| Summary: | 碩士 === 國立臺灣科技大學 === 資訊管理系 === 105 === With the rapid advancements in Internet of Things (IoT), there are a lot of sensors deployed in each environment such as home, hospitals, and factories. By using these sensors, we can collect different kinds of data from the environment and analyze it later. However, these sensors which have functionality to connect Internet have become attacked targets by malicious hacker. Although the manufacturers release new version of firmware to resolve vulnerability for specific sensors, the administrator of sensors may ignore the importance of firmware update. As a result, sensors are still under threat of attacks.
Nevertheless, the firmware update mechanism for sensors is not perfect nowadays. We must assure that a reliable method to verify the integrity and provider of firmware. Otherwise, if sensors install malicious firmware, they will be out of order or controlled by attackers to launch attacks in the future.
To sum up, this thesis designs a secure IoT firmware update mechanism based on Message Queuing Telemetry Transport(MQTT) protocol. It assures that new version of firmware provided by manufacturers can be pushed to corresponding sensors efficiently. We use Elliptic Curve Diffie-Hellman Key Exchange(ECDH), Digital Signature, and Keyed-hash Message Authentication Code(HMAC) algorithms in the protocol to accomplish machine-to-machine authentication. If firmware is modified or provided by attackers, our proposed protocol will detect it. Consequently, we promise that malicious firmware won’t be installed on sensors. Finally, we adopt a security analysis for our protocol, and confirm that our proposed protocol can defend common attacks such as Eavesdropping Attack, Man-in-the-middle Attack, Replay Attack, and Impersonation Attack.
|
|---|
