Firmblock: A Scalable Blockchain-Based Malware-Proof Firmware Update Architecture with Revocation for IoT Devices

Abstract

In recent years, the smart city paradigm continues to receive major advancements which is helping to improve the quality of life of people within the environment. The Internet of Things (IoT) which represents the backbone of the Smart City paradigm is receiving exponential growth. This exponential growth is also companied by some challenge which need to be addressed to further support the ever-growing demand of the IoT devices. Secure firmware update and distribution mechanisms is a major stage in the lifecycle of IoT devices management. Although the Internet Engineering Task Force (IETF) Software Updates for Internet of Things (SUIT) have started preparing software update models for IoT devices, scalability of secure firmware update distribution and centralization exists as challenges for the current model. In this paper, we propose a blockchain based firmware update architecture for IoT devices. The proposed architecture ensures secure distribution of firmware updates, malware-proof and solves the author-disappearing issue. We introduced a key revocation mechanism to secure the IoT environment from malicious devices. We further secure centralized entities that are susceptible to targeting attacks and single point of failure problem that is critical to the system by integrating all activities into the blockchain as transactions. The proposed model in this paper achieves effective and efficient security for IoT device update, as well as addressing the targeting attack and the author-disappearing issue in IoT device management.