Autonomous and malware-proof blockchain-based firmware update platform with efficient batch verification for Internet of Things devices

• Published in: Computers & security Vol. 86; pp. 238 - 252
• Main Authors: Hu, Jen-Wei, Yeh, Lo-Yao, Liao, Shih-Wei, Yang, Chu-Sing
• Format: Journal Article
• Language: English
• Published: Amsterdam Elsevier Ltd 01.09.2019; Elsevier Sequoia S.A
• Subjects: Anti-virus software; Blockchain; Cryptography; Denial of service attacks; Devices; Distributed Denial-of-Service (DDoS); Firmware; Internet of Things; Internet of Things (IoT); Malware; Operating systems; Smart contract; Internet of Things (IoT); Smart contract; Distributed Denial-of-Service (DDoS); Blockchain
• ISSN: 0167-4048; 1872-6208
• DOI: 10.1016/j.cose.2019.06.008

Internet of Things (IoT) devices are expected to penetrate users’ lives everywhere. However, the occurrence of several massive distributed denial-of-service (DDoS) attacks in infected IoT devices has brought increased attention to the importance of IoT security. Since IoT devices are equipped only with lightweight operation systems, the installation of antivirus software cannot be guaranteed. Therefore, a method through which the firmware of IoT devices can be securely and autonomously updated must be developed. This paper proposes a blockchain-based firmware updating platform to enhance the process of updating firmware. A smart contract is used to ensure integrity and enforce the scanning of malicious code. With a peer-to-peer file sharing system, our platform enjoys high availability without the single failure point problem, mitigating the possibility of DDoS attacks. We use batch verification in case of multiple updating requests for better scalability. Through function comparisons and performance simulation, our scheme is shown to be effective in strengthening IoT security.