Robust Security Updates for Connected Devices

Abstract: We are emerging into the IoT (Internet of Things) era as the IoT market is quickly increasing, giving us connected devices everywhere, from personal accessories to smart homes and even whole city infrastructures. The manufacturing companies need to stay competitive in this rapidly evolving market, so they need to minimize the price and optimize the Time to Market (TTM). When new versions of a product are released, they get higher priorities than their predecessors. Still there are many devices based on the old version in use. With all these old devices connected to the Internet, problems are raised when software vulnerabilities are found because they will be more exposed to attackers. This may have severe consequences, not only for users' privacy, but also for the security of the society. In this thesis we try to overcome some of these problems by providing a thorough vulnerability assessment as well as a secure update mechanism. An in-depth analysis on how to assess vulnerabilities is presented. We provide an implementation to deploy updates in a robust way. We consider security aspects such as confidentiality, integrity and non-repudiation, but also the need for failure recovery of the system and distribution of data in an efficient way. A camera is being attacked to demonstrate the need for a secure update mechanism.