CN110008757B - Data protection method and system in updating of terminal firmware of Internet of things - Google Patents

Data protection method and system in updating of terminal firmware of Internet of things Download PDF

Info

Publication number
CN110008757B
CN110008757B CN201910280136.5A CN201910280136A CN110008757B CN 110008757 B CN110008757 B CN 110008757B CN 201910280136 A CN201910280136 A CN 201910280136A CN 110008757 B CN110008757 B CN 110008757B
Authority
CN
China
Prior art keywords
sub
packet
firmware
sending
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910280136.5A
Other languages
Chinese (zh)
Other versions
CN110008757A (en
Inventor
高美凤
王豫新
于力革
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangnan University
Original Assignee
Jiangnan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangnan University filed Critical Jiangnan University
Priority to CN201910280136.5A priority Critical patent/CN110008757B/en
Publication of CN110008757A publication Critical patent/CN110008757A/en
Application granted granted Critical
Publication of CN110008757B publication Critical patent/CN110008757B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Abstract

The invention discloses a data protection method and system in updating of terminal firmware of the Internet of things, and belongs to the technical field of the Internet of things and embedded terminals. The method has the advantages of strong universality, easy realization and low system overhead, and simultaneously considers the use environment that the memory resource of the embedded terminal is limited and the operational capability is limited in the embedded terminal, thereby effectively coping with recombination attack and rewriting attack in the transmission process of the firmware update data of the Internet of things terminal.

Description

Data protection method and system in updating of terminal firmware of Internet of things
Technical Field
The invention relates to a data protection method and system in updating of terminal firmware of the Internet of things, and belongs to the technical field of the Internet of things and embedded terminals.
Background
With the continuous development of the Internet of Things (IoT), embedded devices are largely put into use in the Internet of Things scenario. The embedded devices usually have limitations of limited resources (mainly memory resources, traffic resources, electric energy resources, etc.) and limited computing capabilities; in addition, after the embedded equipment is put into a specific environment to run, on one hand, all errors cannot be fully predicted in the software development process, so that a vulnerability exists; on the other hand, after the software is used for a period of time, the requirements and functions of the software are changed by users, so that the software needs to be updated and upgraded. The software in the embedded system is generally divided into application software and system software, the latter including an operating system, a device driver and middleware, which are all embedded in the static flash memory of the handset, and thus are collectively referred to as "firmware" of the device. The firmware is responsible for coordinating the internal resources of the system and the information interaction between the inside and the outside, the safety and the stability of the firmware are extremely important, and the safety of the equipment can be ensured only by providing continuous updating service, so that the requirement of a user on the function of the equipment is met.
In order to save transmission traffic during firmware update, the existing firmware update method adopts a 'differential update' mode, i.e. only a difference file (also called 'patch') between a new version and an old version is transmitted to upgrade the firmware of an end user. In the process of transmitting the 'patch' information, confidentiality protection and integrity protection need to be considered. Confidentiality protection ensures that an attacker cannot understand the meaning of the data even if the attacker obtains the data content; integrity protection ensures that the system can timely detect illegal tampering of the data.
At present, the scheme for protecting the confidentiality of the firmware update package is mostly carried out in a communication encryption mode or directly carried out in clear text. Under plaintext transmission, an attacker can easily acquire a complete firmware update package, which is not beneficial to protecting intellectual property rights of firmware developers, and is also easy to identify and repair system components with bugs by the attacker, so that a new attack tool is developed in a targeted manner, and the system security of a terminal is damaged; the communication encryption mode can increase the time and memory overhead of the terminal decryption process, a certain memory is occupied by the decryption algorithm, and the use environment that the memory resources of the small embedded terminal in the embedded terminal are limited and the computing capability is limited is considered, so that the mode has use limitation. In the aspect of firmware integrity protection, attacks frequently taken by an attacker include recombination attack and rewriting attack, the existing protection method can effectively cope with the recombination attack by verifying the corresponding relation between the check code and the data in the differential packet, and for the rewriting attack, after the attacker learns the algorithm for calculating the check code by using an analysis tool, the attacker recalculates the check code for forged data by using the check algorithm, and the check code and the data are corresponding, so the existing protection method cannot cope with the falsification.
Disclosure of Invention
The invention provides a data protection method and system in the updating of terminal firmware of the internet of things, aiming at solving the problem that the rewriting attack cannot be effectively dealt with in the updating of the terminal firmware of the internet of things at present.
The invention aims to provide a data protection method in the updating of terminal firmware of the internet of things, which is applied to a server or a sending terminal and comprises the following steps:
s1 performing sub-packet processing on the firmware data to be transmitted, numbering each sub-packet, recording the original combination sequence of the data as a combination serial number, and writing the combination serial number into the corresponding sub-packet; the firmware data to be sent is a patch file required by firmware upgrading of a terminal of which the firmware needs to be updated;
s2, scrambling the original combined sub-packet sequence by adopting a random function, distributing a corresponding sending sequence number for the scrambled sub-packets, replacing the combined sequence number in each sub-packet with the sending sequence number, and recording the corresponding relation between the combined sequence number and the sending sequence number;
s3, calculating an attached check code generated by a sending serial number and packet firmware data for each sub packet by using an integrity check algorithm, attaching the attached check code to the tail of each sub packet, recording the corresponding relation between the attached check code and the sending serial number, uploading the sub packet with the attached check code at the tail to a cloud storage database of a cloud platform, and recording a downloading website generated by the cloud platform;
s4, packaging the corresponding relation between the combined serial number and the sending serial number and the corresponding relation between the attached check code and the sending serial number into combined check data;
s5, establishing cloud-end encryption security transmission by using the cloud platform Internet of things communication service, and sending the push message to the terminal of which the firmware needs to be updated through the message channel, so that the terminal of which the firmware needs to be updated downloads the corresponding patch file required by firmware upgrade according to the content of the push message after receiving the push message; the push message includes: the version information of the patch files required by firmware upgrading, the size and the number of the sub-packets obtained after the sub-packet processing of S1, the downloading website recorded in S3 and the combined verification data packaged in S4.
Optionally, the S1 further includes before the step of: and carrying out differential operation on the new/old version firmware package by using a file differential tool to generate a differential file, wherein the differential file is a patch file required by firmware upgrading of a terminal of which the firmware needs to be updated.
Optionally, the integrity check algorithm includes: cyclic Redundancy Check (CRC), integrity check algorithms using hash functions; the CRC algorithm includes CRC16 and CRC32 according to the packet size.
Optionally, the file differencing tool includes a bsdiff/bspatch splitting tool integrated into the linux operating system.
A second objective of the present invention is to provide a data protection method in updating of firmware of an internet of things terminal, where the method is applied to a terminal whose firmware needs to be updated, and the method includes:
step1, receiving a push message sent by a server or a sending terminal, and sequentially downloading corresponding sub-packages of patch files required by firmware upgrade in a download address according to version information in the push message; the push message comprises version information of patch files required by firmware upgrading, the packet size and number of the patch files required by the firmware upgrading, a downloading website for the packet of the patch files required by the firmware upgrading and combined check data, wherein the combined check data comprises a corresponding relation between the combined serial number and a sending serial number and a corresponding relation between the attached check code and the sending serial number;
step2, calculating the check code of each sub-packet by adopting the integrity check algorithm same as that of the server or the transmitting terminal according to the 'transmitting serial number + sub-packet firmware data' carried by each sub-packet of the patch file required by the downloaded firmware upgrade, and calling the calculated check code as a calculated check code;
and Step3, verifying whether the attached check code of each sub-packet is consistent with the calculated check code obtained in Step2, after all the verification passes, starting to perform one-time traversal on the received sub-packets by taking the sending sequence number as the sequence according to the combined check data in the push message, and sequentially combining all the sub-packets according to the corresponding relation between the sending sequence number and the combined sequence number to obtain the patch file required by firmware upgrading.
Optionally, in Step3, if the appended check code of a certain packet is not consistent with the calculated check code obtained in Step2, the packet is immediately deleted, and downloading of the packet is requested again.
Optionally, in Step3, if the appended check code in a certain sub-packet is not consistent with the appended check code of the sub-packet recorded in the combined check data in the push message during traversal, immediately stopping traversal, deleting the sub-packet and all sub-packets therebehind by using the sending sequence number of the sub-packet, re-initiating the file transmission request, and retransmitting the sub-packet and all sub-packets therebehind by using the breakpoint continuous transmission function.
A third object of the present invention is to provide a server or a transmission terminal, including:
the system comprises a sub-packaging module, an out-of-order module, a check code generation module, a combined check data generation module, a sub-packaging uploading module and a push message sending module;
the sub-packet module is used for sub-packet processing of firmware data to be sent, numbering is carried out on each sub-packet, the numbers are used for recording the original combination sequence of the data and are recorded as combination serial numbers, and the combination serial numbers are written into corresponding sub-packets; the firmware data to be sent is a patch file required by firmware upgrading of a terminal of which the firmware needs to be updated;
the disorder module is used for adopting a random function to disorder the sequence of the original combined sub-packets, distributing corresponding sending serial numbers for the disordered sub-packets, and replacing the combined serial numbers in each sub-packet with the sending serial numbers;
the check code generation module is used for calculating an attached check code generated by 'sending serial number + packet firmware data' for each sub-packet by using an integrity check algorithm, and attaching the attached check code to the tail of each sub-packet;
the combined check data generating module is used for generating combined check data according to the corresponding relation of the combined serial number, the sending serial number and the attached check code in a packaging mode, and sending the combined check data to the push message sending module;
the sub-packet uploading module is used for uploading the sub-packet with the appended check code at the tail to a cloud storage database of the cloud platform and sending a download website generated by the cloud platform to the push message sending module;
the push message sending module is used for establishing cloud-end encryption safe transmission by using the cloud platform Internet of things communication service, and sending the push message to a terminal of which the firmware needs to be updated through a message channel, so that the terminal of which the firmware needs to be updated downloads a corresponding patch file needed by firmware upgrade according to the content of the push message after receiving the push message; the push message includes: the system comprises version information of patch files required by firmware upgrading, the size and the number of sub-packets obtained after sub-packet processing of a sub-packet module, a download website sent by a sub-packet uploading module and combined check data generated by a combined check data generating module.
A fourth object of the present invention is to provide a terminal, where a firmware of the terminal needs to be updated, the terminal including:
the system comprises a receiving module, a check code calculating module and a double verifying module;
the receiving module is used for receiving a push message sent by a server or a sending terminal and sequentially downloading corresponding sub-packages of patch files required by firmware upgrading in a downloading address according to version information in the push message; the push message comprises version information of patch files required by firmware upgrading, the packet size and number of the patch files required by the firmware upgrading, a downloading website for the packet of the patch files required by the firmware upgrading and combined check data, wherein the combined check data comprises a corresponding relation between the combined serial number and a sending serial number and a corresponding relation between the attached check code and the sending serial number;
the check code calculation module is used for calculating the check code of each sub-packet by adopting the integrity check algorithm same as that of the server or the sending terminal according to the 'sending serial number + sub-packet firmware data' carried by each sub-packet of the patch file required by the downloaded firmware upgrade, and the calculated check code is called as a calculation check code;
and the dual verification module is used for verifying whether the attached check code of each sub-packet is consistent with the calculated check code obtained by the check code calculation module, starting to traverse the received sub-packets once in the sequence of the sending serial number according to the combined check data in the push message after all verification passes, and sequentially combining all sub-packets according to the corresponding relation between the sending serial number and the combined serial number to obtain the patch file required by firmware upgrading.
Optionally, the terminals include a temperature and humidity acquisition terminal, an intelligent monitoring terminal, an internet of things routing terminal and wearable terminal equipment which are applied to the scene of the internet of things, and an intelligent garbage classification and recovery control terminal and a lawn maintenance control terminal in a smart city built by applying the internet of things technology; the system also comprises a mobile phone, a computer and a vehicle-mounted navigator.
The terminal comprises a mobile phone, a computer, a temperature and humidity acquisition terminal, an intelligent monitoring terminal, an Internet of things routing terminal and wearable terminal equipment, wherein the temperature and humidity acquisition terminal, the intelligent monitoring terminal, the Internet of things routing terminal and the wearable terminal equipment are applied to an Internet of things scene, and an intelligent garbage classification recycling control terminal and a lawn maintenance control terminal are applied to a smart city built by an Internet of things technology.
The fifth purpose of the invention is to provide an internet of things terminal firmware updating system, which comprises the terminal and the server or the sending terminal.
The invention has the beneficial effects that:
the combined serial number and the sending serial number are distributed for each data sub-packet, the attached check code is produced according to the sending serial number and the sub-packet firmware data, and the corresponding relation of the combined serial number, the sending serial number and the attached check code of all the data sub-packets is sent in the push message, so that recombination attack and rewriting attack can be effectively responded in the transmission process of the firmware updating data of the internet of things terminal, the confidentiality and the integrity of the firmware updating data are guaranteed, meanwhile, the method considers the use environment that the memory resources of the small embedded terminal in the embedded terminal are limited, the computing capability is limited, and the method has the advantages of strong universality, easiness in implementation and low system overhead.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of differential update.
Fig. 2 is an overall structure diagram of an application scenario schematic diagram of the method provided in the present application.
Fig. 3 is a schematic diagram of the basic process of data processing and the confidentiality protection mechanism according to the present invention.
Fig. 4 is a schematic diagram of a data integrity protection mechanism proposed by the present invention.
Fig. 5 is a flow diagram of a firmware update for implementing data integrity protection, confidentiality protection, and breakpoint transmission in accordance with the principles of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
To describe the technical scheme disclosed by the application in detail, firstly, the transmission security of the firmware update data of the internet of things terminal and the related information of the firmware update of the embedded device are simply introduced:
embedded devices have been widely used in various aspects of life, such as natural environment early warning systems or weather collection and monitoring systems, and these small embedded devices need to update their firmware at irregular times in practical applications.
In the scheme of protecting the confidentiality of the firmware by using an encryption mode, because the encryption/decryption process is involved, the time and the memory overhead of the terminal decryption process are undoubtedly increased, and a certain memory is also occupied by the decryption algorithm. In addition, the communication overhead brought by the transmission of encrypted data packets is considerable, taking an Http communication protocol and an Http communication protocol as examples, the former adopts unencrypted plaintext transmission, and the latter encrypts data transmitted by SSL, when establishing a communication connection between a server and a terminal to be upgraded, Http does not need TCP three-way handshake, but needs SSL handshake, i.e. four-way handshake, and the Http protocol only needs three-way handshake. In addition, the http protocol requires the application of an encrypted certificate, which in most cases requires a fee. Finally, because the internet of things terminal is often a special small embedded terminal with limited memory resources and limited computing capability and may be deployed in a natural environment with unstable network and limited network bandwidth, the firmware confidentiality protection scheme has certain limitations.
In the aspect of firmware confidentiality protection, related personnel directly adopt plaintext transmission without encryption. Researchers applying such schemes think that the firmware package is a binary file which can be directly run on a target terminal after being compiled, that is, transmitted data is actually a series of sequences consisting of 0 and 1, and even if the sequences are obtained by attackers, the sequences are not easy to read, and the functions of the update package are analyzed. However, the development of the disassembling technology makes it possible to recover the corresponding assembly or C code by using the binary file, and an attacker uses a network packet capturing analysis tool to capture a complete update packet and uses a disassembling tool to recover the binary firmware packet into the assembly or C code which can be read manually. In addition, under the condition of plaintext transmission, an attacker can easily obtain a complete firmware updating package, if the attacker masters the old firmware package, the new firmware can be synthesized by using the old firmware package and the difference package, so that the new functions generated by the updating and the system bugs repaired can be analyzed, the intellectual property of firmware developers can be protected, and the system components for repairing the bugs can be easily identified by the attacker, so that a new attack tool can be developed in a targeted manner, the system safety of the terminal can be damaged, the normal system functions can be blocked, the internal data of the terminal can be leaked, and the like.
In the aspect of integrity protection of a firmware update packet, common attacks can be divided into two types, namely a recombination attack and a rewriting attack, according to attack modes adopted by an attacker, in order to explain the two types of attacks, the format of each frame differential packet is divided into three parts, namely a data section, a check code and other parts, and then the two attack modes are respectively described as follows:
recombination attack: analyzing byte number and combination sequence occupied by the data segment, the check code and other information in each frame of update package, replacing the data segment in the update package with forged data, and reserving the check code and other information to form a frame of new data to be transmitted and send the frame of new data to the terminal needing to update the firmware.
Rewriting attack: when an attacker learns the algorithm for calculating the check code by using an analysis tool, the check code is recalculated for the forged data by using the check algorithm, then the forged data segment and the check code of the obtained forged data segment are rearranged into the corresponding byte and sent to the equipment to be updated, so that the firmware cannot be normally updated or an illegal plug-in is implanted into the equipment.
However, most of the methods currently use a hash value and a Message Authentication Code (MAC) technique, and for convenience of description, the two techniques are collectively referred to as a check value. Firstly, calculating and storing a corresponding check value for each data block to be transmitted. When the terminal receives the data, the check value of the data block is recalculated and compared with the stored check value, if the check value is equal, the check is passed, otherwise, the check fails. Integrity protection in this manner can effectively cope with a recombination attack, but cannot cope with a rewriting attack. At present, algorithms for calculating check codes are generally open source, it is not difficult to crack corresponding algorithms, and the application of a more complex check algorithm or a complex check method of multiple algorithms increases system overhead and affects real-time performance of firmware packet transmission.
The first embodiment is as follows:
in this embodiment, based on the above problem, a data protection method in updating of the firmware of the terminal of the internet of things is provided, where information transmission in the firmware updating process is divided into two paths: a message path and a file path. The message access is responsible for message transmission between the cloud platform and the terminal device, and the message access uses a lightweight Internet of things communication protocol, such as MQTT, CoAP and the like, the communication protocol is low in overhead and limited in capability of transmitting information, and mainly transmits new version notification messages, new firmware package download addresses, predefined commands for controlling terminal functions and the like. The file path is responsible for downloading files from the cloud platform by the terminal, and the terminal uses a file transfer protocol supported by the cloud platform, such as an Http protocol, the communication protocol has high overhead, but can transmit information with large data blocks, and is favorable for rapidly completing the transmission of large files. In short, the communication between the cloud platform and the terminal is divided into two parts, namely a message path responsible for transmitting "small data" and a file path responsible for transmitting "large data". The framework of the form keeps daily information interaction between the cloud platform and the terminal by using the message channel with low overhead, and the file channel is established only when a large file needs to be transmitted so as to quickly complete the reception of the large file, so that the power consumption of the terminal can be saved, and the communication overhead of the whole system can be reduced. The invention utilizes the cloud-end communication architecture of the 'message channel + file channel', selects to establish safe encryption transmission when establishing the message channel, and selects to establish clear text transmission without encryption when establishing the file channel, and the method comprises the following steps:
SS 1: at the development end, a file differencing tool is used to perform differencing on the new/old versions of the firmware package to generate a difference file (i.e., a "patch").
SS 2: the differential file is sliced to generate a series of sub-packets, and each sub-packet is numbered to record the original combination order of the data, which is referred to as the combination serial number for clarity of description.
SS 3: the method comprises the steps of utilizing a random function to scramble the sub-packets, replacing the combined serial number in each sub-packet with a new ordered serial number in order to record the current scrambled sequence, and recording the corresponding relation between the ordered serial number and the combined serial number, wherein the ordered serial number is called as a sending serial number for clear description.
SS 4: and calculating an attached check code generated by the sending sequence number and the packet firmware data for each packet by using a lightweight integrity check algorithm, attaching the attached check code to the tail of each packet, and recording the corresponding relation between the attached check code and the sending sequence number.
SS 5: and packaging the sending serial number, the combined serial number and the original check code information to form data information in which three data (the sending serial number, the combined serial number and the initial check code) are stored together, so as to form combined check data.
SS 6: and uploading the sub-package with the appended check code at the tail end processed by the SS4 to a cloud storage database of the cloud platform, and recording a downloading website of the downloading data package generated by the cloud platform.
SS 7: and establishing cloud-end encryption safe transmission by using the cloud platform Internet of things communication service, and pushing version information, fragment size and number of the new version firmware, combined verification data generated by SS5, a download address generated by SS6 and the like to the terminal equipment to be upgraded.
SS 8: and when the terminal equipment to be upgraded detects that the new version is released, establishing a non-encrypted file transmission path with the cloud according to a download address of the new version firmware in the push message, starting a background program according to a sending serial number in the sub-packet to sequentially download each sub-packet, calculating the check information of each sub-packet by adopting an integrity check algorithm the same as that of a generating end according to the sending serial number and sub-packet firmware data carried by the sub-packet, and for the sake of clear description, calling the check code obtained by calculation at the terminal as a calculation check code.
SS 9: if the calculation check code calculated by the terminal is not equal to the attached check code carried by the sub-packet, which indicates that the data is subjected to recombination attack by an attacker during transmission, the sub-packet is immediately erased and the sub-packet data is requested to be downloaded again. And if not, continuing to transmit the next sub-package until all sub-packages are downloaded successfully, and disconnecting the file transmission path by the terminal.
SS 10: the terminal starts to traverse the received sub-packets once by taking the sending sequence number as the sequence according to the combined check data sent by the message channel, compares the attached check code and the initial check code of each sub-packet, and combines all the sub-packets in sequence according to the corresponding relation between the sending sequence number and the combined sequence number.
SS 11: if the attached check code of a certain sub-packet is not consistent with the attached check code corresponding to the sub-packet in the combined check number, the result shows that an attacker perfectly avoids the detection of 'recombination attack' in the step of SS9 in the transmission process, rewrites the data of the sub-packet in a 'rewriting attack' mode, immediately stops traversing, deletes the sub-packet and all the sub-packets behind the sub-packet by using the sending sequence number of the sub-packet, re-sends a file transmission request to the cloud platform, and retransmits the sub-packet and a plurality of sub-packets behind the sub-packet by using the breakpoint continuous transmission function.
SS 12: when the integrity of the file is not detected to be damaged and the recombination of all the sub-packets is completed, a complete differential file packet is obtained, the terminal loads the old firmware packet to perform addition operation with the differential file packet, a new firmware packet is synthesized, and the firmware updating is completed.
Among the above methods, the method applied to the server or the sending terminal includes:
s1 performing sub-packet processing on the firmware data to be transmitted, numbering each sub-packet, recording the original combination sequence of the data as a combination serial number, and writing the combination serial number into the corresponding sub-packet; the firmware data to be sent is a patch file required by firmware upgrading of a terminal of which the firmware needs to be updated;
s2, adopting random function to scramble the sequence of the sub-packets, distributing corresponding sending sequence numbers for the scrambled sub-packets, replacing the combined sequence number in each sub-packet with the sending sequence number, and recording the corresponding relation between the combined sequence number and the sending sequence number;
s3, calculating an attached check code generated by a sending serial number and packet firmware data for each sub packet by using an integrity check algorithm, attaching the attached check code to the tail of each sub packet, recording the corresponding relation between the attached check code and the sending serial number, uploading the sub packet with the attached check code at the tail to a cloud storage database of a cloud platform, and recording a downloading website generated by the cloud platform;
s4, packaging the corresponding relation between the combined serial number and the sending serial number and the corresponding relation between the attached check code and the sending serial number into combined check data;
s5, establishing cloud-end encryption security transmission by using the cloud platform Internet of things communication service, and sending the push message to the terminal of which the firmware needs to be updated through the message channel, so that the terminal of which the firmware needs to be updated downloads the corresponding patch file required by firmware upgrade according to the content of the push message after receiving the push message; the push message includes: the version information of the patch files required by firmware upgrading, the size and the number of the sub-packets obtained after the sub-packet processing of S1, the downloading website recorded in S3 and the combined verification data packaged in S4.
The method applied to the terminal with the firmware needing to be updated comprises the following steps:
step1, receiving a push message sent by a server or a sending terminal, and sequentially downloading corresponding sub-packages of patch files required by firmware upgrade in a download address according to version information in the push message; the push message comprises version information of patch files required by firmware upgrading, the packet size and number of the patch files required by the firmware upgrading, a downloading website for the packet of the patch files required by the firmware upgrading and combined check data, wherein the combined check data comprises a corresponding relation between the combined serial number and a sending serial number and a corresponding relation between the attached check code and the sending serial number;
step2, calculating the check code of each sub-packet by adopting the integrity check algorithm same as that of the server or the transmitting terminal according to the 'transmitting serial number + sub-packet firmware data' carried by each sub-packet of the patch file required by the downloaded firmware upgrade, and calling the calculated check code as a calculated check code;
and Step3, verifying whether the attached check code of each sub-packet is consistent with the calculated check code obtained in Step2, after all the verification passes, starting to perform one-time traversal on the received sub-packets by taking the sending sequence number as the sequence according to the combined check data in the push message, and sequentially combining all the sub-packets according to the corresponding relation between the sending sequence number and the combined sequence number to obtain the patch file required by firmware upgrading.
In Step3, if the appended check code of a certain sub-packet is not consistent with the calculated check code obtained in Step2, the sub-packet is immediately deleted, and the sub-packet is requested to be downloaded again.
In Step3, if the appended check code in a certain sub-packet is not consistent with the appended check code of the sub-packet recorded in the combined check data in the push message during traversal, immediately stopping traversal, deleting the sub-packet and all sub-packets therebehind by using the sending sequence number of the sub-packet, re-initiating the file transmission request, and retransmitting the sub-packet and all the sub-packets therebehind by using the breakpoint continuous transmission function.
Fig. 1 shows the basic procedure of differential updating. And (3) extracting the difference part between the new version firmware and the old version firmware (which are binary files generated after compiling and linking) by using a difference tool at a development end to generate a difference file. And at the terminal, after the correct differential packet is obtained, recovering and running the new firmware version by using the differential packet and the old firmware version to complete differential updating.
As shown in fig. 2, the updating system adopts two-way communication of "message + file", and the user opens the communication service of the internet of things of the cloud platform, that is, the two-way communication between the cloud platform and the terminal of the internet of things can be established through the user computer, and the way selects encrypted transmission and selects the communication protocol of the internet of things with small communication overhead, such as MQTT protocol supported by most cloud platforms, and is responsible for pushing the firmware version number, fragment size and number, combined check data, differential packet download address and the like to the device to be upgraded. Of course, the information collected by the terminal and the like can also be sent to the cloud platform for developers to use the data to make new research and development. The functionality of the communication protocol is analyzed here only from an updated point of view, and its application is not discussed in depth. On the other hand, a user opens a cloud storage function on the computer, the processed differential packet is uploaded to the cloud end, the cloud end returns a download address, the download address is sent to the terminal through a message channel, and the terminal can download required data in a sub-packet mode according to the download address.
Fig. 3 shows the basic data processing procedure and the principle of confidentiality protection mechanism proposed by the present invention. Diagram a in fig. 3 represents a differential file (binary file) to be transmitted generated by the differential tool. Fig. b in fig. 3 shows each of the packetized files in which the slice is added with the combination serial number. Fig. 3 c shows the packets in the scrambled order, and records the correspondence between the current order and the combination sequence number. Fig. 3 d shows that the current order is recorded with a new number (i.e., transmission sequence number) and the transmission sequence number is replaced. Fig. 3, diagram e, shows that the check code of each packet is calculated from "transmission sequence number + packet firmware data" and attached to the packet end of each packet data. Fig. f in fig. 3 shows that the appended check code of each sub-packet is backed up, the backed up check code is called the initial check code, and is recorded in the corresponding array to generate the combined check data. Taking the example of a packet with a transmission sequence number of 1, a data segment of 1110 and an accompanying check code of BF as an example, the corresponding combined check data is (1, 2, BF), which indicates that the transmission sequence number of the packet is 1, the combined sequence number is 2 and the original check code is BF. After the terminal receives the sub-packets, the sub-packets are combined according to the correct combination sequence by utilizing the one-to-one correspondence relationship between the sending serial numbers and the combined check data in the sub-packets, so that correct differential packets can be obtained. It is worth noting that, because the invention applies the mechanism of intermittent continuous transmission, the terminal must acquire all the sub-packets in sequence, and the two sub-packets with the sending sequence number of 2 will not occur at the same time, which causes logical errors during the sequential combination check. Furthermore, it can be seen from the schematic diagram that if a complete differential packet is desired to be obtained correctly, if the correct combination check data is not obtained, the probability of trying to obtain the correct differential packet by the random combination packetization method is 1/4! I.e., 1/24. In a real firmware update scenario, the number of generated sub-packets far exceeds the example, and taking 2000 sub-packets as an example, the probability of obtaining the correct differential packet by random combination is 1/2000! The probability of obtaining the correct differential packet by random combining is very small.
Fig. 4 illustrates the principle of data integrity protection proposed by the present invention by simulating two attacks, namely recombination and rewriting. The graph a in fig. 4 shows that the original data of the currently required transmission packet is not tampered, and the graph b in fig. 4 simulates two kinds of reassembly attacks, namely, retaining the check code and tampering the transmission sequence number, and retaining the check code and tampering the data segment. Fig. 4 c shows that the calculated check codes obtained by the transmission serial number and the firmware data are 1A and 3A, respectively, using the same check algorithm as that of the generation side after the terminal receives the tampered packet. And comparing the appended check code with the calculation check code, so that the packet data can be detected to be tampered, and the packet is deleted immediately for retransmission. The graph e in fig. 4 simulates a sub-packet generated after a replay attack, and when the sub-packet enters a replay attack detection, it indicates that the sub-packet has been evaded from the last recombination attack detection, that is, an attacker has analyzed the integrity check algorithm currently used by the system, which has tampered with at least one of the data segment and the transmission sequence number, and applies the integrity check algorithm the same as the generation end to generate a "fake check code" matching the tampered content, that is, BF in the graph e in fig. 4. However, when the terminal has received all packets and has traversed to the packet with sequence number 2, and finds that the appended check code BF is different from the initial check code 2F, indicating that the packet has been rewritten, it deletes all packets with transmission sequence number 2 and thereafter, and retransmits the same. Generally, the actual transmission process is very fast, all the sub-packets can be received within several minutes, and an attacker is difficult to continuously launch rewriting attacks, so that the updating process enters a dead cycle of continuous retransmission. In addition, when the system is specifically realized, a retransmission time threshold value can be set, when the retransmission time reaches a certain number, the updating is finished, the reason of updating failure is recorded, after personnel are eliminated, the firmware can be uploaded again, a new download address is generated, and a new updating process is started.
Fig. 5 shows a basic flow chart of the method of the present invention, which mainly shows the main processing flow of the method of the present invention for reference. Some processing details, such as setting a retransmission time threshold, ending the update when the retransmission time is greater than a certain value, and recording the reason for the failed update, etc., are not written in the flowchart.
The data protection method in the updating of the Internet of things terminal firmware provided by the application is in the aspect of confidentiality protection: although the file path is not encrypted for communication, since the firmware is a binary file that is compiled and linked, an attacker cannot understand the contents of a certain package even if the attacker acquires the package. On the other hand, even if an attacker can obtain all the packets, since the method adopts out-of-order delivery, if the attacker cannot obtain the correct combination sequence, the attacker cannot combine the correct update packets, so that the specific content of the update cannot be analyzed by using a disassembling technology, or the new version of firmware cannot be formed by directly using the difference between the old version of firmware and the current incorrect combination. The correct combination sequence can only be obtained through the encrypted message transmission channel, and the correct differential file packet can be combined through the combined check data (the sending serial number, the combined serial number and the initial check code).
Therefore, the method can realize confidentiality protection of the firmware package. Meanwhile, compared with the traditional scheme that an encryption method is adopted for the transmission of the whole file, the method has much less communication overhead, because the encrypted communication link is only responsible for transmitting 'small data', the unencrypted communication link is responsible for transmitting 'large data', and the confidentiality of the 'large data' is controlled by the 'small data' by utilizing the binary characteristic of a firmware package. In addition, because each sub-packet does not need to be decrypted, only one out-of-order recombination (equivalent to decryption) is carried out after all the sub-packets are received, the method can save the calculation and memory resources of the terminal, and reduce the system delay and power consumption caused by repeated decryption or the adoption of a complex encryption algorithm. Finally, because the sending serial number in each transmission of the invention is generated by a random function, and the 'encryption' of the firmware data is formed by the mapping relation between the sending serial number and the combined serial number, the 'encryption' failure caused by the flow of technicians designing the scheme is completely avoided, because the disorder generated by calling the random function every time is different, even if the encryption principle is known, the same disorder cannot be easily generated by using the random function.
In terms of firmware integrity protection: by comparing the attached check code at the tail of each sub-packet with the calculated check code obtained by the terminal by using the same algorithm, the recombination attack of an attacker can be effectively detected. By comparing the initial check code sent through the encrypted communication link with the attached check code at the tail of each sub-packet, the rewriting attack of an attacker can be effectively detected.
Therefore, the method can realize the integrity protection of the firmware package. Meanwhile, the double checking mechanism provided by the method allows a lightweight integrity checking algorithm which is convenient to calculate and has the source code disclosed to be adopted. The adoption of a complex and novel integrity check algorithm not only increases the technical threshold for realizing the system, but also increases the expense of calculating check codes by the terminal and wastes precious computing resources.
In addition, there are also related technical documents that adopt a way of multi-algorithm hybrid check, but it brings more overhead to the system, including calculation overhead and memory occupation. Taking the CRC + MD5 verification method as an example, the basic verification principle is that an MD5 integrity verification algorithm is applied to all data packets to be transmitted to calculate an overall check code, a CRC check code is calculated for each packet and attached to the tail of the packet, the terminal recalculates the CRC check code after receiving the packet, compares the CRC check code with the check code at the tail of the packet, and performs MD5 verification on all the data packets after the transmission is finished. It can be seen that the check mode of "CRC + MD 5" implements detection and recombination and rewrite of two attacks through CRC check and MD5 check, but at least three check codes are calculated, which are respectively initiated once and terminated twice. The memory occupied by the MD5 algorithm is not considered for the moment, and the calculation cost brought by the MD5 algorithm is far beyond the method provided by the invention, because the method provided by the invention can adopt an algorithm with calculation complexity far lower than that of the MD5, such as a CRC (cyclic redundancy check) algorithm, and only needs to calculate check codes at the development end and the terminal once respectively, the check codes respectively comprise:
1) developing end: an initial check code and an attached check code are generated (the same is true under the condition that the initial check code and the attached check code are not tampered by an attacker, the former is transmitted to the terminal through a combined check message of an encrypted communication link, and the latter is attached to the tail of a packet and transmitted to the terminal through an unencrypted file transmission link).
2) A terminal: and generating a calculation check code.
Although one traversal operation is needed when the initial check code and the appended check code are compared, the system overhead caused by the traversal operation is far smaller than that of the MD5 algorithm, and the traversal operation simultaneously completes the function of grouping according to the sequence number combination, namely the decryption process.
Therefore, in the aspect of data integrity protection, the scheme provided by the invention can resist recombination and rewriting attacks, and compared with a method similar to CRC + MD5, the method reduces the times of calculating check codes by a system, saves the operation overhead of the system, and is more suitable for resource-limited embedded equipment deployed in an application scene of the Internet of things. In addition, the scheme provided by the invention is better than a method similar to CRC + MD5 in the aspect of fine granularity of integrity check, because the method carries out integral MD5 check on all data packets when detecting whether the firmware data is attacked by rewriting, and deletes all data packets and downloads all data packets again once the data is discovered to be attacked by rewriting. In the invention, when detecting the rewriting attack, the attached check code of each sub-packet is compared with the initial check code, the fine granularity can accurately detect which sub-packet is rewritten, only the sub-packet and the sub-packets behind the sub-packet are deleted, the breakpoint continuous transmission is established, and all the firmware sub-packets are not required to be deleted.
In conclusion, the invention gives full play to the internet of things encryption communication service and the cloud storage service provided by the cloud platform, combines confidentiality protection, data integrity protection and breakpoint continuous transmission of data in the firmware updating system, and provides the firmware data integrity and confidentiality protection method which has strong universality, is easy to realize and has low system overhead. By using the method, the safe firmware update of the Internet of things and the embedded terminal can be conveniently realized. Meanwhile, in consideration of the concurrency capability and the usability of the cloud service, a user only needs to apply the method with little cost and extremely low technical threshold to realize simultaneous updating of a large number of terminals.
Example two:
the embodiment provides an internet of things terminal firmware updating system, which comprises a terminal of which the firmware needs to be updated and a server or a sending terminal.
In the aspect of system building, a Baidu cloud platform and an STM32 development board are selected as a cloud platform for experiments and an Internet of things terminal, and an MQTT client and an HTTP client are realized on an STM 32. The IoT service-thing access IoTHub service is opened on the Baidu cloud platform, SSL encryption connection is established with STM32 selectively, and MQTT Internet of things communication protocol can be used for encryption communication with STM 32. And then, opening a Baidu cloud BOS cloud storage service, uploading the processed firmware package to a cloud storage platform, and generating a URL (uniform resource locator) for downloading the firmware, namely a website. The terminal uses the website request to establish HTTP connection and downloads each sub-packet to the terminal equipment in sequence.
In terms of software and algorithms required for implementing the invention, existing tools and algorithms, such as a tool bsdiff/bspatch for generating a differential file, which is already integrated into a linux operating system, can be utilized, and a new version firmware and an old version firmware are differentiated by utilizing the bsdiff tool at a development end to obtain a binary differential file. And embedding a bspatch source code (open source) into the terminal equipment, and synthesizing the differential file and the old firmware by the terminal equipment by using the bspatch to recover the new firmware. The integrity check algorithm for generating the check code can select CRC16 (16-bit CRC check) or CRC32 according to the size of the slice, and compared with a common integrity check algorithm using a hash function, such as MD5 and Sha-1, the algorithm needs less calculation overhead and can reduce time delay and power consumption caused by running the integrity check algorithm.
The server or the transmitting terminal includes:
the system comprises a sub-packaging module, an out-of-order module, a check code generation module, a combined check data generation module, a sub-packaging uploading module and a push message sending module;
the sub-packet module is used for sub-packet processing of firmware data to be sent, numbering is carried out on each sub-packet, the numbers are used for recording the original combination sequence of the data and are recorded as combination serial numbers, and the combination serial numbers are written into corresponding sub-packets; the firmware data to be sent is a patch file required by firmware upgrading of a terminal of which the firmware needs to be updated;
the disorder module is used for adopting a random function to disorder the sequence of the original combined sub-packets, distributing corresponding sending serial numbers for the disordered sub-packets, and replacing the combined serial numbers in each sub-packet with the sending serial numbers;
the check code generation module is used for calculating an attached check code generated by 'sending serial number + packet firmware data' for each sub-packet by using an integrity check algorithm, and attaching the attached check code to the tail of each sub-packet;
the combined check data generating module is used for generating combined check data according to the corresponding relation of the combined serial number, the sending serial number and the attached check code in a packaging mode, and sending the combined check data to the push message sending module;
the sub-packet uploading module is used for uploading the sub-packet with the appended check code at the tail to a cloud storage database of the cloud platform and sending a download website generated by the cloud platform to the push message sending module;
the push message sending module is used for establishing cloud-end encryption safe transmission by using the cloud platform Internet of things communication service, and sending the push message to a terminal of which the firmware needs to be updated through a message channel, so that the terminal of which the firmware needs to be updated downloads a corresponding patch file needed by firmware upgrade according to the content of the push message after receiving the push message; the push message includes: the system comprises version information of patch files required by firmware upgrading, the size and the number of sub-packets obtained after sub-packet processing of a sub-packet module, a download website sent by a sub-packet uploading module and combined check data generated by a combined check data generating module.
The terminal with the firmware needing to be updated comprises:
the system comprises a receiving module, a check code calculating module and a double verifying module;
the receiving module is used for receiving a push message sent by a server or a sending terminal and sequentially downloading corresponding sub-packages of patch files required by firmware upgrading in a downloading address according to version information in the push message; the push message comprises version information of patch files required by firmware upgrading, the packet size and number of the patch files required by the firmware upgrading, a downloading website for the packet of the patch files required by the firmware upgrading and combined check data, wherein the combined check data comprises a corresponding relation between the combined serial number and a sending serial number and a corresponding relation between the attached check code and the sending serial number;
the check code calculation module is used for calculating the check code of each sub-packet by adopting the integrity check algorithm same as that of the server or the sending terminal according to the 'sending serial number + sub-packet firmware data' carried by each sub-packet of the patch file required by the downloaded firmware upgrade, and the calculated check code is called as a calculation check code;
and the dual verification module is used for verifying whether the attached check code of each sub-packet is consistent with the calculated check code obtained by the check code calculation module, starting to traverse the received sub-packets once in the sequence of the sending serial number according to the combined check data in the push message after all verification passes, and sequentially combining all sub-packets according to the corresponding relation between the sending serial number and the combined serial number to obtain the patch file required by firmware upgrading.
If the attached check code of a certain sub-packet is found to be inconsistent with the calculated check code in the verification process of the double verification module, immediately deleting the sub-packet and requesting to download the sub-packet again;
and if the attached check code in a certain sub-packet is not consistent with the attached check code of the sub-packet recorded in the combined check data in the push message in the traversal process of the dual verification module, immediately stopping traversal, deleting the sub-packet and all sub-packets behind the sub-packet by using the sending sequence number of the sub-packet, re-initiating a file transmission request, and retransmitting the sub-packet and all the sub-packets behind the sub-packet by using a breakpoint continuous transmission function.
The terminals of which the firmware needs to be updated comprise a temperature and humidity acquisition terminal, an intelligent monitoring terminal, an Internet of things routing terminal and wearable terminal equipment which are applied to an Internet of things scene, and an intelligent garbage classification and recovery control terminal and a lawn maintenance control terminal in a smart city built by applying the Internet of things technology; and the method can also be used for high-end embedded equipment such as mobile phones, computers, vehicle-mounted navigators and the like.
According to the internet of things terminal firmware updating system provided by the embodiment, the combined serial number and the sending serial number are distributed to each data sub-packet, the attached check code is produced according to the sending serial number and the sub-packet firmware data, and the corresponding relation of the combined serial number, the sending serial number and the attached check code of all data sub-packets is sent in the push message, so that recombination attack and rewriting attack can be effectively responded in the transmission process of the internet of things terminal firmware updating data, the confidentiality and the integrity of firmware updating data are ensured, meanwhile, the use environment that the embedded terminal comprises a small embedded terminal and is limited in memory resources and computing capacity is considered, and the internet of things terminal firmware updating system has the advantages of being strong in universality, easy to implement and small in.
Some steps in the embodiments of the present invention may be implemented by software, and the corresponding software program may be stored in a readable storage medium, such as an optical disc or a hard disk.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. A data protection method in updating of Internet of things terminal firmware is applied to a server or a sending terminal, and is characterized by comprising the following steps:
s1 performing sub-packet processing on the firmware data to be transmitted, numbering each sub-packet, recording the original combination sequence of the data as a combination serial number, and writing the combination serial number into the corresponding sub-packet; the firmware data to be sent is a patch file required by firmware upgrading of a terminal of which the firmware needs to be updated;
s2, scrambling the original combined sub-packet sequence by adopting a random function, distributing a corresponding sending sequence number for the scrambled sub-packets, replacing the combined sequence number in each sub-packet with the sending sequence number, and recording the corresponding relation between the combined sequence number and the sending sequence number;
s3, calculating an attached check code generated by a sending serial number and packet firmware data for each sub packet by using an integrity check algorithm, attaching the attached check code to the tail of each sub packet, recording the corresponding relation between the attached check code and the sending serial number, uploading the sub packet with the attached check code at the tail to a cloud storage database of a cloud platform, and recording a downloading website generated by the cloud platform;
s4, packaging the corresponding relation between the combined serial number and the sending serial number and the corresponding relation between the attached check code and the sending serial number into combined check data;
s5, establishing cloud-end encryption security transmission by using the cloud platform Internet of things communication service, and sending the push message to the terminal of which the firmware needs to be updated through the message channel, so that the terminal of which the firmware needs to be updated downloads the corresponding patch file required by firmware upgrade according to the content of the push message after receiving the push message; the push message includes: the version information of the patch files required by firmware upgrading, the size and the number of the sub-packets obtained after the sub-packet processing of S1, the downloading website recorded in S3 and the combined verification data packaged in S4.
2. The method according to claim 1, wherein the S1 is preceded by: and carrying out differential operation on the new/old version firmware package by using a file differential tool to generate a differential file, wherein the differential file is a patch file required by firmware upgrading of a terminal of which the firmware needs to be updated.
3. The method of claim 1, wherein the integrity check algorithm comprises: a CRC algorithm, an integrity check algorithm using a hash function; the CRC algorithm includes CRC16 and CRC32 according to the packet size.
4. The method of claim 2, wherein the file differencing tool comprises a bsdiff/bspatch splitting tool integrated into a linux operating system.
5. A data protection method in updating of Internet of things terminal firmware is applied to a terminal with firmware needing to be updated, and is characterized by comprising the following steps:
step1, receiving a push message sent by a server or a sending terminal, and sequentially downloading corresponding sub-packages of patch files required by firmware upgrade in a download address according to version information in the push message; the push message comprises version information of patch files required by firmware upgrading, the packet size and number of the patch files required by the firmware upgrading, a downloading website for the packet of the patch files required by the firmware upgrading and combined check data, wherein the combined check data comprises a corresponding relation between a combined serial number and a sending serial number and a corresponding relation between an attached check code and the sending serial number; before sending a push message to a terminal of which the firmware needs to be updated, a server or a sending terminal performs sub-packet processing on firmware data to be sent, then numbers are given to each sub-packet, the numbers are used for recording the original combination sequence of the data and are recorded as combination serial numbers, and the combination serial numbers are written into corresponding sub-packets; the server or the sending terminal adopts a random function to disorder the sequence of the original combined sub-packets, distributes corresponding sending serial numbers for the scrambled sub-packets, replaces the combined serial number in each sub-packet with the sending serial number, and records the corresponding relation between the combined serial number and the sending serial number; the server or the sending terminal calculates an attached check code generated by a sending serial number and packet firmware data for each sub packet by using an integrity check algorithm, attaches the attached check code to the tail of each sub packet, records the corresponding relation between the attached check code and the sending serial number, uploads the sub packet with the attached check code at the tail to a cloud storage database of a cloud platform, and records a downloading website generated by the cloud platform;
step2, calculating the check code of each sub-packet by adopting the integrity check algorithm same as that of the server or the transmitting terminal according to the 'transmitting serial number + sub-packet firmware data' carried by each sub-packet of the patch file required by the downloaded firmware upgrade, and calling the calculated check code as a calculated check code;
and Step3, verifying whether the attached check code of each sub-packet is consistent with the calculated check code obtained in Step2, after all the verification passes, starting to perform one-time traversal on the received sub-packets by taking the sending sequence number as the sequence according to the combined check data in the push message, and sequentially combining all the sub-packets according to the corresponding relation between the sending sequence number and the combined sequence number to obtain the patch file required by firmware upgrading.
6. The method of claim 5 wherein, at Step3, if the appended checksum of a packet does not match the calculated checksum obtained at Step2, the packet is immediately deleted and the download of the packet is re-requested.
7. The method according to claim 5, wherein in Step3, if the appended check code in a packet is not consistent with the appended check code of the packet described in the combined check data in the push message during traversal, the traversal is immediately stopped, the packet and all the packets following the packet are deleted by using the transmission sequence number of the packet, the file transmission request is reinitiated, and the packet and all the packets following the packet are retransmitted by using the breakpoint transmission function.
8. A server or a transmitting terminal, characterized in that the server or the transmitting terminal comprises:
the system comprises a sub-packaging module, an out-of-order module, a check code generation module, a combined check data generation module, a sub-packaging uploading module and a push message sending module;
the sub-packet module is used for sub-packet processing of firmware data to be sent, numbering is carried out on each sub-packet, the numbers are used for recording the original combination sequence of the data and are recorded as combination serial numbers, and the combination serial numbers are written into corresponding sub-packets; the firmware data to be sent is a patch file required by firmware upgrading of a terminal of which the firmware needs to be updated;
the disorder module is used for adopting a random function to disorder the sequence of the original combined sub-packets, distributing corresponding sending serial numbers for the disordered sub-packets, and replacing the combined serial numbers in each sub-packet with the sending serial numbers;
the check code generation module is used for calculating an attached check code generated by 'sending serial number + packet firmware data' for each sub-packet by using an integrity check algorithm, and attaching the attached check code to the tail of each sub-packet;
the combined check data generating module is used for generating combined check data according to the corresponding relation of the combined serial number, the sending serial number and the attached check code in a packaging mode, and sending the combined check data to the push message sending module;
the sub-packet uploading module is used for uploading the sub-packet with the appended check code at the tail to a cloud storage database of the cloud platform and sending a download website generated by the cloud platform to the push message sending module;
the push message sending module is used for establishing cloud-end encryption safe transmission by using the cloud platform Internet of things communication service, and sending the push message to a terminal of which the firmware needs to be updated through a message channel, so that the terminal of which the firmware needs to be updated downloads a corresponding patch file needed by firmware upgrade according to the content of the push message after receiving the push message; the push message includes: the system comprises version information of patch files required by firmware upgrading, the size and the number of sub-packets obtained after sub-packet processing of a sub-packet module, a download website sent by a sub-packet uploading module and combined check data generated by a combined check data generating module.
9. A terminal, wherein the terminal is a terminal whose firmware needs to be updated, comprising:
the system comprises a receiving module, a check code calculating module and a double verifying module;
the receiving module is used for receiving a push message sent by a server or a sending terminal and sequentially downloading corresponding sub-packages of patch files required by firmware upgrading in a downloading address according to version information in the push message; the push message comprises version information of patch files required by firmware upgrading, the packet size and number of the patch files required by the firmware upgrading, a downloading website for the packet of the patch files required by the firmware upgrading and combined check data, wherein the combined check data comprises a corresponding relation between a combined serial number and a sending serial number and a corresponding relation between an attached check code and the sending serial number; before sending a push message to a terminal of which the firmware needs to be updated, a server or a sending terminal performs sub-packet processing on firmware data to be sent, then numbers are given to each sub-packet, the numbers are used for recording the original combination sequence of the data and are recorded as combination serial numbers, and the combination serial numbers are written into corresponding sub-packets; the server or the sending terminal adopts a random function to disorder the sequence of the original combined sub-packets, distributes corresponding sending serial numbers for the scrambled sub-packets, replaces the combined serial number in each sub-packet with the sending serial number, and records the corresponding relation between the combined serial number and the sending serial number; the server or the sending terminal calculates an attached check code generated by a sending serial number and packet firmware data for each sub packet by using an integrity check algorithm, attaches the attached check code to the tail of each sub packet, records the corresponding relation between the attached check code and the sending serial number, uploads the sub packet with the attached check code at the tail to a cloud storage database of a cloud platform, and records a downloading website generated by the cloud platform;
the check code calculation module is used for calculating the check code of each sub-packet by adopting the integrity check algorithm same as that of the server or the sending terminal according to the 'sending serial number + sub-packet firmware data' carried by each sub-packet of the patch file required by the downloaded firmware upgrade, and the calculated check code is called as a calculation check code;
and the dual verification module is used for verifying whether the attached check code of each sub-packet is consistent with the calculated check code obtained by the check code calculation module, starting to traverse the received sub-packets once in the sequence of the sending serial number according to the combined check data in the push message after all verification passes, and sequentially combining all sub-packets according to the corresponding relation between the sending serial number and the combined serial number to obtain the patch file required by firmware upgrading.
10. An internet of things terminal firmware updating system, characterized in that the system comprises the terminal of claim 9 and the server or sending terminal of claim 8.
CN201910280136.5A 2019-04-09 2019-04-09 Data protection method and system in updating of terminal firmware of Internet of things Active CN110008757B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910280136.5A CN110008757B (en) 2019-04-09 2019-04-09 Data protection method and system in updating of terminal firmware of Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910280136.5A CN110008757B (en) 2019-04-09 2019-04-09 Data protection method and system in updating of terminal firmware of Internet of things

Publications (2)

Publication Number Publication Date
CN110008757A CN110008757A (en) 2019-07-12
CN110008757B true CN110008757B (en) 2020-11-03

Family

ID=67170440

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910280136.5A Active CN110008757B (en) 2019-04-09 2019-04-09 Data protection method and system in updating of terminal firmware of Internet of things

Country Status (1)

Country Link
CN (1) CN110008757B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021097704A1 (en) * 2019-11-20 2021-05-27 深圳市欢太科技有限公司 Data transmission method, data downloading method and terminal
CN111880826A (en) * 2020-07-28 2020-11-03 平安科技(深圳)有限公司 Cloud service application upgrading method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436141A (en) * 2008-11-21 2009-05-20 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
WO2012024963A1 (en) * 2010-08-27 2012-03-01 华为终端有限公司 Method, apparatus and system for processing firmware based on firmware over the air technology
CN109255232A (en) * 2018-08-30 2019-01-22 紫光华山信息技术有限公司 A kind of method for loading software and software loading apparatus
CN109361544A (en) * 2018-10-30 2019-02-19 深圳市航天华拓科技有限公司 A kind of positioning terminal firmware method, apparatus and calculate equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10182304B2 (en) * 2015-06-18 2019-01-15 Gainspan Corporation Updating firmware of IOT devices
CN107426279A (en) * 2017-04-25 2017-12-01 航天科技控股集团股份有限公司 A kind of local area network wireless upgrade method of Internet of Things car-mounted terminal
CN108337120A (en) * 2018-02-01 2018-07-27 北京安控科技股份有限公司 A kind of remote upgrade method of internet-of-things terminal equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436141A (en) * 2008-11-21 2009-05-20 深圳创维数字技术股份有限公司 Firmware upgrading and encapsulating method and device based on digital signing
WO2012024963A1 (en) * 2010-08-27 2012-03-01 华为终端有限公司 Method, apparatus and system for processing firmware based on firmware over the air technology
CN109255232A (en) * 2018-08-30 2019-01-22 紫光华山信息技术有限公司 A kind of method for loading software and software loading apparatus
CN109361544A (en) * 2018-10-30 2019-02-19 深圳市航天华拓科技有限公司 A kind of positioning terminal firmware method, apparatus and calculate equipment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs;Dennis Kengo Nilsson 等;《2008 IEEE Globecom Workshops》;20090109;第1-5页 *
Secure Firmware Validation and Update for Consumer Devices in Home Networking;Byung Chul Choi 等;《IEEE Transactions On Consumer Electronics》;20160330;第62卷(第1期);第39-44页 *
物联网云平台终端远程更新技术研究与应用;魏民 等;《电信科学》;20181020;第34卷(第10期);第137-142页 *

Also Published As

Publication number Publication date
CN110008757A (en) 2019-07-12

Similar Documents

Publication Publication Date Title
CN110008757B (en) Data protection method and system in updating of terminal firmware of Internet of things
EP2568639B1 (en) Method, apparatus and system for processing firmware based on firmware over the air technology
US7707409B2 (en) Method and system for authenticating software
EP3369030B1 (en) Methods and apparatus for mobile computing device security in testing facilities
US8108536B1 (en) Systems and methods for determining the trustworthiness of a server in a streaming environment
CN102045201B (en) Automatic upgrading method and system of intranet server cluster
US20040111618A1 (en) Software integrity test
JP4860070B2 (en) File transmission method and file transmission system
CN106843957A (en) System firmware upgrade method and device
KR100453504B1 (en) Method and system for authenticating a software
CN104199654A (en) Open platform calling method and device
CN101473590A (en) System and method for cacheing WEB files
US20200264864A1 (en) Vehicle-mounted device upgrade method and related device
CN111209558A (en) Internet of things equipment identity authentication method and system based on block chain
CN109002312A (en) Method for upgrading software, device and upgrade server and equipment
CN110582776A (en) Continuous hash verification
US8646070B1 (en) Verifying authenticity in data storage management systems
CN101453479A (en) Fast document transmission system
CN107743115B (en) Identity authentication method, device and system for terminal application
CN104348578A (en) Data processing method and device
CN109862002B (en) Traceable data security fidelity method
CN110968899A (en) Data blocking confirmation method, device, equipment and medium based on block chain
WO2016068996A1 (en) Security record transfer in a computing system
CN109710284A (en) A kind of charging pile remote upgrade method with safe ciphering and data compression
CN106921644B (en) Client data file verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant