Secure Remote Firmware Updates

At Embien, we assist product developers in updating their firmware remotely in a secure way & offer customizable Secure FOTA (Firmware Over The Air) Update mechanisms

Secure Remote Firmware Updates – An Overview

It is fairly clear that modern product development is not a one-off activity. Generally, customers across application domains expect the purchased devices to have a long-life span and to be maintained by product vendors. OEM’s need to keep updating their device features as a way of staying ahead of the curve. Further with increasing IoT based cyber-attacks, rolling out security patches and occasional bug fixes, it is important to remotely upgrade the embedded devices in the field.

For over a decade, Embien has amassed a huge knowledge in product management and has been helping product developers perform secure remote firmware updates. We have implemented numerous Secure FOTA (Firmware Over the Air) Update mechanisms, customized to different industries and use cases. Our services have provided a significant advantage to our clients by positioning their product above competition.

Technical Excellence

Features

Full updates, Incremental updates, Image A/B Model, Roll back on failure

Interfaces

USB, CAN, UART, RS232, RS485, BLE, Wi-Fi, LoRa, Ethernet etc

Authentication

Ciphers and hashing algorithms like AES, RSA, ECDSA, SHA-2 etc

Sources

Amazon S3, Azure Cloud, AWS Cloud servers, GCP, HTTPS, MQTT, AMQP

Secure FOTA Update for Connected Devices

Typically, the firmware to be updated can be downloaded on to the device online directly or in an offline mechanism using USB pen drives or from local servers. With a minimal effort, it is possible to fake the source and download a malicious firmware on to the target. As a first and foremost process, the device must ensure the authenticity of the downloaded firmware. Our Secure FOTA designs leverage the mathematical strengths of asymmetric cryptographic algorithms to validate the firmware. The firmware image to be updated is signed with a private key that is securely stored & authenticated by the public key in the devices. With our Secure boot designs, the chain of trust is established right from the first code executed, thereby preventing any possibility of modifying the public key. In this way, it is impossible for a third party to spoof the image.

We have also developed numerous mechanisms to securely deliver the firmware to the target. In some cases, we have encrypted the image using symmetric cryptographic algorithms such as AES, to prevent possible reverse engineering of binaries. We have also helped setting up PKI infrastructure for our customers to manage their updates easily & integrate as a part of their Dev Ops system.

img
img

Credentials in Securing Internet of Things

  • Embien has been performing remote firmware upgrade and securing Internet of Things devices for over a decade. Some of our credentials in this area includeDFU (Device Firmware Update) over UART and USB device class for MCU’s/ Processors
  • HTTPS Download from cloud
  • Amazon S3 Bucket based update
  • AMQP based firmware updates
  • Local web server-based updates for MCU’s and Linux
  • Android OTA updates
  • UDS over CAN for ECUs
  • Update over BLE/WiFi using Android/iOS mobile apps
  • Custom protocols over CAN, RS232, RS485 USB etc

OTA Implementations

Our team have developed mechanism to do both complete and incremental updates. Based on the need, the complete firmware including bootloader, kernel, root file systems, user applications can be updated in a single cycle. Or only one or more parts of the device firmware can be rolled out.

We have also developed fall back mechanism whereby the device will revert to previous version or a golden version of the firmware in case there are discrepancies after the update. Our Secure Firmware Update mechanism span different class of devices right from low end 8-bit, 16 bit and ARM Cortex M MCUS to powerful NXP iMx, TI, NVIDIA Jetson, Snapdragon powered Linux/Android systems. Get in touch with us to transform your product management with our Secure Firmware Update services.

img

Increase your resilience against cyber - attacks with Embien’s Secure FOTA Update for Connected Devices

Secure Configuration with POCO Web Server


Read More

Secure Firmware Update (FOTA) for Edge Devices


Read More

Looking for expert advise?