Description
The growing numbers of Internet of Things (IoT) devices have put an
emphasis on their security over the last years. Patching known vulnerabil-
ities and providing recent software is an important aspect of maintaining
device security. Most embedded Linux Over-the-Air (OtA) firmware (FW)
update solutions rely on the Linux kernel for sensitive update operations,
resulting in a large and potentially vulnerable update Trusted Computing
Base (TCB).
This thesis proposes a secure update mechanism for embedded Linux de-
vices mitigating common attacks on OtA FW updates under the assump-
tion of a root compromised Linux kernel in the device's production image.
Based on these attacker capabilities, we develop a system which reliably
updates all mutable firmware. To achieve this, we adjust the bootloader
to perform the sensitive tasks of update metadata verification and update
installation. Additionally, we use the dominance concept, to reliably re-
trieve updates.
We demonstrate the feasibility of our concept in a Proof of Concept (PoC)
based on an ARM Cortex-A53 powered device and evaluate our solution
with regard to its security.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching