Adaptive Security: Certificate and Key Rotation for Firmware Integrity

Sunil Joshi; Kenneth Crowther; Jarvis Robinson

doi:10.1109/SecDev56634.2023.00035

2023 IEEE Secure Development Conference (SecDev)

Adaptive Security: Certificate and Key Rotation for Firmware Integrity

Year: 2023, Pages: 214-215

DOI Bookmark: 10.1109/SecDev56634.2023.00035

Authors

Sunil Joshi, Xylem
Kenneth Crowther, Xylem
Jarvis Robinson, Xylem

Abstract

This paper provides an overview of several device architectures that allow for key rotation. Key rotation is important due to the frequency of lost signing keys, but it is difficult for Industrial Internet of Things (IIOT) devices due to limited resources during a secure boot process and the constraints of the firmware utilities that come from the chip vendors. The intent of this paper is to provide a practitioner’s perspective on this challenge and the tradeoff in hopes of inviting comments from chip vendors and the broader community.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

UFO - Hidden Backdoor Discovery and Security Verification in IoT Device Firmware
2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
A Large-Scale Analysis of IoT Firmware Version Distribution in the Wild
IEEE Transactions on Software Engineering
DUDE: Decryption, Unpacking, Deobfuscation, and Endian Conversion Framework for Embedded Devices Firmware
IEEE Transactions on Dependable and Secure Computing
A Parallel Directed Acyclic Graph Blockchain Ledger and Consensus Algorithm for Industrial Internet of Things
2023 3rd International Conference on Electronic Information Engineering and Computer Science (EIECS)
Chain Veri: Blockchain-Based Firmware Verification System for IoT Environment
2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
Measurement Study Towards a Unified Firmware Updating Scheme for Legacy IoT Devices
2019 14th Asia Joint Conference on Information Security (AsiaJCIS)
IoT Device Firmware Update over LoRa: The Blockchain Solution
2020 16th International Conference on Distributed Computing in Sensor Systems (DCOSS)
Blending Shared Responsibility and Zero Trust to Secure the Industrial Internet of Things
IEEE Security & Privacy
Cryptanalysis of PiLike: An Impersonation Attack on the Lightweight Identity-Based Authenticated Key Exchange Protocol Using Bi-ISIS
2024 19th Asia Joint Conference on Information Security (AsiaJCIS)
A Pull Firmware Update Mechanism for Industrial Control Based on IOTA Streams
2024 19th Asia Joint Conference on Information Security (AsiaJCIS)

Adaptive Security: Certificate and Key Rotation for Firmware Integrity

Authors

Abstract

Related Articles