Advanced

Robust Security Updates for Connected Devices

Karlsson, Jonathan LU and Sönnerup, Jonathan LU (2016) EITM01 20161
Department of Electrical and Information Technology
Abstract
We are emerging into the IoT (Internet of Things) era as the IoT market is quickly
increasing, giving us connected devices everywhere, from personal accessories to
smart homes and even whole city infrastructures. The manufacturing companies
need to stay competitive in this rapidly evolving market, so they need to minimize
the price and optimize the Time to Market (TTM). When new versions of a product
are released, they get higher priorities than their predecessors. Still there are many
devices based on the old version in use. With all these old devices connected to
the Internet, problems are raised when software vulnerabilities are found because
they will be more exposed to attackers. This may have severe consequences, not
only... (More)
We are emerging into the IoT (Internet of Things) era as the IoT market is quickly
increasing, giving us connected devices everywhere, from personal accessories to
smart homes and even whole city infrastructures. The manufacturing companies
need to stay competitive in this rapidly evolving market, so they need to minimize
the price and optimize the Time to Market (TTM). When new versions of a product
are released, they get higher priorities than their predecessors. Still there are many
devices based on the old version in use. With all these old devices connected to
the Internet, problems are raised when software vulnerabilities are found because
they will be more exposed to attackers. This may have severe consequences, not
only for users' privacy, but also for the security of the society.
In this thesis we try to overcome some of these problems by providing a thorough vulnerability assessment as well as a secure update mechanism. An in-depth
analysis on how to assess vulnerabilities is presented. We provide an implementation to deploy updates in a robust way. We consider security aspects such as
confidentiality, integrity and non-repudiation, but also the need for failure recovery of the system and distribution of data in an efficient way. A camera is being
attacked to demonstrate the need for a secure update mechanism. (Less)
Popular Abstract
The Internet of Things (IoT) revolution
has just started and there is a tremendous
increase in the number of devices
connected to the Internet. Some companies
estimate it to reach a number between 20 and
50 billion connected devices by the year of
2020.
Please use this url to cite or link to this publication:
author
Karlsson, Jonathan LU and Sönnerup, Jonathan LU
supervisor
organization
course
EITM01 20161
year
type
H2 - Master's Degree (Two Years)
subject
keywords
Vulnerability Assessment, IoT, Security, Software Updates, OTA, Device Management
report number
LU/LTH-EIT 2016-485
language
English
id
8841016
date added to LUP
2016-03-16 08:50:13
date last changed
2016-05-11 14:27:55
@misc{8841016,
  abstract     = {We are emerging into the IoT (Internet of Things) era as the IoT market is quickly
increasing, giving us connected devices everywhere, from personal accessories to
smart homes and even whole city infrastructures. The manufacturing companies
need to stay competitive in this rapidly evolving market, so they need to minimize
the price and optimize the Time to Market (TTM). When new versions of a product
are released, they get higher priorities than their predecessors. Still there are many
devices based on the old version in use. With all these old devices connected to
the Internet, problems are raised when software vulnerabilities are found because
they will be more exposed to attackers. This may have severe consequences, not
only for users' privacy, but also for the security of the society.
In this thesis we try to overcome some of these problems by providing a thorough vulnerability assessment as well as a secure update mechanism. An in-depth
analysis on how to assess vulnerabilities is presented. We provide an implementation to deploy updates in a robust way. We consider security aspects such as
confidentiality, integrity and non-repudiation, but also the need for failure recovery of the system and distribution of data in an efficient way. A camera is being
attacked to demonstrate the need for a secure update mechanism.},
  author       = {Karlsson, Jonathan and Sönnerup, Jonathan},
  keyword      = {Vulnerability Assessment,IoT,Security,Software Updates,OTA,Device Management},
  language     = {eng},
  note         = {Student Paper},
  title        = {Robust Security Updates for Connected Devices},
  year         = {2016},
}