Secure Remote Firmware Updates

Secure Remote Firmware Updates – An Overview

It is fairly clear that modern product development is not a one-off activity. Generally, customers across application domains expect the purchased devices to have a long-life span and to be maintained by product vendors. OEM’s need to keep updating their device features as a way of staying ahead of the curve. Further with increasing IoT based cyber-attacks, rolling out security patches and occasional bug fixes, it is important to remotely upgrade the embedded devices in the field.

For over a decade, Embien has amassed a huge knowledge in product management and has been helping product developers perform secure remote firmware updates. We have implemented numerous Secure FOTA (Firmware Over the Air) Update mechanisms, customized to different industries and use cases. Our services have provided a significant advantage to our clients by positioning their product above competition.

Technical Excellence

Features

Full updates, Incremental updates, Image A/B Model, Roll back on failure

Interfaces

USB, CAN, UART, RS232, RS485, BLE, Wi-Fi, LoRa, Ethernet etc

Authentication

Ciphers and hashing algorithms like AES, RSA, ECDSA, SHA-2 etc

Sources

Amazon S3, Azure Cloud, AWS Cloud servers, GCP, HTTPS, MQTT, AMQP

Secure FOTA Update for Connected Devices

Typically, the firmware to be updated can be downloaded on to the device online directly or in an offline mechanism using USB pen drives or from local servers. With a minimal effort, it is possible to fake the source and download a malicious firmware on to the target. As a first and foremost process, the device must ensure the authenticity of the downloaded firmware. Our Secure FOTA designs leverage the mathematical strengths of asymmetric cryptographic algorithms to validate the firmware. The firmware image to be updated is signed with a private key that is securely stored & authenticated by the public key in the devices. With our Secure boot designs, the chain of trust is established right from the first code executed, thereby preventing any possibility of modifying the public key. In this way, it is impossible for a third party to spoof the image.

We have also developed numerous mechanisms to securely deliver the firmware to the target. In some cases, we have encrypted the image using symmetric cryptographic algorithms such as AES, to prevent possible reverse engineering of binaries. We have also helped setting up PKI infrastructure for our customers to manage their updates easily & integrate as a part of their Dev Ops system.

Credentials in Securing Internet of Things

Embien has been performing remote firmware upgrade and securing Internet of Things devices for over a decade. Some of our credentials in this area includeDFU (Device Firmware Update) over UART and USB device class for MCU’s/ Processors
HTTPS Download from cloud
Amazon S3 Bucket based update
AMQP based firmware updates
Local web server-based updates for MCU’s and Linux
Android OTA updates
UDS over CAN for ECUs
Update over BLE/WiFi using Android/iOS mobile apps
Custom protocols over CAN, RS232, RS485 USB etc

OTA Implementations

Our team have developed mechanism to do both complete and incremental updates. Based on the need, the complete firmware including bootloader, kernel, root file systems, user applications can be updated in a single cycle. Or only one or more parts of the device firmware can be rolled out.

We have also developed fall back mechanism whereby the device will revert to previous version or a golden version of the firmware in case there are discrepancies after the update. Our Secure Firmware Update mechanism span different class of devices right from low end 8-bit, 16 bit and ARM Cortex M MCUS to powerful NXP iMx, TI, NVIDIA Jetson, Snapdragon powered Linux/Android systems. Get in touch with us to transform your product management with our Secure Firmware Update services.

Secure Remote Firmware Updates