{"title":"扩展无线库以确保ESP8266更新","authors":"Xinchi He, M. Papa, R. Gamble","doi":"10.1109/HST47167.2019.9032969","DOIUrl":null,"url":null,"abstract":"The ESP8266 is a popular Arduino-compatible SoC chip that has been adopted by many IoT (Internet of Things) device manufacturers. Available OTA (Over-The-Air) libraries to upload programs to the chip exist, but they offer limited security mechanisms. This paper describes extensions to those libraries that allow incremental computation of a SHA1 hash over program fragments and the ability to validate its value using an authenticated remote service through RESTful APIs. This is an important feature that offers basic primitives to incorporate self-protection strategies into the platform. Testing on a proof-of-concept system shows promising results and potential to extend the approach to a large distributed domain.","PeriodicalId":293746,"journal":{"name":"2019 IEEE International Symposium on Technologies for Homeland Security (HST)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Extending Over-the-Air Libraries to Secure ESP8266 Updates\",\"authors\":\"Xinchi He, M. Papa, R. Gamble\",\"doi\":\"10.1109/HST47167.2019.9032969\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The ESP8266 is a popular Arduino-compatible SoC chip that has been adopted by many IoT (Internet of Things) device manufacturers. Available OTA (Over-The-Air) libraries to upload programs to the chip exist, but they offer limited security mechanisms. This paper describes extensions to those libraries that allow incremental computation of a SHA1 hash over program fragments and the ability to validate its value using an authenticated remote service through RESTful APIs. This is an important feature that offers basic primitives to incorporate self-protection strategies into the platform. Testing on a proof-of-concept system shows promising results and potential to extend the approach to a large distributed domain.\",\"PeriodicalId\":293746,\"journal\":{\"name\":\"2019 IEEE International Symposium on Technologies for Homeland Security (HST)\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE International Symposium on Technologies for Homeland Security (HST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HST47167.2019.9032969\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Symposium on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST47167.2019.9032969","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Extending Over-the-Air Libraries to Secure ESP8266 Updates
The ESP8266 is a popular Arduino-compatible SoC chip that has been adopted by many IoT (Internet of Things) device manufacturers. Available OTA (Over-The-Air) libraries to upload programs to the chip exist, but they offer limited security mechanisms. This paper describes extensions to those libraries that allow incremental computation of a SHA1 hash over program fragments and the ability to validate its value using an authenticated remote service through RESTful APIs. This is an important feature that offers basic primitives to incorporate self-protection strategies into the platform. Testing on a proof-of-concept system shows promising results and potential to extend the approach to a large distributed domain.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
