Secure plugin for automated software updates using Public Key Infrastructure for embedded systems

Abstract

Embedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and invisible way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. Most embedded device software is not updated after deployment. This is because chip manufacturers and system manufacturers (usually original device manufacturers) do not have any incentive, expertise, or even ability to patch the software once it is shipped. This leaves IoT developers to improvise their own ways of delivering software updates for embedded devices. These techniques do not have security in their design, and hence malicious updates from unauthorised sources may change the software leading to mass compromise. This research reviewed previous work done using the Public Key Infrastructure in securing software updates in legacy systems and led to the development of a secure software updates plugin for embedded devices. The prototype applies Experimental Research Design and Agile Development Methodology, for building of an evaluation platform. It provides opportunities to assess the dissertation progress and direction throughout the development lifecycle. This is achieved through iterations, coming up with a potentially stable product finally.