Reverse Sequence Hash Chain based Multicast Authentication for IoT Firmware Updates

Abstract

The possibility to perform remote, yet secure firmware updates in Internet of Things (IoT) scenarios is relevant for a broad spectrum of applications. Secure multicast communication is of particular relevance as a large firmware file needs to be distributed over a constrained, unreliable and potentially insecure network to a large number of constrained devices. In this work, we propose a lightweight method for source authentication that is suitable for such scenarios. The main idea is to use a reverse sequence hash chain of the entire packets which only the legitimated sender knows. With one time signature verification, receivers in the group can authenticate the origin of each packet and can check the integrity. We show how the proposed scheme can be integrated with the Constrained Application Protocol (CoAP). In order to underline the capabilities of our proposed solution, we provide security evaluation results, and we demonstrate its practicability and effectiveness by means of hardware experiments.