Abstract
With the rapidly increasing number of Internet of Things (IoT) devices, various interconnected devices have become targets of growing cyberattacks. Keeping the firmware of an IoT device up-to-date is one feasible way to protect the device against cyberattacks. The existing approaches of firmware update (including distribution and validation) are not scalable in distribution to increasing numbers of devices, however, let alone able to provide reliable validation. To address the above issues, this study proposes a hybrid update scheme, including distributed membership-based firmware sharing for firmware distribution and smart-contract-enabled firmware validation via a blockchain (BC). This hybrid update approach leverages the advantages of a peer-to-peer network and a blockchain. Evaluation of the study has shown that the proposed distributed membership-based firmware sharing is more secure and scalable to an increasing number of devices. The proposed smart-contract-enabled firmware validation is more efficient than the firmware validation in existing studies since it can effectively reduce unwanted repeat validation via a smart contract in a blockchain. In addition, it can help make sure all members of an IoT-enabled service having the right firmware before providing the service to users. Such designs can improve service quality and also reduce as much human intervention to leverage the strengths of an IoT-enabled application or system.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Al-Ali A, Zualkernan IA, Rashid M, Gupta R, Alikarar M (2017) A smart home energy management system using IOT and big data analytics approach. IEEE Trans Consum Electron 63:426–434
Azaria A, Ekblaw A, Vieira T, Lippman A (2016) MedRec: using blockchain for medical data access and permission management. In: IEEE 2016 2nd international conference on open and big data (OBD), 22–24 Aug 2016, pp 25–30. https://doi.org/10.1109/OBD.2016.11
Azmoodeh A, Dehghantanha A, Conti M, Choo K-KR (2018) Detecting crypto-ransomware in IoT networks based on energy consumption footprint. J Ambient Intell Humaniz Comput 9:1141–1152
Chandra H, Anggadjaja E, Wijaya PS, Gunawan E (2016) Internet of Things: Over-the-Air (OTA) firmware update in Lightweight mesh network protocol for smart urban development. In: IEEE 2016 22nd Asia-Pacific conference on communications (APCC), 25–27 Aug 2016, pp 115–118. https://doi.org/10.1109/APCC.2016.7581459
Chen L et al (2017) Robustness, security and privacy in location-based services for future iot: a survey. IEEE Access 5:8956–8977
Choi BC, Lee SH, Na JC, Lee JH (2016) Secure firmware validation and update for consumer devices in home networking. IEEE Trans Consum Electron 62:39–44. https://doi.org/10.1109/TCE.2016.7448561
Cohen B (2003) Incentives build robustness in BitTorrent. In: Workshop on Economics of Peer-to-Peer systems, pp 68–72
Conoscenti M, Vetrò A, Martin JCD (2016) Blockchain for the internet of things: a systematic literature review. In: 2016 IEEE/ACS 13th international conference of computer systems and applications (AICCSA), 29 Nov–2 Dec 2016, pp 1–6. https://doi.org/10.1109/AICCSA.2016.7945805
Corporation(IDC) ID (2019) The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast. https://www.idc.com/getdoc.jsp?containerId=prUS45213219. Accessed 18 June
Cynthia J, Parveen Sultana H, Saroja M, Senthil J (2019) Security protocols for IoT. In: Jeyanthi N, Abraham A, Mcheick H (eds) Ubiquitous computing and computing security of IoT. Studies in big data, vol 47. Springer, Cham, pp 1–28. https://doi.org/10.1007/978-3-030-01566-4_1
Decker C, Wattenhofer R (2013) Information propagation in the Bitcoin network. In: IEEE P2P 2013 proceedings, Trento, Italy, 9–11 Sept 2013, pp 1–10. https://doi.org/10.1109/P2P.2013.6688704
Dhungel P, Wu D, Ross KW (2009) Measurement and mitigation of bittorrent leecher attacks. Comput Commun 32(17):1852–1861
Dhungel P, Hei X, Wu D, Ross KW (2011) A measurement study of attacks on bittorrent seeds. In: 2011 IEEE International Conference on Communications (ICC), pp 1–5. https://doi.org/10.1109/icc.2011.5963011
Dorri A, Kanhere SS, Jurdak R, Gauravaram P (2017a) Blockchain for IoT security and privacy: the case study of a smart home. In: 2017 IEEE international conference on pervasive computing and communications workshops (PerCom Workshops), Kona, HI, USA, 13–17 March 2017, pp 618–623. https://doi.org/10.1109/PERCOMW.2017.7917634
Dorri A, Steger M, Kanhere SS, Jurdak R (2017b) Blockchain: a distributed solution to automotive security and privacy. IEEE Commun Mag 55:119–125
Greenough J (2016) How the ‘Internet of Things’ will impact consumers, businesses, and governments in 2016 and beyond. Business Insider. https://www.insider.com/how-the-internet-of-things-market-will-grow-2016-6
Guan D, Wang J, Zhang Y, Dong J (2008) Understanding BitTorrent download performance. In: Seventh international conference on networking (icn 2008), Cancun, Mexico, pp 330–335. https://doi.org/10.1109/ICN.2008.16
Hashemi SH, Faghri F, Rausch P, Campbell RH (2016) World of empowered IoT users. In: 2016 IEEE first international conference on internet-of-things design and implementation (IoTDI), Berlin, Germany, pp 13–24. https://doi.org/10.1109/IoTDI.2015.39
Hatahet S, Bouabdallah A, Challal Y (2010) A new worm propagation threat in BitTorrent: modeling and analysis. Telecommun Syst 45:95–109. https://doi.org/10.1007/s11235-009-9241-2
Huckle S, Bhattacharya R, White M, Beloff N (2016) Internet of things, blockchain and shared economy applications. Proc Comput Sci 98:461–466
Jurkovic G, Sruk V (2014) Remote firmware update for constrained embedded systems. In: 2014 37th international convention on information and communication technology, electronics and microelectronics (MIPRO), Opatija, Croatia, pp 1019–1023. https://doi.org/10.1109/MIPRO.2014.6859718
Ko E, Kim T, Kim H (2018) Management platform of threats information in IoT environment. J Ambient Intell Humaniz Comput 9:1167–1176
Kong H-K, Hong MK, Kim T-S (2018) Security risk assessment framework for smart car using the attack tree analysis. J Ambient Intell Humaniz Comput 9:531–551
Konrath MA, Barcellos MP, Mansilha RB (2007) Attacking a Swarm with a Band of Liars: evaluating the impact of attacks on BitTorrent. In: Seventh IEEE international conference on Peer-to-Peer computing (P2P 2007), Galway, Ireland, 2–5 Sept 2007, pp 37–44. https://doi.org/10.1109/P2P.2007.14
Kwon D, Hodkiewicz MR, Fan J, Shibutani T, Pecht MG (2016) IoT-based prognostics and systems health management for industrial applications. IEEE Access 4:3659–3670
Lee B, Lee J-H (2017) Blockchain-based secure firmware update for embedded devices in an internet of things environment. J Supercomput 73:1152–1167
Li R, Song T, Mei B, Li H, Cheng X, Sun L (2018) Blockchain for large-scale internet of things data storage and protection. IEEE Trans Serv Comput. https://doi.org/10.1109/TSC.2018.2853167
Lin Q, Yan H, Huang Z, Chen W, Shen J, Tang Y (2018) An ID-based linearly homomorphic signature scheme and its application in blockchain. IEEE Access 6:20632–20640
Lu C-H (2018) Context-aware service provisioning via agentized and reconfigurable multi-model cooperation for real-life IoT-enabled smart home systems. IEEE Trans Syst Man Cybern-Syst 99:1–12. https://doi.org/10.1109/TSMC.2018.2831711
Lu C-H, Tsai C-E (2019) IoT-enabled Cross-Field and Reconfigurable Service Provisioning with User-centered Design. IEEE Syst J 13:4072–4080. https://doi.org/10.1109/JSYST.2019.2901595
Lu C-H, Wu C-L, Weng M-Y, Chen W-C, Fu L-C (2017) Context-aware energy saving system with multiple comfort-constrained optimization in M2M-based home environment. IEEE Trans Automation Sci Eng (IEEE T-ASE) 14:1400–1414. https://doi.org/10.1109/TASE.2012.2234922
Marr MD, Vincent P, Corddry MT, Hamilton JR (2015) Firmware validation from an external channel. Google Patents, US8971538B1 United States. Current Assignee: Amazon Technologies Inc
Meng W, Tischhauser EW, Wang Q, Wang Y, Han J (2018) When intrusion detection meets blockchain technology: a review. IEEE Access 6:10179–10188
Nevis BS, Albrecht M (2003) Secure method of updating bios by using a simply authenticated external module to further validate new firmware code. Google Patents, US6581159B1 United States. Current Assignee: Intel Corp
Nguyen TDT, Pham H-A, Thai MT (2018) Leveraging blockchain to enhance data privacy in IoT-based applications. In: International conference on computational social networks, cham, computational data and social networks. Springer International Publishing, Shanghai, China, pp 211–221. https://doi.org/10.1007/978-3-030-04648-4_18
Pering T, Farrington K, Dahm T (2018) Taming the IoT: operationalized testing to secure connected devices. Computer 51:90–94. https://doi.org/10.1109/MC.2018.2701633
Pournaghi SM, Bayat M, Farjami Y (2020) MedSBA: a novel and secure scheme to share medical data based on blockchaintechnology and attribute-based encryption. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-020-01710-y
Prada-Delgado MA, Vázquez-Reyes A, Baturone I (2017) Trustworthy firmware update for Internet-of-Thing Devices using physical unclonable functions. In: 2017 Global Internet of Things Summit (GIoTS), Geneva, Switzerland, 6–9 June 2017, pp 1–5. https://doi.org/10.1109/GIOTS.2017.8016282
Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21:120–126
Roy GGR, Britto Ramesh Kumar S (2019) An architecture to enable secure firmware updates on a distributed-trust IoT network using blockchain. In: International conference on computer networks and communication technologies. Springer, Singapore, pp 671–679. https://doi.org/10.1007/978-981-10-8681-6_61
Santos FR, da Costa Cordeiro WL, Gaspary LP, Barcellos MP (2010) Choking polluters in bittorrent file sharing communities. In: Network operations and management symposium (NOMS), Osaka, Japan, 19–23 April 2010. IEEE. https://doi.org/10.1109/NOMS.2010.5488657
Sharma AK, Sharma APN (2013) Bit torrent (Peer to Peer Network): antipiracy and anonymity. Int J Sci Res 4:253–256
Shirali-Shahreza S, Ganjali Y (2018) Protecting home user devices with a SDN-based firewall. IEEE Trans Consum Electron 64:92–100. https://doi.org/10.1109/TCE.2018.2811261
van Someren N, Harvey I (2002) Firmware validation. Google Patents, US20040268339A1 United States. Current Assignee: nCipher Corp Ltd
Verma P, Sood SK, Kalra S (2018) Cloud-centric IoT based student healthcare monitoring framework. J Ambient Intell Humaniz Comput 9:1293–1309
Wong K, Yeung K, Choi Y (2009) Solutions to swamp poisoning attacks in BitTorrent networks. In: Proceedings of the international multiconference of engineers and computer scientists, Hong Kong, 18–20 March 2009, pp 360–363
Zhang Y, Deng R, Liu X, Zheng D (2018) Outsourcing service fair payment based on blockchain and its applications in cloud computing. IEEE Trans Serv Comput. https://doi.org/10.1109/TSC.2018.2864191
Acknowledgements
This work was supported by the Ministry of Science and Technology, Taiwan under MOST 107-2221-E-011-131 and MOST 108-2221-E-011-158.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Electronic supplementary material
Below is the link to the electronic supplementary material.
Rights and permissions
About this article
Cite this article
Lu, CH., Liu, CH. & Chen, ZH. Secure and efficient firmware update for increasing IoT-enabled smart devices. J Ambient Intell Human Comput 14, 4987–5000 (2023). https://doi.org/10.1007/s12652-020-02492-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02492-z