FOTB: a secure blockchain-based firmware update framework for IoT environment

Recently, numerous exploitations and attacks in IoT environment occurred all over the world. One of the major attacking channels is utilizing the firmware of IoT devices as the access interface to compromise the targeted IoT devices. Therefore, it is important for IoT device manufacturers to support secure and efficient firmware update functionality for sold or deployed IoT devices. In this paper, a secure and verifiable blockchain-based firmware update framework for IoT environment is proposed. The aims of the proposed framework are providing secure peer-to-peer verification mechanism on each new version of firmware released by corresponding device manufacturer and providing a reliable way to distribute the updated firmware to IoT devices in timely manner. Furthermore, the utilization of blockchain technology in the proposed framework ensures the integrity of firmware during its distribution through Internet. The proposed firmware update framework consists of four processes: creation of firmware update contract, creation of third-party firmware update contract, PUSH update mechanism and PULL update mechanism. Six corresponding protocols are derived to support the four processes. The evaluation on performance and security strength of the proposed firmware update framework is conducted. Based on the proofs of formal security analysis, the proposed framework supports mutual authentication and defends against major cyber attacks: firmware modification attack, impersonation attack, man-in-the-middle attack and replay attack.