Towards Formal Security Verification of Over-the-Air Update Protocol: Requirements, Survey and UpKit Case Study

Christophe Ponsard; Denis Darquennes

doi:10.5220/0010431408000808

Towards Formal Security Verification of Over-the-Air Update Protocol: Requirements, Survey and UpKit Case Study

Christophe Ponsard, Denis Darquennes

2021

Abstract

The fast growing number of connected devices through the Internet of Things requires the capability of performing secure and efficient over-the-air updates in order to manage the deployment of innovative features and to correct security issues. Pushing an updated image in a device requires a complex protocol exposed to security threats which could be exploited to block, spy or even take control of the updated device. Hence, such update protocols need to be carefully designed and verified. In the scope of this paper, we review some representative update protocols and related threats based on MQTT, TUF (Uptane) and the blockchain. We then show how the adequate management of those threats can be verified using a formal modelling and verification approach using the Tamarin tooling. Our work is applied to the concrete case of the UpKit protocol which exhibits an interesting design.

Download

Paper Citation

in Harvard Style

Ponsard C. and Darquennes D. (2021). Towards Formal Security Verification of Over-the-Air Update Protocol: Requirements, Survey and UpKit Case Study.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ForSE, ISBN 978-989-758-491-6, pages 800-808. DOI: 10.5220/0010431408000808

in Bibtex Style

@conference{forse21,
author={Christophe Ponsard and Denis Darquennes},
title={Towards Formal Security Verification of Over-the-Air Update Protocol: Requirements, Survey and UpKit Case Study},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,},
year={2021},
pages={800-808},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010431408000808},
isbn={978-989-758-491-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,
TI - Towards Formal Security Verification of Over-the-Air Update Protocol: Requirements, Survey and UpKit Case Study
SN - 978-989-758-491-6
AU - Ponsard C.
AU - Darquennes D.
PY - 2021
SP - 800
EP - 808
DO - 10.5220/0010431408000808