Robust Security Updates for Connected Devices

Karlsson, Jonathan; Sönnerup, Jonathan

Robust Security Updates for Connected Devices

Mark

Karlsson, Jonathan ^LU and Sönnerup, Jonathan ^LU (2016) EITM01 20161
Department of Electrical and Information Technology

Abstract: We are emerging into the IoT (Internet of Things) era as the IoT market is quickly
increasing, giving us connected devices everywhere, from personal accessories to
smart homes and even whole city infrastructures. The manufacturing companies
need to stay competitive in this rapidly evolving market, so they need to minimize
the price and optimize the Time to Market (TTM). When new versions of a product
are released, they get higher priorities than their predecessors. Still there are many
devices based on the old version in use. With all these old devices connected to
the Internet, problems are raised when software vulnerabilities are found because
they will be more exposed to attackers. This may have severe consequences, not
only... (More); We are emerging into the IoT (Internet of Things) era as the IoT market is quickly
increasing, giving us connected devices everywhere, from personal accessories to
smart homes and even whole city infrastructures. The manufacturing companies
need to stay competitive in this rapidly evolving market, so they need to minimize
the price and optimize the Time to Market (TTM). When new versions of a product
are released, they get higher priorities than their predecessors. Still there are many
devices based on the old version in use. With all these old devices connected to
the Internet, problems are raised when software vulnerabilities are found because
they will be more exposed to attackers. This may have severe consequences, not
only for users' privacy, but also for the security of the society.
In this thesis we try to overcome some of these problems by providing a thorough vulnerability assessment as well as a secure update mechanism. An in-depth
analysis on how to assess vulnerabilities is presented. We provide an implementation to deploy updates in a robust way. We consider security aspects such as
confidentiality, integrity and non-repudiation, but also the need for failure recovery of the system and distribution of data in an efficient way. A camera is being
attacked to demonstrate the need for a secure update mechanism. (Less)
Popular Abstract: The Internet of Things (IoT) revolution
has just started and there is a tremendous
increase in the number of devices
connected to the Internet. Some companies
estimate it to reach a number between 20 and
50 billion connected devices by the year of
2020.

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/8841016

author

Karlsson, Jonathan ^LU and Sönnerup, Jonathan ^LU

supervisor

Martin Hell ^LU
Fredrik Larsson

organization

Department of Electrical and Information Technology

course

EITM01 20161

year

2016

type

H2 - Master's Degree (Two Years)

subject

Technology and Engineering

keywords

Vulnerability Assessment, IoT, Security, Software Updates, OTA, Device Management

report number

LU/LTH-EIT 2016-485

language

English

id

8841016

date added to LUP

2016-03-16 08:50:13

date last changed

2016-05-11 14:27:55

@misc{8841016,
  abstract     = {{We are emerging into the IoT (Internet of Things) era as the IoT market is quickly
increasing, giving us connected devices everywhere, from personal accessories to
smart homes and even whole city infrastructures. The manufacturing companies
need to stay competitive in this rapidly evolving market, so they need to minimize
the price and optimize the Time to Market (TTM). When new versions of a product
are released, they get higher priorities than their predecessors. Still there are many
devices based on the old version in use. With all these old devices connected to
the Internet, problems are raised when software vulnerabilities are found because
they will be more exposed to attackers. This may have severe consequences, not
only for users' privacy, but also for the security of the society.
In this thesis we try to overcome some of these problems by providing a thorough vulnerability assessment as well as a secure update mechanism. An in-depth
analysis on how to assess vulnerabilities is presented. We provide an implementation to deploy updates in a robust way. We consider security aspects such as
confidentiality, integrity and non-repudiation, but also the need for failure recovery of the system and distribution of data in an efficient way. A camera is being
attacked to demonstrate the need for a secure update mechanism.}},
  author       = {{Karlsson, Jonathan and Sönnerup, Jonathan}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Robust Security Updates for Connected Devices}},
  year         = {{2016}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Robust Security Updates for Connected Devices