Secure over-the-air firmware updates for IoT systems
The customer needed a solution to allow secure over-the-air firmware updates for IoT systems installed at commercial properties. The system needed to know that the firmware it downloaded is an official release from the vendor and has not been tampered with during download or replaced on the server by someone with malicious intent.
Syncroness implemented a solution using cryptographically secure hashing and digital signatures on the firmware image to allow the system to verify the authenticity of a firmware update before allowing the update to proceed.
To prepare a new release of firmware, the customer uses the Secure Hash Algorithm (SHA-256, a standard recognized and widely used by the United States government) to compute a one-way hash or checksum of the file. The customer then uses standard RSA public key cryptography to encrypt the hash value with a private key. Once the hash is encrypted, only the public key can decrypt it back to its original value. The firmware and the encrypted hash are stored together as a signed package.
When the system downloads the firmware, it computes the SHA-256 hash on the downloaded firmware. The system can then use the public key to decrypt the signature and compare the hash it computed against the hash it decrypted. If the values match, then the firmware is authentic and the system can update itself with that image.
An attacker could create their own firmware with malicious intent, something that will cause the system to misbehave. They can compute a SHA-256 hash of the firmware, but without the private key, they cannot generate a valid signature. When the system downloads the signed firmware, it will decrypt the signature using the authentic public key, and the resulting hash will not match the computed hash. The system will reject the firmware update, and the system remains secure.
Security researchers note that many security breaches in systems using encryption result from poor implementations of otherwise secure algorithms. Syncroness leveraged a validated implementation of SHA-256 and RSA public cryptography, which not only saved implementation time, it also improved the security of the overall system.