Modern product development is not a one-off activity. Generally, customers across application domains expect the purchased devices to have a long-life span and to be maintained by product vendors. OEM’s need to keep updating their device features as a way of staying ahead of the curve. Further with increasing IoT based cyber-attacks, rolling out security patches and occasional bug fixes, it is important to remotely upgrade the embedded devices in the field. And if needed, the system should have the ability to roll back to the previous version.
For over a decade, Embien has amassed a huge knowledge in product management and has been helping product developers perform secure remote firmware updates. We have implemented numerous Secure FOTA Update (Firmware Over the Air updates) mechanisms, customized to different industries and use cases. Our services have provided a significant advantage to our clients by positioning their product above the competition. Whether it is updating over a local network, or via USB pen drives or SD card or web interface or directly download from cloud storage, our team has implemented it securely.
Full / Incremental updates, Image A/B Model, Roll back on failure
USB, CAN, UART, RS232, RS485, BLE, Wi-Fi, LoRa, Ethernet etc.
Ciphers and hashing algorithms like AES, RSA, ECDSA, SHA-2 etc.
Amazon S3, Azure Cloud, AWS Cloud servers, GCP, HTTPS, MQTT, AMQP etc.
Our Secure FOTA update designs incorporate the CIA triad - Confidentiality, integrity, and authenticity so that the device is sure of the originator of the image, validity of the downloaded image and also no one can view the contents. We leverage the mathematical strengths of asymmetric cryptographic algorithms to validate the firmware. The firmware image to be updated is signed with a private key that is securely stored & authenticated by the public key in the devices. With our Secure boot designs, the chain of trust is established right from the first code executed, thereby preventing any possibility of modifying the public key. In this way, it is impossible for a third party to spoof the image.
With mutual authentication even the cloud server can ensure that the requesting party is authorized for access to the update information. Our Secure Firmware Update mechanism spans different classes of devices right from low end 8-bit, 16 bit and ARM Cortex M MCUS to powerful processors. We have developed custom firmware over the air updates for Renesas RH850, STM32, NXP iMx, TI, NVIDIA Jetson, Snapdragon powered Linux/Android systems. Our team is highly experienced in utilizing the underlying crypto features in the hardware to enable a more secure and faster system firmware over the air updates. Our team can also help with the cloud application development as a one-stop solution for secure remote firmware updates.