• The Transactions of the Korea Information Processing Society
• /
• v.13 no.10
• /
• pp.475-480
• /
• 2024

As Internet of Things (IoT) technology is being used in all industries, the importance of secure and convenient firmware update technology is increasing. However, conventional FOTA (Firmware Over-The-Air) technology has a problem because the security is weak when updating firmware with a single path, and strong encryption technology cannot be utilized. Therefore, this study proposes a secure FOTA (S-FOTA) mechanism for lightweight IoT and adaptive S-FOTA ARQ (Automatic Repeat Request) mechanism. This adaptive S-FOTA ARQ mechanism considers the case where the original file cannot be recovered because of the increase in lost files due to the congested channel state and compares and analyzes the conventional method in terms of security, complexity, and transmission speed. Experimental results show that S-FOTA with 40 encrypted files reduced the attacker's attack success rate by at least 62.58% and up to 99.99%, and S-FOTA with 40% of the total number of encrypted file segments takes at least 996.39% more time on average and up to 3374.99% more time than conventional FOTA. In addition, the transmission speed of the adaptive S-FOTA ARQ mechanism was at least 63.16% and up to 2736.36% higher than that of the conventional S-FOTA, and at least 53.89% and up to 70.89% higher than that of the conventional ARQ mechanism.

• Journal of Institute of Control, Robotics and Systems
• /
• v.15 no.8
• /
• pp.867-875
• /
• 2009

A wireless sensor network inherently comprises a plurality of sensor nodes widely deployed for sensing environmental information. To add new functions or to correct some faulty functions of an existing wireless sensor network, the firmware for each sensor node needs to be updated. Firmware update would be quite troublesome if it requires the gathering, reprogramming, and redeploy of all of already deployed sensor nodes. Over-the-air programming (OTA) facilitates the firmware update process, thereby allowing convenient maintenance of an already-deployed sensor network. This paper proposes and implements a remote firmware update mechanism for a TDMA-based wireless sensor network, in which the firmware for sensor nodes constituting the TDMA-based sensor network can be easily updated and the update process can be conveniently monitored from a remote site. We verify the validity of the proposed firmware update method via experiments and introduce three wireless sensor networks installed in outdoor sites in which the proposed firmware update mechanism has been exploited.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.569-572
• /
• 2016

It is currently associated with the increase in smart home devices. So they are getting a lot IoT platform for managing and integrating these devices. However, existing platforms lack the firmware management for each device. In this paper, We will make easier the management of firmware, using a technique called POTA. This technology is a technology that allows you to update the firmware using a wireless internet without a computer and Utilizing the TR-069 protocol, we propose a system for controlling each device in CPE.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.181-182
• /
• 2024

IoT(Internet of Things) 기기의 수가 급격히 증가하면서 무선 네트워크로 펌웨어와 데이터를 다운받아 업데이트하는 FOTA(Firmware Over-The-Air) 기술이 중요해지고 있다. 그러나, 종래 퍼징 기술은 펌웨어 취약점을 탐지할 때 요구되는 컴퓨팅 파워와 메모리가 커서 한정적인 자원을 지닌 IoT 기기에 적합하지 않다. 따라서 본 연구에서는 펌웨어 업데이트 파일에서 기존에 검증된 부분을 제외하고 업데이트된 부분만을 퍼징하는 부분 퍼징(Partial fuzzing) 기법을 제안한다. 실험 결과에 따르면 제안한 부분 퍼징 기법이 종래의 기법 대비 3 분 더 빨리 11 개의 크래시를 찾았고, 10 분의 퍼징 시간 동안 평균 1,044 (2 unique) 크래시를 추가로 발견했으며 평균 메모리 사용량을 232(KIB) 줄일 수 있었다.

• Journal of Internet Computing and Services
• /
• v.25 no.3
• /
• pp.1-8
• /
• 2024

As the Internet of Things (IoT) has gained significant prominence in our daily lives, most IoT devices rely on over-the-air technology to automatically update firmware or software remotely via the network connection to relieve the burden of manual updates by users. And preserving security for OTA interface is one of the main requirements to defend against potential threats. This paper presents a simulation of an attack scenario on the commoditized System-on-a-chip, ESP32 chip, utilized for drones during their OTA update process. We demonstrate three types of attacks, WiFi cracking, ARP spoofing, and TCP SYN flooding techniques and postpone the OTA update procedure on an ESP32 Drone. As in this scenario, unpatched IoT devices can be vulnerable to a variety of potential threats. Additionally, we review the chip to obtain traces of attacks from a forensics perspective and acquire memory forensic artifacts to indicate the SYN flooding attack.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.183-186
• /
• 2024

IoT(Internet of Things) 기기가 다양한 산업 분야에 활용되면서, 보안과 유지 보수를 위한 관리의 중요성이 커지고 있다. 편리한 IoT 기기 관리를 위해 무선 네트워크를 통한 펌웨어 업데이트 기술인 FOTA(Firmware Over The Air)가 적용되어 있지만, 컴퓨팅 파워가 제한된 경량 IoT 기기 특성상 취약점 탐지를 수행하기 어렵다. 본 연구에서는 IoT 기기들이 퍼징 테스트 케이스를 분할하여 협력적으로 퍼징하고, 노드 간의 퍼징 결과가 다르면 재검증을 수행하는 협력적 퍼징 기법을 제안한다. 실험 결과에 따르면, 중복되는 테스트 케이스를 2 개나 3 개 퍼징하는 협력적 퍼징 기법은 종래 방식 대비 연산량을 최소 약 16%, 최대 약 48% 줄였다. 또한, 종래 퍼징 기법 대비 취약점 탐지 성공률(Success rate of vulnerability detection)을 최소 약 3 배, 최대 약 3.4 배 개선시켰다.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.288-289
• /
• 2024

최근 전 산업 분야에서 사물인터넷 (Internet of Things, IoT) 기술이 활용되면서, 안전하고 편리한 펌웨어 업데이트 기술의 중요성이 커지고 있다. 그러나 종래의 FOTA (Firmware Over-The-Air) 기술은 단일 경로로 펌웨어를 업데이트하여 보안이 취약하고, 강력한 암호 기술을 활용할 수 없는 문제가 있다. 본 연구에서는 경량 IoT 를 위한 안전한 FOTA (Secure FOTA, S-FOTA) 메커니즘을 제안한다. 실험 결과에 따르면 제안하는 S-FOTA 는 암호화된 파일이 60 개이고 공격자 수가 100 명일 때 종래의 FOTA 대비 공격자의 공격 성공률을 89.84% 줄일 수 있었다.