PERVASIVE Home ! Work ! Play 2 2 Pervasive (Home) TURBOCHEF - - PDF document

pervasive
SMART_READER_LITE
LIVE PREVIEW

PERVASIVE Home ! Work ! Play 2 2 Pervasive (Home) TURBOCHEF - - PDF document

Sep 25, 2022 284 likes •437 views

Embedded Systems Silicon Valley 2011 ESC-202 Implementing Secure Remote Firmware Updates Tuesday May 3 rd , 8:00 9:15 Loren Shade loren@allegrosoft.com 1 1 PERVASIVE Home ! Work ! Play 2 2 Pervasive (Home) TURBOCHEF

slide-1
SLIDE 1

1

Embedded Systems Silicon Valley 2011

ESC-202 Implementing Secure Remote Firmware Updates

Tuesday May 3rd, 8:00 – 9:15

Loren Shade

loren@allegrosoft.com

1 2

PERVASIVE

Home ! Work ! Play

2

slide-2
SLIDE 2

3

Pervasive (Home)

CONTROL4 www.control4.com TURBOCHEF www.turbochef.com YAMAHA neoHD usa.yamaha.com MOXI www.moxi.com BAINULTRA www.bainultra.com

3 4

Pervasive (Work)

BROCADE www.brocade.com iPhone 4 www.control4.com Verizon FIOS ONT www.verizon.com CISCO VOIP PHONE www.cisco.com XEROX PRINTER www.xerox.com

4

slide-3
SLIDE 3

5 5 6 6

slide-4
SLIDE 4

7

Pervasive (Play)

XBOX 360 www.microsoft.com MARKIV DiskLavier PRO usa.yamaha.com KINDLE www.amazon.com THUNDER-MAX www.thunder-max.com FRETLIGHT www.fretlight.com GARMIN www.garmin.com

7

Microsoft Expects 10 Year Lifecycle for Xbox 360

8

FAD or FOREVER

Microsoft Expects 10 Years Lifecycle for Xbox 360 : Microsoft Xbox 360 to Have 10 Years Lifecycle, Anton Shilov, Xbit Laboratories, June 2009, http://www.xbitlabs.com/news/multimedia/display/20090603230547_Microsoft_Expects_10_Years_Lifecycle_for_Xbox_360.html

8

slide-5
SLIDE 5

9

Changes in Business Model

  • Product Business Models Endorse Updates
  • Extend Product Lifecycle
  • Engage Customers (Cross sell and upgrades)
  • Support and Service
  • $$$$$$$$$$$

9 10

Security and Remote Updates

  • Remote Update Implementations often Proprietary
  • Often None Standard Protocols
  • Often NO Security

10

slide-6
SLIDE 6

11 11 12

Security is a PROCESS!!

“Security is a chain; it is only as secure as the weakest link !” “Security is a process, not a product”

Bruce Schneier Secrets & Lies

Example - Defense Contractors working with DOE/DOD classified material

12

slide-7
SLIDE 7

13

Implementation Areas

Hardware Software (RTOS, Application) Operational Security Communications

13 14

Requirements

  • Leverage Established Standards
  • Authenticate Downloads
  • Validate Downloads
  • Versatile Communications Solution
  • Scalability
  • Cancel update on failed Authentication or Validation

14

slide-8
SLIDE 8

15

Simple Communications Framework

15 16

Security, Validation and Authentication

  • Key Pair – Public (pk) and Secure Private (sk)
  • Calculating Signature (FIPS 186-3)
  • Hash (FIPS 180-2)
  • Signature Calculation
  • Append Result

16

slide-9
SLIDE 9

17

Digital Signature Process

SOURCE: FIPS 186-3 (pg 9)

17 18

Implementation

18

slide-10
SLIDE 10

19

Trusted Authority in Development Cycle

19 20

Communications Architecture

  • HTTP
  • HTML/XHTML
  • XML

20

slide-11
SLIDE 11

21

Embedded Software Logic

  • TRUSTED DOWNLOAD (Subroutine)
  • DOWNLOAD LOGIC

21 22

Trusted Download

22

slide-12
SLIDE 12

23

Download Logic

23 24

Firmware Repository Organization

  • Simple XML
  • Variations employ server side logic

24

slide-13
SLIDE 13

25

<?xml version="1.0"?> <Revisions> <Product> <Name>RDMC 101</Name> <Major>1</Major> <Minor>50</Minor> <Beta>34</Beta> <Path>/files/RDMCv150b34.bin</Path> <Description>Beta 34 for RDMC 101 v1.5</Description> </Product> <Product> <Name>RPLAY 303</Name> <Major>1</Major> <Minor>00</Minor> <Beta>10</Beta> <Path>/files/rplay.100b10</Path> <Description>Beta 10 for RPLAY 303</Description> </Product> </Revisions>

Example XML

25 26

Example Update Screen

26

slide-14
SLIDE 14

Questions & Comments

loren@allegrosoft.com - 203-542-8166 Slides, Notes and Paper available at www.allegrosoft.com/escsv2011

27