Improving the security of wireless sensor networks in an IoT environmental monitoring system

Abstract

The Internet of Things (IoT) has become a popular subject in the technology industry and will soon reach the popularity level of smartphones. With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) has become the main technology for IoT. We investigated the security of WSNs in an environmental monitoring system with the goal to improve the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our investigational environment. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect firmware found in the MSP430 MCU. We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, to our knowledge we illustrated the first sample of how an attacker can reverse engineer firmware and obtain WSN cryptographic keys. Our sample provides a step-by-step procedure on how to reverse engineer MSP430 firmware. We contributed a solution to improve the BSL password and better protect firmware found in the MSP430 chips. The Secure-BSL software we contributed allows the randomization of the BSL password. Our solution guarantees brute force times in a matter of decades. The impractical brute force time assures the security of firmware and prevents future reverse engineering tactics. In addition, our Secure-BSL software supports two-factor authentication, therefore adding another layer of security. The two-factor authentication feature allows developers to specify a user-defined passphrase to further protect the MSP430 MCU. Our research serves as proof that any security implemented in a WSN environment is broken if an attacker has access to firmware found in sensor devices.