Saved in:
Bibliographic Details
Main Authors: Zhang, Qian, He, Yi, Xiao, Yue, Zhang, Xiaoli, Song, Chunhua
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2412.11564
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916525586251776
author Zhang, Qian
He, Yi
Xiao, Yue
Zhang, Xiaoli
Song, Chunhua
author_facet Zhang, Qian
He, Yi
Xiao, Yue
Zhang, Xiaoli
Song, Chunhua
contents As the Internet of Things (IoT) industry advances, the imperative to secure IoT devices has become increasingly critical. Current practices in both industry and academia advocate for the enhancement of device security through key installation. However, it has been observed that, in practice, IoT vendors frequently assign shared keys to batches of devices. This practice can expose devices to risks, such as data theft by attackers or large-scale Distributed Denial of Service (DDoS) attacks. To address this issue, our intuition is to assign a unique key to each device. Unfortunately, this strategy proves to be highly complex within the IoT context, as existing keys are typically hardcoded into the firmware, necessitating the creation of bespoke firmware for each device. Furthermore, correct pairing of device keys with their respective devices is crucial. Errors in this pairing process would incur substantial human and temporal resources to rectify and require extensive communication between IoT vendors, device manufacturers, and cloud platforms, leading to significant communication overhead. To overcome these challenges, we propose the OTA-Key scheme. This approach fundamentally decouples device keys from the firmware features stored in flash memory, utilizing an intermediary server to allocate unique device keys in two distinct stages and update keys. We conducted a formal security verification of our scheme using ProVerif and assessed its performance through a series of evaluations. The results demonstrate that our scheme is secure and effectively manages the large-scale distribution and updating of unique device keys. Additionally, it achieves significantly lower update times and data transfer volumes compared to other schemes.
format Preprint
id arxiv_https___arxiv_org_abs_2412_11564
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle OTA-Key: Over the Air Key Management for Flexible and Reliable IoT Device Provision
Zhang, Qian
He, Yi
Xiao, Yue
Zhang, Xiaoli
Song, Chunhua
Cryptography and Security
Software Engineering
As the Internet of Things (IoT) industry advances, the imperative to secure IoT devices has become increasingly critical. Current practices in both industry and academia advocate for the enhancement of device security through key installation. However, it has been observed that, in practice, IoT vendors frequently assign shared keys to batches of devices. This practice can expose devices to risks, such as data theft by attackers or large-scale Distributed Denial of Service (DDoS) attacks. To address this issue, our intuition is to assign a unique key to each device. Unfortunately, this strategy proves to be highly complex within the IoT context, as existing keys are typically hardcoded into the firmware, necessitating the creation of bespoke firmware for each device. Furthermore, correct pairing of device keys with their respective devices is crucial. Errors in this pairing process would incur substantial human and temporal resources to rectify and require extensive communication between IoT vendors, device manufacturers, and cloud platforms, leading to significant communication overhead. To overcome these challenges, we propose the OTA-Key scheme. This approach fundamentally decouples device keys from the firmware features stored in flash memory, utilizing an intermediary server to allocate unique device keys in two distinct stages and update keys. We conducted a formal security verification of our scheme using ProVerif and assessed its performance through a series of evaluations. The results demonstrate that our scheme is secure and effectively manages the large-scale distribution and updating of unique device keys. Additionally, it achieves significantly lower update times and data transfer volumes compared to other schemes.
title OTA-Key: Over the Air Key Management for Flexible and Reliable IoT Device Provision
topic Cryptography and Security
Software Engineering
url https://arxiv.org/abs/2412.11564