Secure Firmware Update (FOTA) for Edge Devices

Over the past few years, there has been a surge in the popularity of the IoT Devices such as smart watches, fitness bands, machine health monitors, vehicle tracking systems and so on. Market expects the manufacturers to offer support like adding new features to existing models post release, rolling out bug fixes, fixing vulnerabilities and exposures etc., This can be achieved by providing a firmware update, either remotely Over the Air (OTA) for online devices or physically using memory cards/USB storage devices for offline devices. With increasing deployment of such devices and reliance on external infrastructure, the potential for cyber-threats has also raised proportionally. This calls for a safe and reliable mechanism to perform updates. Embien, being a leading provider of IoT Design and Engineering services, possess the required expertise to design and develop Secure Firmware Update feature for IoT Devices that is highly secure and resistant against unauthorized access and tampering.

Client Requirement

A major industrial OEM came up with a need to offer a secure FOTA update feature for their i.MX6 based IoT Gateway and protect it from malicious access.

Proposed Solution

We, at Embien, understood the requirement well and offered and end-to-end solution including secure boot and FOTA along with necessary tools that can cover a larger line of their products. All the relevant cyber-security aspects were taken care and best-in-class solution was created in shortest possible time.

Embien evaluated, proposed and implemented an easy to use and deploy firmware update system that assured code integrity and confidentiality during the update process. We assisted the client in setting up the necessary cloud infrastructure and helped resolve some of the most relevant external security threats.

Security at the Edge System

The first and foremost part was to ensure the chain of trust is established in the device. This is done by leveraging the secure boot mechanism provided by the processor. The relevant keys are programmed and OTP fuses blown. Further partitions are signed suitably so that the OS is launched only if the content’s authenticity is ensured.

For implementing FOTA update process, the new firmware along with other information such as versions, licences etc is designed to be packed as a secure package. This firmware package is signed using asymmetric cryptographic algorithms.

The update package is generally delivered using a secure FOTA server .An alternate offline upload mechanism is also provided whereby the package is also encrypted so that the package cannot be analysed by third-party and used for cyber-attacks.

Up on reception of the FOTA package in the embedded Linux system, the contents are validated for integrity. On successful validation, the update package in decrypted, if necessary, unpacked and reprogramming initiated. Embien also overhauled the partitioning and split the storage to three parts namely:

  • Boot Loader
  • File System A – primary
  • File System B – secondary

Using this A/B architecture, it is even possible to perform roll back in case some real-time issues occurs in the field.

Considering the cyber-security aspects, the cryptographic keys were stored safely in a secure element device (Microchip ECC608).

End to End Security

Embien also helped set up a Public Key Infrastructure (PKI) for authentication purpose. The cloud instance is used for securely signing the content during package generation as well as validating it during installation. Provisions are provided to revoke the certificates in case needed.

All the steps from package creation, uploading to cloud servers, triggering FOTA etc are automated with the convenience of the scripts.

The best-in-class cryptographic algorithms such as AES256, ECDHA etc were used. Even the communication to the FOTA server is over TLS1.3. Detailed threat profiling was done and cyber-security approval obtained.

About Embien

Embien not only delivered the integrated FOTA (Firmware Over the Air) solution but exceeded the client’s expectation with its value-added services by implementing an end-to-end robust cyber-secure system and roll back features.

We have developed IoT devices with huge ramifications on security using advanced tools and techniques that prevented unauthorized access and tampering of device. For an enhanced security purpose, we enabled HAB mechanism for NXP i.MX Family, Cboot signature validation mechanism for NVIDIA Jetson Family and Secure Boot mechanism for the leading ARM Cortex-M devices (STM32, i.MX RT, Kinetis etc). We have established root of trust in edge devices using secure elements like ATECC508, ATECC608, SE050 etc.

To offer an unprecedented secure firmware update feature or to perform cyber-security analysis for your IoT based devices, get in touch with us today!