2022-07-21 07:04 AM
Hello,
I'm working for an MNC and we use stm32l431cc.
And I have to implement firmware updates over the air.
physical connection:
TARGET DEVICE <---UART----> External IOT DEVICE (GSM MODULE) which can be plugged in and out <----> Cloud service.
For the security part, I need advice or suggestions. I'm new to this topic, so I found confidentiality, integrity, and Authentication are important criteria for this situation.
What I understood confidentiality: No one can decrypt my firmware even if they got this through (physical wire etc.) or through cloud.
Integrity: Know if the firmware is changed or corrupted, intentionally or not. Like a crc check.
Authenticity: A math formula that "I know that this firmware is 100% from this person and decide what to do now".
Question:
integrity and authenticity are quite important. But why confidentiality?? Should I encrypt my software? Because a binary image is just bits right? either 0 or 1?
Can you suggest/advice what is important and what is not?
Also you can suggest where can I insert my CIA in the above physical system? For example using a secure UART or encrypted binary etc. Which is a good option in your opinion?
Question:
Can you also suggest what hardware and software changes to implement this setup?
Note: In this system, everything happens in the background. The consumer cannot know anything. there is no display, only one lead that's all.
Regards,
Vijay
2022-07-21 03:31 PM
If the firmware is not encrypted, someone can:
The only way one can get an absolutely secure channel, is with preshared keys. Everything else is just relatively secure in some aspects, but not all. Use an encrypted binary and you don't care anything about the channel's or medium's security. Also makes possible to deliver the firmware file with offline methods like USB flash etc.
Everything cannot happen in background. Even, if the firmware is downloaded in background, the system will anyway need to be restarted and will be in bootloader mode for some time.
2022-07-25 12:26 AM
Thank you @Piranha for the reply. I didn't give any reply soon because, after your reply, I didn't completely understood what your said. So I was looking at some security books and information to see what attacks can be performed if there is no keys.
So your idea was instead of making some secure channel (over UART or anything), it is good to use an encrypted binary. So it can be transferred over any medium. So I should even consider the module which decrypts and the footprint it consumes, since I use 512KB of memory, I should look for one which is small.
2022-10-19 04:22 PM
These two have everything necessary and are secure, small and relatively fast implementations.