Extending Over-the-Air Libraries to Secure ESP8266 Updates

Abstract

The ESP8266 is a popular Arduino-compatible SoC chip that has been adopted by many IoT (Internet of Things) device manufacturers. Available OTA (Over-The-Air) libraries to upload programs to the chip exist, but they offer limited security mechanisms. This paper describes extensions to those libraries that allow incremental computation of a SHA1 hash over program fragments and the ability to validate its value using an authenticated remote service through RESTful APIs. This is an important feature that offers basic primitives to incorporate self-protection strategies into the platform. Testing on a proof-of-concept system shows promising results and potential to extend the approach to a large distributed domain.