[From the last episode: We saw many reasons why your IoTThe Internet of Things. A broad term covering many different applications where "things" are interconnected through the internet. device may need to be updated.]
We’ve seen that it’s important to do updates. How does that happen in real life?
An update “package” comes from the factory that created the new softwareIn this context, "software" refers to functions in an IoT device that are implemented by running instructions through some kind of processor. It's distinct from "hardware," where functions are built into a silicon chip or some other component.. The new software is going to replace part or most of the old software. (It can’t replace all of the software, since, at the very least, some small bit of software has to manage the updating process.) Here’s the question, then: how do you know that the new software package is legit?
What if some hackerA misused, but common term for an unauthorized person trying to break into a device or network. Originally, in this context, "hackers" referred to the good guys (or "white hats"), while "crackers" were the bad guys (black hats). is mailing you a fake update disguised as a real one, with malwareSoftware that usually finds its way into a computer or phone or IoT device without the knowledge or approval of the device's owner. It's malware when the intended purpose of the software is to cause some kind of harm. embedded inside? Or what if there is a real update, but someone hijacks the message en route and replaces the true update with a fake one?
This is where attestationA security operation that involves “inspecting” software (and perhaps also data) to check whether anything has been altered. is important. You want to be able to prove that you’re getting the real package, not a fake one. Authentication partly helps tell whether the package is coming from the place it says it’s coming from, but only if an interloper tries to pretend that they’re actually the factory. Assuming they’re who they say they are (factory or not), then authorization helps determine whether the sender is allowed to perform an update.
But if the attacker gets past those two things, then attestation is the next backstop. The factory should encryptEncryption refers to encoding and decoding (or encrypting and decrypting) data so that it can't be read unless you have the right key. It's critical for good security. the software, and then it should create a digital signature. That signature hashes the software code, so if someone changes the software or replaces it, the signature check will fail.
Using Two Routes
The factory could send the signature along with the packetA group of bits being sent from one place to another. How big the group is may vary depending on what kind of packet it is. Long messages -- like an email -- will typically be broken up into many packets, each of which travels independently until it gets to the destination, where they're reassembled into the email., but then it would be in the hands of the attacker – which may or may not be a problem. One way around that is, say, to send the update package over the air, but to email you the digital signatureAn encrypted digest that can be appended to a message or sent separately from the message. (or get it to you by some other medium). That way the attacker gets one, but not the other, and has no opportunity to try to fake the signature.
How you go from an email to approving the update could vary. There might be a code that you take from the email and enter on the device. Or maybe there’s a way to get the signature from your email to the device on your home networkA collection of items like computers, printers, phones, and other electronic items that are connected together by switches and routers. A network allows the connected devices to talk to each other electronically. The internet is an example of an extremely large network. Your home network, if you have one, is an example of a small local network.. There’s no one right way to do it, and making it easy is critical – especially if there will be frequentish updates.
However it happens, knowing that your update is legit is really important. There’s little you can personally do to provide this securityRefers to whether or not IoT devices or data are protected from unauthorized viewers.; it has to be designed into the IoT box and the update process. Something to ask about when you buy the box. Otherwise you may end up surrendering control of your device to the attacker. And no one wants that. Well, except for the attacker…
Leave a Reply