-friendly than firmware distribution over a wired connection.

References

[1]

Dirk Balfanz, Glenn Durfee, Rebecca E. Grinter, D.K. Smetters, and Paul Stewart. 2004. Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute. Proceedings of the 13th USENIX Security Symposium (2004).

[2]

Dirk Balfanz, D. K. Smetters, Paul Stewart, and H. Chi Wong. 2002. Talking To Strangers: Authentication in Ad-Hoc Wireless Networks. (2002).

[3]

Bluetooth SIG. 2016. Specification of the Bluetooth System, v5.0. https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=421043

[4]

John Brooke et al. 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194 (1996), 4--7.

[5]

Mario Cagalj, Srdjan Capkun, and Jean-Pierre Hubaux. 2006. Key Agreement in Peer-to-Peer Wireless Networks. Proc. IEEE 94, 2 (2006), 467--478.

[6]

Claude Castelluccia and Pars Mutaf. 2005. Shake them up!: a movement-based pairing protocol for CPU-constrained devices. In Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, MobiSys 2005, Seattle, Washington, USA, June 6-8, 2005. 51--64.

Digital Library

[7]

Chia-Hsin Owen Chen, Chung-Wei Chen, Cynthia Kuo, Yan-Hao Lai, Jonathan M. McCune, Ahren Studer, Adrian Perrig, Bo-Yin Yang, and Tzong-Chen Wu. 2008. GAnGS: gather, authenticate 'n group securely. In Proceedings of the 14th Annual International Conference on Mobile Computing and Networking, MOBICOM 2008, San Francisco, California, USA, September 14-19, 2008. 92--103.

Digital Library

[8]

Lorrie Faith Cranor. 2008. A Framework for Reasoning About the Human in the Loop. In Usability, Psychology, and Security, UPSEC'08, San Francisco, CA, USA, April 14, 2008, Proceedings, Elizabeth F. Churchill and Rachna Dhamija (Eds.). USENIX Association. http://www.usenix.org/events/upsec08/tech/full_papers/cranor/cranor.pdf

[9]

Stephen Dawson-Haggerty, Steven Lanzisera, Jay Taneja, Richard Brown, and David E. Culler. 2012. @ scale: insights from a large, long-lived appliance energy WSN. In The 11th International Conference on Information Processing in Sensor Networks (co-located with CPS Week 2012), IPSN 2012, Beijing, China, April 16-19, 2012. 37--48.

Digital Library

[10]

Marco Dietz, Martin Striegel, Robert Weigel, and Amelie Hagelauer. 2018. A new heat-warning-system based on a wireless body area network for protecting firefighters in indoor operations. In 2018 IEEE Topical Conference on Wireless Sensors and Sensor Networks (WiSNet). IEEE.

[11]

Espressif Inc. 2019. ESP32 Series Datasheet Version 3.2. https://www.espressif.com/sites/default/files/documentation/esp32_datasheet_en.pdf

[12]

Matthias Gauger, Olga Saukh, and Pedro José Marrón. 2009. Enlighten Me! Secure Key Assignment in Wireless Sensor Networks. In IEEE 6th International Conference on Mobile Adhoc and Sensor Systems, MASS 2009, 12-15 October 2009, Macau (S.A.R.), China. 246--255.

[13]

Michael T. Goodrich, Michael Sirivianos, John Solis, Gene Tsudik, and Ersin Uzun. 2006. Loud and Clear: Human-Verifiable Authentication Based on Audio. In 26th IEEE International Conference on Distributed Computing Systems (ICDCS 2006), 4-7 July 2006, Lisboa, Portugal. 10.

Digital Library

[14]

Jaap-Henk Hoepman. 2008. The Ephemeral Pairing Problem. CoRR abs/0802.0834 (2008). arXiv:0802.0834 http://arxiv.org/abs/0802.0834

[15]

Lars Erik Holmquist, Friedemann Mattern, Bernt Schiele, Petteri Alahuhta, Michael Beigl, and Hans-Werner Gellersen. 2001. Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts. In Ubicomp 2001: Ubiquitous Computing, Third International Conference Atlanta, Georgia, USA, September 30 - October 2, 2001, Proceedings. 116--122.

[16]

Espressic Inc. [n.d.]. Over The Air Updates (OTA). https://docs.espressif.com/projects/esp-idf/en/latest/api-reference/system/ota.html

[17]

International Standards Organization. 2006. ISO 9241-110:2006 Ergonomics of human-system interaction - Part 110: Dialogue principles. https://www.iso.org/standard/38009.html.

[18]

Cynthia Kuo, Mark Luk, Rohit Negi, and Adrian Perrig. 2007. Message-in-a-bottle: user-friendly and secure key deployment for sensor nodes. In Proceedings of the 5th International Conference on Embedded Networked Sensor Systems, SenSys 2007, Sydney, NSW, Australia, November 6-9, 2007. 233--246.

Digital Library

[19]

Yee Wei Law, Giorgi Moniava, Zheng Gong, Pieter H. Hartel, and Marimuthu Palaniswami. 2011. KALwEN: a new practical and interoperable key management scheme for body sensor networks. Security and Communication Networks 4, 11 (2011), 1309--1329.

Digital Library

[20]

Jonathan Lester, Blake Hannaford, and Gaetano Borriello. 2004. "Are You with Me?" - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person. In Pervasive Computing, Second International Conference, PERVASIVE 2004, Vienna, Austria, April 21-23, 2004, Proceedings. 33--50.

[21]

Ming Li, Shucheng Yu, Wenjing Lou, and Kui Ren. 2010. Group Device Pairing based Secure Sensor Association and Key Management for Body Area Networks. In INFOCOM 2010. 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 15-19 March 2010, San Diego, CA, USA. 2651--2659.

[22]

Rene Mayrhofer and Hans Gellersen. 2007. Shake Well Before Use: Authentication Based on Accelerometer Data. In Pervasive Computing, 5th International Conference, PERVASIVE 2007, Toronto, Canada, May 13-16, 2007, Proceedings. 144--161.

[23]

NXP. 2018. ZigBee Cluster Library (for ZigBee 3.0) User Guide. https://www.nxp.com/docs/en/user-guide/JN-UG-3115.pdf

[24]

MBED OS. 2019. Firmware Over the Air FOTA Updates. https://os.mbed.com/teams/Bluetooth-Low-Energy/wiki/Firmware-Over-the-Air-FOTA-Updates

[25]

Daniele Perito and Gene Tsudik. 2010. Secure code update for embedded devices via proofs of secure erasure. In European Symposium on Research in Computer Security. Springer, 643--662.

Digital Library

[26]

Toni Perkovic, Mario Cagalj, Toni Mastelic, Nitesh Saxena, and Dinko Begusic. 2012. Secure Initialization of Multiple Constrained Wireless Devices for an Unaided User. IEEE Trans. Mob. Comput. 11, 2 (2012), 337--351.

Digital Library

[27]

Ramnath Prasad and Nitesh Saxena. 2008. Efficient Device Pairing Using "Human-Comparable" Synchronized Audiovisual Patterns. In Applied Cryptography and Network Security, 6th International Conference, ACNS 2008, New York, NY, USA, June 3-6, 2008. Proceedings. 328--345.

[28]

PYCOM. 2019. Lorawan OTA update. Online. https://docs.pycom.io/tutorials/all/ota-lorawan/.

[29]

QualcommInc. 2019. AR9271 Data Sheet. https://www.ath-drivers.eu/qualcomm-atheros-download-datasheets-nr-105-with-code-4337.html

[30]

Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan. 2006. Secure Device Pairing based on a Visual Channel. In 2006 IEEE Symposium on Security and Privacy (S&P 2006), 21-24 May 2006, Berkeley, California, USA. 306--313.

Digital Library

[31]

Nitesh Saxena and Md. Borhan Uddin. 2009. Blink 'Em All: Scalable, User-Friendly and Secure Initialization of Wireless Sensor Nodes. In Cryptology and Network Security, 8th International Conference, CANS 2009, Kanazawa, Japan, December 12-14, 2009. Proceedings. 154--173.

Digital Library

[32]

Mark Solters. 2016. OTA for Contiki (CC2650 SoC). http://marksolters.com/programming/2016/06/07/contiki-ota.html

[33]

Claudio Soriente, Gene Tsudik, and Ersin Uzun. 2008. HAPADEP: Human-Assisted Pure Audio Device Pairing. Information Security: 11th International Conference, ISC 2008, Taipei, Taiwan, September 15-18, 2008, Proceedings (Lecture Notes in Computer Science). http://sprout.ics.uci.edu/pubs/hapadep.pdf

[34]

Frank Stajano and Ross J. Anderson. 1999. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In Security Protocols, 7th International Workshop, Cambridge, UK, April 19-21, 1999, Proceedings. 172-194.

[35]

Martin Striegel, Carsten Rolfes, Johann Heyszl, Fabian Helfert, Maximilian Hornung, and Georg Sigl. 2019. EyeSec: A Retrofittable Augmented Reality Tool for Troubleshooting Wireless Sensor Networks in the Field. In Proceedings of the 2019 International Conference on Embedded Wireless Systems and Networks, EWSN 2019, Beijing, China, February 25-27, 2019. 184--193. https://dl.acm.org/citation.cfm?id=3324343

[36]

Colin Swindells, Kori Inkpen, John Dill, and Melanie Tory. 2002. That one there! Pointing to establish device identity. In Proceedings of the 15th Annual ACM Symposium on User Interface Software and Technology, Paris, France, October 27-30, 2002. 151--160.

Digital Library

[37]

Cristina Videira Lopes and Pedro Aguiar. 2001. Aerial acoustic communications. 219 -- 222.

Cited By

Premkumar MAshokkumar SJeevanantham VMohanbabu GAnuPallavi S(2023)Scalable and Energy Efficient Cluster Based Anomaly Detection Against Denial of Service Attacks in Wireless Sensor NetworksWireless Personal Communications10.1007/s11277-023-10252-3129:4(2669-2691)Online publication date: 6-Mar-2023
https://doi.org/10.1007/s11277-023-10252-3
Hernandez-Cano ACammarota RImani M(2021)PRID: Model Inversion Privacy Attacks in Hyperdimensional Learning Systems2021 58th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC18074.2021.9586217(553-558)Online publication date: 5-Dec-2021
https://doi.org/10.1109/DAC18074.2021.9586217

Index Terms

Secure and user-friendly over-the-air firmware distribution in a portable faraday cage

Recommendations

Practical and secure localization and key distribution for wireless sensor networks

In many applications of wireless sensor networks, sensor nodes are manually deployed in hostile environments where an attacker can disrupt the localization service and tamper with legitimate in-network communication. In this article, we introduce Secure ...
On the Analysis of k-Secure t-Conference Key Distribution Scheme
ICCNS '17: Proceedings of the 2017 7th International Conference on Communication and Network Security

The k-Secure t-Conference key distribution scheme (kStC-KDS) provides dynamic conferences in wireless sensor networks, which any group of t sensor nodes can derive a conference key using only its pre-distributed piece in sensor nod concept is based on a ...
A Modified Key Management Scheme for Wireless Sensor Network
ICECC '12: Proceedings of the 2012 International Conference on Electronics, Communications and Control

Key management is one of the most challenging security problems in wireless sensor networks. Based on the random key pre-distribution scheme, we propose a new scheme for wireless sensor networks. This program uses only save the key identification number ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

July 2020

366 pages

ISBN:9781450380065

DOI:10.1145/3395351

General Chairs:
René Mayrhofer
Johannes Kepler University Linz, Linz, AT
,
Michael Roland
Johannes Kepler University Linz, Linz, AT

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 July 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WiSec '20

Sponsor:

SIGSAC

WiSec '20: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

July 8 - 10, 2020

Linz, Austria

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
107
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Premkumar MAshokkumar SJeevanantham VMohanbabu GAnuPallavi S(2023)Scalable and Energy Efficient Cluster Based Anomaly Detection Against Denial of Service Attacks in Wireless Sensor NetworksWireless Personal Communications10.1007/s11277-023-10252-3129:4(2669-2691)Online publication date: 6-Mar-2023
https://doi.org/10.1007/s11277-023-10252-3
Hernandez-Cano ACammarota RImani M(2021)PRID: Model Inversion Privacy Attacks in Hyperdimensional Learning Systems2021 58th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC18074.2021.9586217(553-558)Online publication date: 5-Dec-2021
https://doi.org/10.1109/DAC18074.2021.9586217

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents