Autonomous and malware-proof blockchain-based firmware update platform with efficient batch verification for Internet of Things devices

Jen Wei Hu, Lo Yao Yeh, Shih Wei Liao, Chu-Sing Yang

Research output: Contribution to journalArticle

Abstract

Internet of Things (IoT) devices are expected to penetrate users’ lives everywhere. However, the occurrence of several massive distributed denial-of-service (DDoS) attacks in infected IoT devices has brought increased attention to the importance of IoT security. Since IoT devices are equipped only with lightweight operation systems, the installation of antivirus software cannot be guaranteed. Therefore, a method through which the firmware of IoT devices can be securely and autonomously updated must be developed. This paper proposes a blockchain-based firmware updating platform to enhance the process of updating firmware. A smart contract is used to ensure integrity and enforce the scanning of malicious code. With a peer-to-peer file sharing system, our platform enjoys high availability without the single failure point problem, mitigating the possibility of DDoS attacks. We use batch verification in case of multiple updating requests for better scalability. Through function comparisons and performance simulation, our scheme is shown to be effective in strengthening IoT security.

Original languageEnglish
Pages (from-to)238-252
Number of pages15
JournalComputers and Security
Volume86
DOIs
Publication statusPublished - 2019 Sep 1

Fingerprint

Firmware
Internet
integrity
Internet of things
Malware
Scalability
Availability
Scanning
simulation
performance

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law

Cite this

@article{244152f0a0474085bd156b945894041d,
title = "Autonomous and malware-proof blockchain-based firmware update platform with efficient batch verification for Internet of Things devices",
abstract = "Internet of Things (IoT) devices are expected to penetrate users’ lives everywhere. However, the occurrence of several massive distributed denial-of-service (DDoS) attacks in infected IoT devices has brought increased attention to the importance of IoT security. Since IoT devices are equipped only with lightweight operation systems, the installation of antivirus software cannot be guaranteed. Therefore, a method through which the firmware of IoT devices can be securely and autonomously updated must be developed. This paper proposes a blockchain-based firmware updating platform to enhance the process of updating firmware. A smart contract is used to ensure integrity and enforce the scanning of malicious code. With a peer-to-peer file sharing system, our platform enjoys high availability without the single failure point problem, mitigating the possibility of DDoS attacks. We use batch verification in case of multiple updating requests for better scalability. Through function comparisons and performance simulation, our scheme is shown to be effective in strengthening IoT security.",
author = "Hu, {Jen Wei} and Yeh, {Lo Yao} and Liao, {Shih Wei} and Chu-Sing Yang",
year = "2019",
month = "9",
day = "1",
doi = "10.1016/j.cose.2019.06.008",
language = "English",
volume = "86",
pages = "238--252",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

Autonomous and malware-proof blockchain-based firmware update platform with efficient batch verification for Internet of Things devices. / Hu, Jen Wei; Yeh, Lo Yao; Liao, Shih Wei; Yang, Chu-Sing.

In: Computers and Security, Vol. 86, 01.09.2019, p. 238-252.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Autonomous and malware-proof blockchain-based firmware update platform with efficient batch verification for Internet of Things devices

AU - Hu, Jen Wei

AU - Yeh, Lo Yao

AU - Liao, Shih Wei

AU - Yang, Chu-Sing

PY - 2019/9/1

Y1 - 2019/9/1

N2 - Internet of Things (IoT) devices are expected to penetrate users’ lives everywhere. However, the occurrence of several massive distributed denial-of-service (DDoS) attacks in infected IoT devices has brought increased attention to the importance of IoT security. Since IoT devices are equipped only with lightweight operation systems, the installation of antivirus software cannot be guaranteed. Therefore, a method through which the firmware of IoT devices can be securely and autonomously updated must be developed. This paper proposes a blockchain-based firmware updating platform to enhance the process of updating firmware. A smart contract is used to ensure integrity and enforce the scanning of malicious code. With a peer-to-peer file sharing system, our platform enjoys high availability without the single failure point problem, mitigating the possibility of DDoS attacks. We use batch verification in case of multiple updating requests for better scalability. Through function comparisons and performance simulation, our scheme is shown to be effective in strengthening IoT security.

AB - Internet of Things (IoT) devices are expected to penetrate users’ lives everywhere. However, the occurrence of several massive distributed denial-of-service (DDoS) attacks in infected IoT devices has brought increased attention to the importance of IoT security. Since IoT devices are equipped only with lightweight operation systems, the installation of antivirus software cannot be guaranteed. Therefore, a method through which the firmware of IoT devices can be securely and autonomously updated must be developed. This paper proposes a blockchain-based firmware updating platform to enhance the process of updating firmware. A smart contract is used to ensure integrity and enforce the scanning of malicious code. With a peer-to-peer file sharing system, our platform enjoys high availability without the single failure point problem, mitigating the possibility of DDoS attacks. We use batch verification in case of multiple updating requests for better scalability. Through function comparisons and performance simulation, our scheme is shown to be effective in strengthening IoT security.

UR - http://www.scopus.com/inward/record.url?scp=85068189601&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85068189601&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2019.06.008

DO - 10.1016/j.cose.2019.06.008

M3 - Article

VL - 86

SP - 238

EP - 252

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -