Abstract:
"IoT devices have a wide range of applications in several different domains in the modern world
mainly as wearables and used in smart cities to name a few. Due to their nature of being
deployed in remote places it is crucial that these devices are up to date and this is done through
firmware over-the-air updates but this poses a security threat where if the firmware update
process is not secured it could lead to attackers using man-in-the-middle attacks or injecting
malicious firmware to compromise the devices.
The solution to the above problem is to patch these devices with regular firmware updates with
a strong emphasis on security due to the critical nature of the situation. The solution uses
encryption to transmit the firmware binaries securely between the server and the device. It also
restricts unauthorized users from attacking the device or the web application by adding both
token-based authentication and mutual authentication.
The proposed solution was tested on an ESP32 microcontroller with 4MB storage and 320KB
of memory. With a firmware binary of size close to 1MB the device updates in 1 minutes and
39 seconds with 50-60% device load during the update."
