US20170250818A1 - Method and System for Securely Updating Field Upgradeable Units - Google Patents
Method and System for Securely Updating Field Upgradeable Units Download PDFInfo
- Publication number
- US20170250818A1 US20170250818A1 US15/486,348 US201715486348A US2017250818A1 US 20170250818 A1 US20170250818 A1 US 20170250818A1 US 201715486348 A US201715486348 A US 201715486348A US 2017250818 A1 US2017250818 A1 US 2017250818A1
- Authority
- US
- United States
- Prior art keywords
- memory
- network device
- information
- update
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
- G06Q20/123—Shopping for digital content
- G06Q20/1235—Shopping for digital content with control of digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Definitions
- the disclosed embodiments relate generally to the field of securing computing systems, and more particularly to performing secure program upgrades.
- a central office can issue an update to a field upgradeable unit along with a signature.
- the signature and a central office's private key can be used together to authenticate the update's validity and its source.
- the field upgradeable unit authenticates the update using the public key. If the signature matches, the field upgradeable unit can install the update. If the update signature cannot be authenticated, the field upgradeable unit determines that the update is bogus and rejects it.
- the authentication of the update relies on an assumption that the central office's private key is used to create a valid signature that can be authenticated with a copy of the public key at the field-upgradeable unit. While the public and private keys may be stored securely, it may be possible for an attacker to obtain the keys. For instance, given sufficient time and computing resources, the attacker may compromise the private key through a brute-force attack on the public key. The public key could be compromised through a ‘mole attack’, in which a person involved in the production of the field upgradeable unit steals the key. A physical attack may allow access to the public key by acquiring a field upgradeable unit and replacing the entire memory.
- An attacker who possesses the central office private key can compromise an entire network. For instance, the attacker could use the private key to distribute a bogus update. Because the attacker's bogus update is signed and/or encrypted with valid keys, the field upgradeable unit decrypts and authenticates the bogus update using its public key. Doing so could enable the node's software or firmware to be updated with invalid and/or malicious software.
- One solution to resist such attacks is to update the central office public key stored in each field unit periodically, thereby precluding the use of a compromised central office private key. That is, to resist the brute force attack the central office public key should be updated faster than the key could be derived by the attacker. To resist the mole attack, the central office public key could be updated before the attacker could use the compromised central office private key to replace a field unit's firmware.
- a device may determine whether a predefined location of memory includes a predetermined value, e.g., a particular command. Based on the value in the predefined location, the device may store the received update object in a verification portion of the memory. After verifying the authenticity of the update object, the device may copy the update object from the verification portion of the memory to an inactive portion of secure memory. The inactive portion of the memory can be swapped with an active portion of the secure memory, such that the inactive portion becomes active.
- FIG. 1 is a block diagram illustrating an exemplary system including a number of field upgradeable units
- FIG. 2 is a block diagram illustrating an exemplary field upgradeable unit
- FIG. 3 is a functional diagram of an exemplary memory device in a field upgradeable unit.
- FIG. 4 is a process flow chart illustrating steps performed by an exemplary field upgradeable unit.
- Systems and methods disclosed herein update information in network devices.
- the updated information may include cryptographic keys, software and/or firmware in devices.
- attackers may be prevented from using stolen keys to place bogus information on the devices on a regular basis. For instance, in the event an attacker obtains a copy of a central office private key or in anticipation of an attacker obtaining a copy of a central office private key, the exemplary embodiments disclosed herein allow a network operator to generate at least one new private key and update the corresponding public keys in the network devices before the attacker can use the stolen private key.
- the exemplary embodiments thwart the compromise of public keys residing in the network devices.
- FIG. 1 is a block diagram illustrating an exemplary system 100 including field upgradeable units 110 A- 110 D (collectively “field upgradeable units 110 ”), a host 120 and network 130 .
- a field upgradeable unit 110 can be any programmable data processing device.
- a field upgradeable unit 110 can be a general-purpose computer, a server, a network device (e.g., gateway, terminal, switch, repeater, router), an application-specific device (e.g., residential utility meter, remote sensor, set-top box, game device, mobile telephone), or a home appliance (e.g., refrigerator or dishwasher).
- Host 120 can be any computing and/or communication device operable to communicate and/or receive information over link 112 .
- Host 120 may be, for example, a server, a workstation, a mainframe computer, a mini-frame computer, a desktop computer, a laptop computer, a personal digital assistant, or any other computing or communicating device.
- Field upgradeable units 110 may be communicatively coupled to one another and to host 120 via links 112 .
- Communication links 112 can be wired, fixed wireless, or mobile wireless links that use a variety of communication protocols.
- Communications link 112 may include any hardware, software, firmware, or combination thereof.
- Communications link 112 may, for example, comprise a twisted-pair telephone line, a fiber optic line, a Digital Subscriber Line (DSL), a wireless link, a USB bus, a PCI bus, an Ethernet interface, or any other suitable interface operable to assist in the communication of information to and/or from field upgradeable unit 110 .
- information can be transmitted over communications links 112 within data packets according to packet-switching protocols, such as Transaction Control Protocol (TCP)/Internet Protocol (IP), X.25, and Frame Relay.
- TCP Transaction Control Protocol
- IP Internet Protocol
- X.25 X.25
- Frame Relay Frame Relay
- Network 130 may comprise any wireless network, wireline network, or combination of wireless and wireline networks capable of supporting communication between network elements using ground-based and/or space-based components.
- Network 100 can be, for instance, a cable television network, a satellite communications network, a sensor network, or an ad-hoc wireless communications network, a data network, a public switched telephone network (PSTN), an integrated services digital network (ISDN), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), all or a portion of the global computer network known as the Internet, and/or other communication systems or combination of communication systems at one or more locations.
- Network 130 illustrated in FIG. 1 is a simplified example having only a few generic elements. However, other networks having different numbers and types of elements in different configurations may benefit from embodiments of this disclosure.
- Network 130 can also be connected to another network, contain one or more other sub-networks, and/or be a sub-network within another network.
- network 130 can be a wireless smart-grid network that monitors and controls an electrical power generation and distribution service in which the elements of such a network establish communication links 112 with other elements within their transmission range.
- one field upgradeable unit may exchange information with another by relaying the information over a series of intervening elements of network 130 (or a combination of networks).
- FIG. 2 is a block diagram illustrating an exemplary field upgradeable unit 110 having a controller 210 .
- Controller 210 may include any hardware that, in combination with software and/or firmware, is capable of processing at least a portion of programs stored in field upgradeable unit 110 .
- controller 210 may be a system-on-chip in which substantially all components of controller 210 are integrated into a single integrated device (i.e., chip).
- a single integrated device i.e., chip
- the single chip implementation enables all of the components of the controller to be reset at once, to provide for more effective control over the security of the controller's operation.
- controller 210 may have a central processing unit (“CPU”) 222 communicatively linked to a random access memory (“RAM”) 224 , a read-only memory (“ROM”) 226 , clock 228 , a communication interface 230 , and a data bus 232 .
- CPU 222 is an electronic data processing device that executes program instructions recorded in computer-readable memory devices (e.g., RAM 224 , ROM 226 or memory device 280 ).
- CPU 222 may be a general-purpose processor (e.g., INTEL), or a specialized, embedded processor (e.g., ARM).
- FIG. 2 depicts controller 210 as a single processing device, controller 210 may comprise multiple processors, a processor array, or any other suitable processor or processors.
- Communications interface 230 may include hardware (e.g., modem, network interface card, etc.), software (e.g., multi-layer protocol support, protocol conversion, data processing, data modulation, codec, etc.), firmware, data or combination thereof operable to facilitate communication with one or more elements external to field upgradeable unit 110 .
- communication interface 230 exchanges information with CPU 222 to encode and decode messages transmitted over communication link 112 .
- communications interface 230 may receive a message from CPU 222 and convert the information into data packets for transmission over communication link 112 according to the TCP/IP data transmission protocol.
- communication interface 230 device may receive TCP/IP data packets from another one of nodes 110 over communication link 112 and assemble the packets into a message before providing the information to CPU 222 .
- Operating parameters used to configure and control communications interface 230 , as well as other components of field upgradeable unit 110 may be stored in the field-upgradeable unit 110 's computer-readable data recording devices, such as RAM 224 , ROM 226 or memory device 280 .
- updates of memory device 280 can be limited by a state machine 270 .
- State machine 270 may prevent controller 210 from altering the contents of non-volatile memory 280 . In this way, for example, state machine 270 may protect the non-volatile memory 280 so that updates may only be performed under particular conditions.
- State machine 270 may be a digital logic device having a limited number of predefined states, transitions between those states, and actions. State machine 270 may be controlled by a hardware digital circuit comprised of one or more programmable logic devices, programmable logic controllers, data registers, logic gates and flip flops, for example.
- a bootloader 282 in non-volatile memory 280 includes instructions that are to be executed by the controller 210 whenever the controller 210 is in an initialization state, such as when the controller 210 is first powered up or is rebooted or otherwise reset.
- state machine 270 is in a particular state that enables the access and/or alteration of the memory device 280 . While in such a state, controller 210 may be prevented from executing software, which may be insecure and/or corrupted by an attacker.
- controller 210 may execute firmware stored in ROM 226 that updates the memory device's contents. The firmware may disable changes to memory device 280 before relinquishing controller 210 to execute the software.
- the firmware stored in ROM 226 may be such that, when executed, it places state machine 270 in the update state after a hardware reset of field upgradeable unit 110 .
- Firmware may trigger state machine 270 to enter the update state by storing a predetermined value, such as a specific command. For instance, the firmware may write the value to a specified register in RAM 224 , and then reset the unit 110 . The value stored in this register persists across the reset operation.
- Non-volatile memory device 280 may include hardware, software, firmware, or a combination thereof operable to store and to retrieve information, including computer-readable program instructions and data.
- Memory device 280 may be, for instance, a semiconductor, magnetic or optical-based information storage/retrieval device (e.g., flash memory, hard disk drive, CD-ROM, flash RAM). Although memory device 280 is depicted as a single medium, memory device 280 may comprise a number of storage media.
- Memory device 280 could reside entirely within controller 210 or, in other embodiments, a part could reside in a location that is outside of controller 210 . In some embodiments, it is required that at least one part of non-volatile memory device 280 reside inside the controller 210 .
- Information stored on memory device 280 may include, for example, software, firmware, code, portions of code, data compilations, a combination of these and/or other type of information.
- memory device 280 may include bootloader 282 and update module 284 .
- update module 284 may be hardwired logic in ROM 226 to ensure the module is secure and cannot be changed by an attacker.
- Memory device 280 may also store one or more keys for use in cryptographic operations.
- keys stored on memory device 280 include public keys 287 corresponding to, for example, private keys of host 120 or some other trusted authority.
- memory device 280 can store field upgradeable unit 110 's secret and/or private keys 287 .
- Memory device 280 can also store other information used in cryptographic operations performed by field upgradeable unit 110 .
- bootloader 282 may load a secondary stage bootloader from memory device 280 if the secondary stage bootloader is properly signed.
- “Properly signed” means signed with a private key (e.g., private key of host 120 ) associated with one of the public keys 287 (e.g., a “current key” or a “next key” used in a key management protocol of a wireless network security standard, such as “Wired Equivalent Privacy”) in memory device 280 .
- Field upgradeable unit 110 can be updated periodically, randomly and/or manually (i.e., on command). For instance, information received over network 130 (e.g., from another node 110 or host 120 ), may trigger node 110 to perform an update. The update information may be pushed to or pulled by field-upgradeable unit 110 . In some embodiments, the provision of update information to field-upgradeable unit 110 may be initiated by network 130 (e.g., from another node 110 or host 120 .) Alternatively or additionally, field-upgradeable unit 110 may retrieve updated information from network 130 .
- Field upgradeable unit 110 may receive update information from a variety of sources. For instance, a technician may manually couple a device containing an update object to field upgradeable unit 110 . In other instances, field upgradeable unit 110 may receive the update information over network 130 , via a communication link 112 , from host 120 or another one of field upgradeable units 110 . Communicating the update information through network 130 is performed, for example, when the update object is stored on another device in network 130 .
- update information that corresponds to field upgradeable unit 110 's bootloader 282 .
- the update information may comprise, for example, any software, firmware, codes, keys, data compilations, software applications, the state of hardware (e.g., voltage levels of a control pin), and/or combinations of these or any other type of information.
- FIG. 3 is a functional diagram of an exemplary memory allocation in a field upgradeable unit 110 .
- the allocated memory includes secure non-volatile memory in the memory device 280 , and non-secure memory, e.g., volatile memory that persists across a hardware reset.
- memory device 280 can be functionally divided into several portions, including an active portion 305 and an inactive portion 310 .
- active portion 305 of memory device 280 may store two keys, wherein the first key is a current key and the second key is the next key, one or both of which may be used to sign and authenticate the firmware.
- an update object 320 that may be used to upgrade the information stored in memory device 280 of field upgradeable unit 110 .
- Update object 320 may include update information that is formatted into a number of sections, including: update information (e.g., program instructions for a bootloader), Key 1 , Key 2 , Key 3 , Signature 1 , Signature 2 , and Signature 3 .
- the update object 320 may have an associated update signature 321 that may be provided with (such as being appended to) the update object 320 .
- Key 1 , Key 2 , Key 3 , Signature 1 , Signature 2 , and Signature 3 may, for example, support a key management protocol used by the operator of network 130 .
- Secure non-volatile memory device 280 may operate as a “read-only” memory except in certain circumstances, such as when field upgradeable unit 110 is placed in an “update mode” and/or state machine 270 is in the “update state.”
- field upgradeable unit 110 enters update mode after being reset. Reset may occur remotely or locally. A reset may also be remotely commanded by another field upgradeable unit 110 , host 120 or a central authority (not shown) via network 130 . In addition, reset may be locally commanded by a physical interface, such as special pin and/or connector (e.g., a Joint Test Access Group (“JTAG”) port). More specifically, controller 210 hardware can be configured to detect that update mode is requested by, for instance, monitoring a particular signal, pin or memory register.
- JTAG Joint Test Access Group
- memory device 280 is updateable may be controlled by the state of state machine 270 . For instance, so long as state machine 270 is not in the update state, non-volatile memory device 280 may function as a read-only device.
- state machine 270 may place memory 280 into an update state that enables information to be written into non-volatile memory device 280 .
- controller 210 may erase all keys 287 from memory device 280 .
- the erasure may be performed as disclosed in copending application number 12 / 493 , 707 , titled “Integrated Cryptographic Security Module for a Network Node”. In such a situation, if field upgradeable unit 110 is placed into the update mode for any reason, including reprogramming memory device 280 , the field upgradeable unit 110 must be recertified to rejoin network 130 afterwards.
- field-upgradeable unit 110 cannot rejoin network 130 without being recertified into the network and/or without receiving a new certificate and/or keys 287 from host 120 , another node 110 or a central authority (not shown).
- Update module 284 may place field upgradeable unit 110 into update mode by storing update object 320 , and its associated update signature 321 , if present, in non-secure memory 315 located outside the memory device 280 . Update module 284 may then initiate an update by writing a predetermined value, such as an update command, to a predefined location 317 in the memory 315 , e.g., a specified command register.
- a predetermined value such as an update command
- the state machine can be a two-state device.
- the two states can be designated “Write-Enable”, in which data is permitted to be written into the non-volatile memory device, and “Write-Disable”, which causes the memory device to function as a read-only memory.
- update module 284 may cause controller 210 to reset and restart using firmware stored in ROM 226 or memory device 280 that does not include and/or enable interrupt or exception handling software.
- update module 284 may control CPU 222 to terminate any processes for interrupt or exception handling, such as interrupt handler 286 and exception handler 288 .
- controller 210 may execute special upgrade code stored in, for example, ROM 226 . Otherwise, controller 210 may execute the normal startup code (e.g., a bootloader).
- update module 284 may initiate the update mode by triggering state machine 270 to read predefined location 317 in the memory 315 . Controller 210 can monitor location 317 and switch into the update mode once this has occurred. Update module 284 can then verify that the information in a verification area 319 is authentic (e.g., a bootloader provided by an operator of network 130 and/or received from a trusted source).
- the update information comprises the particular firmware or software for the field upgradeable unit 110 that is to be updated, e.g. bootloader code.
- Key 1 corresponds to the “current key” and Key 2 corresponds to the “next key” among the public keys 287 stored in the memory device 280 .
- Key 3 is a new key being provided with the update.
- Signature 1 is generated (such as by the host 120 or, for example, at the request of the host 120 ) from the update information, using the private key of the host 120 that corresponds to public Key 1 .
- the update information itself may be signed with the private key to generate the signature.
- a hash of the update information is first created, and this hash is then signed with the private key to generate Signature 1 .
- Signature 2 and Signature 3 are generated by signing the update information, or a hash of the update information, with the private keys that correspond to Key 2 and Key 3 .
- an update signature 321 associated with the update object 320 may also be generated (again, for example, such as by the host 120 ) by creating a hash of all of the other elements of the update object, namely the update information, Key 1 , Key 2 , Key 3 , Signature 1 , Signature 2 and Signature 3 , and signing that hash with the private key of the host 120 that corresponds to Key 1 .
- the update object 320 and sgnature 321 are loaded into a verification portion 319 of the non-secure memory.
- An update command is loaded into the predefined location 317 , e.g. a command register.
- the controller 210 is then instructed to perform a hardware reset. For the embodiment employing a state machine having two states, the reset causes the state machine to be set to the “Write-Enable” state.
- the controller 210 first executes trusted code stored in a secure location, e.g. hardwired firmware in the ROM 226 . The code first checks to see whether a request has been issued to perform an update, e.g. an update command is stored in the command register 319 . If not, the code resets the state machine to the “Write-Disabled” state, and transfers control to bootloader software stored in the active portion 305 of the secure non-volatile memory device 280 .
- the controller 210 validates the command, e.g. checks whether it is on a list of valid commands. For embodiments in which the update object is accompanied by an update signature, after validation of the command the controller applies its current public key (corresponding to Key 1 ) to the update signature 321 stored in the verification portion 319 , to determine a hash value, identified as “hash 1 ” for reference purposes.
- the controller separately generates a hash value, identified as “hash 2 ”, from the contents of the update object 320 , namely the update information, Key 1 , Key 2 , Key 3 , Signature 1 , Signature 2 and Signature 3 . Hash 1 and hash 2 are compared, and if they match, the update object is determined to be authentic.
- the controller 210 calculates a hash of the update information, identified as “hash 3 ”.
- Key 1 is applied to Signature 1 to determine a hash value, identified as “hash 4 ”.
- Hash 3 and hash 4 are compared to see if they match one another.
- Key 2 is used to generate a hash value from Signature 2
- Key 3 is used to generate a hash value from Signature 3 .
- Each of these generated hash values is also compared with hash 3 , to determine whether they match. If the calculated value for hash 3 matches each of the hash values generated from the signatures, the update object 320 is verified.
- update module 284 may cause the update mode to end and cause node 110 to start (or restart) normal operation without updating or affecting the content of memory device 280 .
- Update module 284 may also restart the controller 210 using the existing information in active portion 305 of memory device 280
- update module 284 copies Key 2 , Key 3 , and the update information (which, as discussed above, may be a new bootloader) into the inactive portion 310 of secure memory device 280 . Another verification may be performed to make sure that all data was copied correctly. If there is no failure, update module 284 sends a command to swap between active portion 305 and inactive portion 310 . This swap may be carried out physically, by rewriting the contents of active portion 305 with the contents of inactive portion 310 .
- a reference e.g., a pointer
- Key 2 becomes the current key
- Key 3 becomes the next key
- the new bootloader becomes the current bootloader 282
- Key 1 is discarded.
- upgrade-safe devices may be memory blocks inside controller 210 (e.g., RAM 224 or ROM 226 ) such that reprogramming by an attacker would be very time consuming and/or expensive, and would also require physical access to controller 210 by the attacker. The same result may occur if controller 210 detects any interrupts or exceptions. By doing so, an attacker may be prevented from executing update module 284 from any external device or executing the controller 210 internal code from any entry point while the controller 210 hardware is in the update mode.
- the trusted code resets the state machine to the “Write-Disable” state, and transfers control to the bootloader software.
- trusted code that cannot be changed in the field during updates, e.g. hardwired ROM firmware, and resetting the state machine to the “Write-Disable” state before transferring execution to other, updateable firmware, protection from unauthorized alteration of the keys and other updateable objects is enhanced.
- a hardware reset of the controller is employed as the mechanism to initiate an update.
- the update procedure may be initiated by a call to a secure update function stored in the ROM or other secure memory.
- the trusted code being called can itself set the state machine to the “Write-Enable” state, as well as disable all interrupts and exceptions, as part of the update process.
- the secure update function need not be automatically executed upon the occurrence of a reset. Rather, after reset, the controller can first check the predefined location 317 in memory, and determine whether an update command is stored there. If so, it first validates the command and then proceeds to execute the update code stored in the ROM.
- the update code can set the state machine to the “Write Enable” state instead of having it automatically set to that state by the hardware reset.
- a program counter can be used to inhibit the execution of the code if it starts at any location other than the memory address for the first instruction line of the code. In that manner, the state machine will be set to the “Write Enable” state before any other operations are performed that require access to the non-volatile memory device 280 .
- FIG. 4 is a process flow chart illustrating steps performed by an exemplary field upgradeable unit 110 .
- field upgradeable unit 110 may receive a signed update object 320 , and optional update signature, in association with one or more keys (e.g., Key 1 , Key 2 , Key 3 ) at Step 405 .
- the object may be provided directly, such as by a host device operated by a technician, or indirectly, such as over network 130 .
- field upgradeable unit 110 may only enter update mode if a predetermined value is stored in a predefined location 317 of memory (Step 407 , “Yes”). Otherwise, the update object cannot be stored in memory 280 (Step 408 ). Furthermore, state machine 270 may be triggered to enter an update state based on whether the predetermined value is stored in the predefined location 317 of memory device 280 . When state machine 270 is not in the update state, controller 210 and any software executed by the controller, such as update module 284 , may be prevented from modifying the information stored in memory device 280 .
- field upgradeable unit 110 may place itself in update mode (step 410 ), in which field upgradeable unit 110 disables its interrupt handler 286 and exception handler 288 (step 415 ) to prevent tampering with the unit during update. For instance, in response to the receipt of an update object, field upgradeable unit 110 may restart using a secure, update mode in which exceptions and interrupts are disabled.
- update module 284 may authenticate the data in verification portion 319 (Step 420 ), for example as described previously. If authentication fails (step 425 , “No”), the upgrade process ends and/or restarts (Step 430 ). If authentication passes (step 425 , “Yes”), the bootloader 282 and/or Key 2 and Key 3 are copied to inactive portion 310 of memory device 280 (Step 435 ). In some embodiments, the copies in inactive portion 310 are verified again to ensure that no changes occurred during copying (Step 440 ).
- update module 284 determines that bootloader 282 , Key 2 and Key 3 were successfully copied (step 445 , “Yes”) to inactive portion 310 , update module 284 swaps the inactive portion 310 and the active portion 305 of memory device 280 , such that the inactive portion 310 , including the new key and bootloader, becomes active automatically (Step 450 ).
- Field upgradeable unit 110 may then restart (i.e., reboot) using the new bootloader 282 and keys.
- field upgradeable unit may be required to rejoin network 130 including, for example, obtaining a new network certificate from another node 110 or host 120 .
- the exemplary systems and methods described above provide for the secure updating of network devices such that, if network keys are stolen by an attacker, the keys can be replaced before the attacker has an opportunity to make use of them. Furthermore, by providing the above-described cryptographic, procedural and physical security, the exemplary network devices prevent an attacker from compromising a device's keys or update object while the device is being updated.
- embodiments and features of the invention can be implemented through computer hardware and/or software. While illustrative embodiments of the invention have been described herein, further embodiments can include equivalent elements, modifications, omissions, combinations (e.g., of aspects across various embodiments), adaptations and/or alterations as would be appreciated by those in the art based on the present disclosure. Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments of the invention disclosed herein. Further, the steps of the disclosed methods can be modified in various manners, including by reordering steps and/or inserting or deleting steps, without departing from the principles of the invention. It is therefore intended that the specification and embodiments be considered as exemplary only.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computing Systems (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
Description
- This disclosure claims benefit of priority to provisional patent application 61/233,057, the contents of which are incorporated herein by reference in their entirety.
- The disclosed embodiments relate generally to the field of securing computing systems, and more particularly to performing secure program upgrades.
- It may be desirable to enhance or update the functionality of devices after they are placed in the field for use. Consequently, there is a need to securely update software or firmware in “field upgradeable units” such that an attacker cannot modify the units with bogus information.
- Existing systems protect against bogus modifications by signing software with cryptographic keys. For instance, a central office can issue an update to a field upgradeable unit along with a signature. The signature and a central office's private key can be used together to authenticate the update's validity and its source. When an update is issued, the field upgradeable unit authenticates the update using the public key. If the signature matches, the field upgradeable unit can install the update. If the update signature cannot be authenticated, the field upgradeable unit determines that the update is bogus and rejects it.
- The authentication of the update relies on an assumption that the central office's private key is used to create a valid signature that can be authenticated with a copy of the public key at the field-upgradeable unit. While the public and private keys may be stored securely, it may be possible for an attacker to obtain the keys. For instance, given sufficient time and computing resources, the attacker may compromise the private key through a brute-force attack on the public key. The public key could be compromised through a ‘mole attack’, in which a person involved in the production of the field upgradeable unit steals the key. A physical attack may allow access to the public key by acquiring a field upgradeable unit and replacing the entire memory.
- An attacker who possesses the central office private key can compromise an entire network. For instance, the attacker could use the private key to distribute a bogus update. Because the attacker's bogus update is signed and/or encrypted with valid keys, the field upgradeable unit decrypts and authenticates the bogus update using its public key. Doing so could enable the node's software or firmware to be updated with invalid and/or malicious software.
- One solution to resist such attacks is to update the central office public key stored in each field unit periodically, thereby precluding the use of a compromised central office private key. That is, to resist the brute force attack the central office public key should be updated faster than the key could be derived by the attacker. To resist the mole attack, the central office public key could be updated before the attacker could use the compromised central office private key to replace a field unit's firmware.
- Systems and methods are disclosed for securely upgrading information in devices, such as field upgradeable units. In response to receiving an update object, a device may determine whether a predefined location of memory includes a predetermined value, e.g., a particular command. Based on the value in the predefined location, the device may store the received update object in a verification portion of the memory. After verifying the authenticity of the update object, the device may copy the update object from the verification portion of the memory to an inactive portion of secure memory. The inactive portion of the memory can be swapped with an active portion of the secure memory, such that the inactive portion becomes active.
-
FIG. 1 is a block diagram illustrating an exemplary system including a number of field upgradeable units; -
FIG. 2 is a block diagram illustrating an exemplary field upgradeable unit; -
FIG. 3 is a functional diagram of an exemplary memory device in a field upgradeable unit; and -
FIG. 4 is a process flow chart illustrating steps performed by an exemplary field upgradeable unit. - Systems and methods disclosed herein update information in network devices. In some exemplary embodiments, the updated information may include cryptographic keys, software and/or firmware in devices. By updating information in devices, attackers may be prevented from using stolen keys to place bogus information on the devices on a regular basis. For instance, in the event an attacker obtains a copy of a central office private key or in anticipation of an attacker obtaining a copy of a central office private key, the exemplary embodiments disclosed herein allow a network operator to generate at least one new private key and update the corresponding public keys in the network devices before the attacker can use the stolen private key. In addition, the exemplary embodiments thwart the compromise of public keys residing in the network devices.
-
FIG. 1 is a block diagram illustrating anexemplary system 100 including fieldupgradeable units 110A-110D (collectively “fieldupgradeable units 110”), ahost 120 andnetwork 130. A fieldupgradeable unit 110 can be any programmable data processing device. For example, a fieldupgradeable unit 110 can be a general-purpose computer, a server, a network device (e.g., gateway, terminal, switch, repeater, router), an application-specific device (e.g., residential utility meter, remote sensor, set-top box, game device, mobile telephone), or a home appliance (e.g., refrigerator or dishwasher).Host 120 can be any computing and/or communication device operable to communicate and/or receive information overlink 112.Host 120 may be, for example, a server, a workstation, a mainframe computer, a mini-frame computer, a desktop computer, a laptop computer, a personal digital assistant, or any other computing or communicating device. - Field
upgradeable units 110 may be communicatively coupled to one another and to host 120 vialinks 112. As used in this disclosure, the term “communicatively coupled” refers to any direct or indirect communication between two or more elements, whether or not those elements are in physical contact with one another.Communication links 112 can be wired, fixed wireless, or mobile wireless links that use a variety of communication protocols.Communications link 112 may include any hardware, software, firmware, or combination thereof.Communications link 112 may, for example, comprise a twisted-pair telephone line, a fiber optic line, a Digital Subscriber Line (DSL), a wireless link, a USB bus, a PCI bus, an Ethernet interface, or any other suitable interface operable to assist in the communication of information to and/or from fieldupgradeable unit 110. Further, information can be transmitted overcommunications links 112 within data packets according to packet-switching protocols, such as Transaction Control Protocol (TCP)/Internet Protocol (IP), X.25, and Frame Relay. - Network 130 may comprise any wireless network, wireline network, or combination of wireless and wireline networks capable of supporting communication between network elements using ground-based and/or space-based components. Network 100 can be, for instance, a cable television network, a satellite communications network, a sensor network, or an ad-hoc wireless communications network, a data network, a public switched telephone network (PSTN), an integrated services digital network (ISDN), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), all or a portion of the global computer network known as the Internet, and/or other communication systems or combination of communication systems at one or more locations. Network 130 illustrated in
FIG. 1 is a simplified example having only a few generic elements. However, other networks having different numbers and types of elements in different configurations may benefit from embodiments of this disclosure. Network 130 can also be connected to another network, contain one or more other sub-networks, and/or be a sub-network within another network. - In an exemplary embodiment,
network 130 can be a wireless smart-grid network that monitors and controls an electrical power generation and distribution service in which the elements of such a network establishcommunication links 112 with other elements within their transmission range. For example, one field upgradeable unit may exchange information with another by relaying the information over a series of intervening elements of network 130 (or a combination of networks). -
FIG. 2 is a block diagram illustrating an exemplary fieldupgradeable unit 110 having acontroller 210.Controller 210 may include any hardware that, in combination with software and/or firmware, is capable of processing at least a portion of programs stored in fieldupgradeable unit 110. In some embodiments,controller 210 may be a system-on-chip in which substantially all components ofcontroller 210 are integrated into a single integrated device (i.e., chip). Implementing all components ofcontroller 210 on a single chip (e.g., piece of silicon) can thwart attacks by making it very time consuming and expensive for attackers to physically access and modify components of the controller. Moreover, as demonstrated hereinafter, the single chip implementation enables all of the components of the controller to be reset at once, to provide for more effective control over the security of the controller's operation. - As shown in
FIG. 2 ,controller 210 may have a central processing unit (“CPU”) 222 communicatively linked to a random access memory (“RAM”) 224, a read-only memory (“ROM”) 226,clock 228, acommunication interface 230, and adata bus 232.CPU 222 is an electronic data processing device that executes program instructions recorded in computer-readable memory devices (e.g.,RAM 224,ROM 226 or memory device 280).CPU 222 may be a general-purpose processor (e.g., INTEL), or a specialized, embedded processor (e.g., ARM). AlthoughFIG. 2 depictscontroller 210 as a single processing device,controller 210 may comprise multiple processors, a processor array, or any other suitable processor or processors. - Communications interface 230 may include hardware (e.g., modem, network interface card, etc.), software (e.g., multi-layer protocol support, protocol conversion, data processing, data modulation, codec, etc.), firmware, data or combination thereof operable to facilitate communication with one or more elements external to field
upgradeable unit 110. In some embodiments,communication interface 230 exchanges information withCPU 222 to encode and decode messages transmitted overcommunication link 112. For instance,communications interface 230 may receive a message fromCPU 222 and convert the information into data packets for transmission overcommunication link 112 according to the TCP/IP data transmission protocol. Likewise,communication interface 230 device may receive TCP/IP data packets from another one ofnodes 110 overcommunication link 112 and assemble the packets into a message before providing the information toCPU 222. Operating parameters used to configure andcontrol communications interface 230, as well as other components of fieldupgradeable unit 110, may be stored in the field-upgradeable unit 110's computer-readable data recording devices, such asRAM 224,ROM 226 ormemory device 280. - In some embodiments, updates of
memory device 280 can be limited by astate machine 270.State machine 270 may preventcontroller 210 from altering the contents ofnon-volatile memory 280. In this way, for example,state machine 270 may protect thenon-volatile memory 280 so that updates may only be performed under particular conditions. -
State machine 270 may be a digital logic device having a limited number of predefined states, transitions between those states, and actions.State machine 270 may be controlled by a hardware digital circuit comprised of one or more programmable logic devices, programmable logic controllers, data registers, logic gates and flip flops, for example. - A
bootloader 282 innon-volatile memory 280 includes instructions that are to be executed by thecontroller 210 whenever thecontroller 210 is in an initialization state, such as when thecontroller 210 is first powered up or is rebooted or otherwise reset. In order for field-upgradeable unit 110 to perform an update ofbootloader 282 innon-volatile memory 280, it may be required thatstate machine 270 is in a particular state that enables the access and/or alteration of thememory device 280. While in such a state,controller 210 may be prevented from executing software, which may be insecure and/or corrupted by an attacker. For example, after fieldupgradeable unit 110 is reset,controller 210 may execute firmware stored inROM 226 that updates the memory device's contents. The firmware may disable changes tomemory device 280 before relinquishingcontroller 210 to execute the software. - In some embodiments, the firmware stored in
ROM 226 may be such that, when executed, it placesstate machine 270 in the update state after a hardware reset of fieldupgradeable unit 110. Firmware may triggerstate machine 270 to enter the update state by storing a predetermined value, such as a specific command. For instance, the firmware may write the value to a specified register inRAM 224, and then reset theunit 110. The value stored in this register persists across the reset operation. - In some instances, the firmware can only trigger
state machine 270 to exit the update state, but not the reverse direction. As such, the only mechanism to enable an update is through resetting ofcontroller 210. By doing so, it may be ensured that fieldupgradeable unit 110 is in a secure state before performing an update.Non-volatile memory device 280 may include hardware, software, firmware, or a combination thereof operable to store and to retrieve information, including computer-readable program instructions and data.Memory device 280 may be, for instance, a semiconductor, magnetic or optical-based information storage/retrieval device (e.g., flash memory, hard disk drive, CD-ROM, flash RAM). Althoughmemory device 280 is depicted as a single medium,memory device 280 may comprise a number of storage media.Memory device 280 could reside entirely withincontroller 210 or, in other embodiments, a part could reside in a location that is outside ofcontroller 210. In some embodiments, it is required that at least one part ofnon-volatile memory device 280 reside inside thecontroller 210. - Information stored on
memory device 280 may include, for example, software, firmware, code, portions of code, data compilations, a combination of these and/or other type of information. As shown inFIG. 2 ,memory device 280 may includebootloader 282 andupdate module 284. In some embodiments (not shown), some or all ofupdate module 284 may be hardwired logic inROM 226 to ensure the module is secure and cannot be changed by an attacker.Memory device 280 may also store one or more keys for use in cryptographic operations. In some embodiments, keys stored onmemory device 280 includepublic keys 287 corresponding to, for example, private keys ofhost 120 or some other trusted authority. Further,memory device 280 can store fieldupgradeable unit 110's secret and/orprivate keys 287.Memory device 280 can also store other information used in cryptographic operations performed by fieldupgradeable unit 110. - In some embodiments,
bootloader 282 may load a secondary stage bootloader frommemory device 280 if the secondary stage bootloader is properly signed. “Properly signed” means signed with a private key (e.g., private key of host 120) associated with one of the public keys 287 (e.g., a “current key” or a “next key” used in a key management protocol of a wireless network security standard, such as “Wired Equivalent Privacy”) inmemory device 280. - Field
upgradeable unit 110 can be updated periodically, randomly and/or manually (i.e., on command). For instance, information received over network 130 (e.g., from anothernode 110 or host 120), may triggernode 110 to perform an update. The update information may be pushed to or pulled by field-upgradeable unit 110. In some embodiments, the provision of update information to field-upgradeable unit 110 may be initiated by network 130 (e.g., from anothernode 110 orhost 120.) Alternatively or additionally, field-upgradeable unit 110 may retrieve updated information fromnetwork 130. - Field
upgradeable unit 110 may receive update information from a variety of sources. For instance, a technician may manually couple a device containing an update object to fieldupgradeable unit 110. In other instances, fieldupgradeable unit 110 may receive the update information overnetwork 130, via acommunication link 112, fromhost 120 or another one of fieldupgradeable units 110. Communicating the update information throughnetwork 130 is performed, for example, when the update object is stored on another device innetwork 130. - For the sake of clarity and simplicity, the exemplary embodiments describe update information that corresponds to field
upgradeable unit 110'sbootloader 282. This disclosure, of course, is not so limited. The update information may comprise, for example, any software, firmware, codes, keys, data compilations, software applications, the state of hardware (e.g., voltage levels of a control pin), and/or combinations of these or any other type of information. -
FIG. 3 is a functional diagram of an exemplary memory allocation in a fieldupgradeable unit 110. In this example, the allocated memory includes secure non-volatile memory in thememory device 280, and non-secure memory, e.g., volatile memory that persists across a hardware reset. As illustrated,memory device 280 can be functionally divided into several portions, including an active portion 305and aninactive portion 310. Initially,active portion 305 ofmemory device 280 may store two keys, wherein the first key is a current key and the second key is the next key, one or both of which may be used to sign and authenticate the firmware. Also shown inFIG. 3 is anupdate object 320 that may be used to upgrade the information stored inmemory device 280 of fieldupgradeable unit 110.Update object 320 may include update information that is formatted into a number of sections, including: update information (e.g., program instructions for a bootloader),Key 1,Key 2,Key 3,Signature 1,Signature 2, andSignature 3. In some embodiments, theupdate object 320 may have an associatedupdate signature 321 that may be provided with (such as being appended to) theupdate object 320.Key 1,Key 2,Key 3,Signature 1,Signature 2, andSignature 3 may, for example, support a key management protocol used by the operator ofnetwork 130. - Secure
non-volatile memory device 280 may operate as a “read-only” memory except in certain circumstances, such as when fieldupgradeable unit 110 is placed in an “update mode” and/orstate machine 270 is in the “update state.” In some embodiments, fieldupgradeable unit 110 enters update mode after being reset. Reset may occur remotely or locally. A reset may also be remotely commanded by another fieldupgradeable unit 110, host 120 or a central authority (not shown) vianetwork 130. In addition, reset may be locally commanded by a physical interface, such as special pin and/or connector (e.g., a Joint Test Access Group (“JTAG”) port). More specifically,controller 210 hardware can be configured to detect that update mode is requested by, for instance, monitoring a particular signal, pin or memory register. - Whether
memory device 280 is updateable may be controlled by the state ofstate machine 270. For instance, so long asstate machine 270 is not in the update state,non-volatile memory device 280 may function as a read-only device. Upon receiving a predetermined command fromcontroller 210, such as due to the execution ofupdate module 284 in response to receipt of an update object,state machine 270 may placememory 280 into an update state that enables information to be written intonon-volatile memory device 280. - In some embodiments, once field
upgradeable unit 110 is in the update mode, and/orstate machine 270 is in the update state,controller 210 may erase allkeys 287 frommemory device 280. The erasure may be performed as disclosed in copending application number 12/493,707, titled “Integrated Cryptographic Security Module for a Network Node”. In such a situation, if fieldupgradeable unit 110 is placed into the update mode for any reason, includingreprogramming memory device 280, the fieldupgradeable unit 110 must be recertified to rejoinnetwork 130 afterwards. As such, if an attacker were to initiate the update mode, field-upgradeable unit 110 cannot rejoinnetwork 130 without being recertified into the network and/or without receiving a new certificate and/orkeys 287 fromhost 120, anothernode 110 or a central authority (not shown). -
Update module 284 may place fieldupgradeable unit 110 into update mode by storingupdate object 320, and its associatedupdate signature 321, if present, innon-secure memory 315 located outside thememory device 280.Update module 284 may then initiate an update by writing a predetermined value, such as an update command, to apredefined location 317 in thememory 315, e.g., a specified command register. - In one embodiment, the state machine can be a two-state device. The two states can be designated “Write-Enable”, in which data is permitted to be written into the non-volatile memory device, and “Write-Disable”, which causes the memory device to function as a read-only memory.
- All interrupts and exceptions may be disabled by execution of an
update module 284 bycontroller 210. For example,update module 284 may causecontroller 210 to reset and restart using firmware stored inROM 226 ormemory device 280 that does not include and/or enable interrupt or exception handling software. Alternatively,update module 284 may controlCPU 222 to terminate any processes for interrupt or exception handling, such as interrupthandler 286 andexception handler 288. - If field
upgradeable unit 110 is in the update mode,controller 210 may execute special upgrade code stored in, for example,ROM 226. Otherwise,controller 210 may execute the normal startup code (e.g., a bootloader). Alternatively,update module 284 may initiate the update mode by triggeringstate machine 270 to readpredefined location 317 in thememory 315.Controller 210 can monitorlocation 317 and switch into the update mode once this has occurred.Update module 284 can then verify that the information in averification area 319 is authentic (e.g., a bootloader provided by an operator ofnetwork 130 and/or received from a trusted source). - One example of the verification process is described hereinafter with reference to the
exemplary update object 320 illustrated inFIG. 3 . As noted previously, the update information comprises the particular firmware or software for the fieldupgradeable unit 110 that is to be updated, e.g. bootloader code.Key 1 corresponds to the “current key” andKey 2 corresponds to the “next key” among thepublic keys 287 stored in thememory device 280.Key 3 is a new key being provided with the update.Signature 1 is generated (such as by thehost 120 or, for example, at the request of the host 120) from the update information, using the private key of thehost 120 that corresponds topublic Key 1. In one embodiment, the update information itself may be signed with the private key to generate the signature. In another embodiment, described hereinafter, a hash of the update information is first created, and this hash is then signed with the private key to generateSignature 1. In a similar manner,Signature 2 andSignature 3 are generated by signing the update information, or a hash of the update information, with the private keys that correspond toKey 2 andKey 3. In some embodiments, anupdate signature 321 associated with theupdate object 320 may also be generated (again, for example, such as by the host 120) by creating a hash of all of the other elements of the update object, namely the update information,Key 1,Key 2,Key 3,Signature 1,Signature 2 andSignature 3, and signing that hash with the private key of thehost 120 that corresponds toKey 1. - Upon receiving the
update object 320, theupdate object 320 and sgnature 321, if present, are loaded into averification portion 319 of the non-secure memory. An update command is loaded into thepredefined location 317, e.g. a command register. Thecontroller 210 is then instructed to perform a hardware reset. For the embodiment employing a state machine having two states, the reset causes the state machine to be set to the “Write-Enable” state. Upon reset, thecontroller 210 first executes trusted code stored in a secure location, e.g. hardwired firmware in theROM 226. The code first checks to see whether a request has been issued to perform an update, e.g. an update command is stored in thecommand register 319. If not, the code resets the state machine to the “Write-Disabled” state, and transfers control to bootloader software stored in theactive portion 305 of the securenon-volatile memory device 280. - If the value stored in the
predefined location 317 indicates that an update operation is to be performed, thecontroller 210 validates the command, e.g. checks whether it is on a list of valid commands. For embodiments in which the update object is accompanied by an update signature, after validation of the command the controller applies its current public key (corresponding to Key 1) to theupdate signature 321 stored in theverification portion 319, to determine a hash value, identified as “hash 1” for reference purposes. The controller separately generates a hash value, identified as “hash 2”, from the contents of theupdate object 320, namely the update information,Key 1,Key 2,Key 3,Signature 1,Signature 2 andSignature 3.Hash 1 andhash 2 are compared, and if they match, the update object is determined to be authentic. - Thereafter, the
controller 210 calculates a hash of the update information, identified as “hash 3”.Key 1 is applied toSignature 1 to determine a hash value, identified as “hash 4”.Hash 3 and hash 4 are compared to see if they match one another. In asimilar manner Key 2 is used to generate a hash value fromSignature 2, andKey 3 is used to generate a hash value fromSignature 3. Each of these generated hash values is also compared withhash 3, to determine whether they match. If the calculated value forhash 3 matches each of the hash values generated from the signatures, theupdate object 320 is verified. - If the verification fails at any point,
update module 284 may cause the update mode to end andcause node 110 to start (or restart) normal operation without updating or affecting the content ofmemory device 280.Update module 284 may also restart thecontroller 210 using the existing information inactive portion 305 ofmemory device 280 - If all verifications pass,
update module 284copies Key 2,Key 3, and the update information (which, as discussed above, may be a new bootloader) into theinactive portion 310 ofsecure memory device 280. Another verification may be performed to make sure that all data was copied correctly. If there is no failure,update module 284 sends a command to swap betweenactive portion 305 andinactive portion 310. This swap may be carried out physically, by rewriting the contents ofactive portion 305 with the contents ofinactive portion 310. Alternatively, it can be performed logically, by changing the value of a reference, e.g., a pointer, from the starting address ofportion 305 of the memory to the starting address ofportion 310 of the memory, thereby makingportion 310 the new active portion. As a result of this swap,Key 2 becomes the current key,Key 3 becomes the next key, the new bootloader becomes thecurrent bootloader 282, andKey 1 is discarded. - To further secure the update of
memory device 280, ifupdate module 284 detects any access to a memory address outside of the predefined range forcontroller 210 “upgrade-safe devices” after entering update mode,memory device 280 may controlunit 110 to exit from the update mode without affecting thememory device 280's content. Upgrade-safe devices may be memory blocks inside controller 210 (e.g.,RAM 224 or ROM 226) such that reprogramming by an attacker would be very time consuming and/or expensive, and would also require physical access tocontroller 210 by the attacker. The same result may occur ifcontroller 210 detects any interrupts or exceptions. By doing so, an attacker may be prevented from executingupdate module 284 from any external device or executing thecontroller 210 internal code from any entry point while thecontroller 210 hardware is in the update mode. - Once the verification and transfer of the update object to the active portion of memory is complete, the trusted code resets the state machine to the “Write-Disable” state, and transfers control to the bootloader software. By performing these operations in trusted code that cannot be changed in the field during updates, e.g. hardwired ROM firmware, and resetting the state machine to the “Write-Disable” state before transferring execution to other, updateable firmware, protection from unauthorized alteration of the keys and other updateable objects is enhanced.
- In the foregoing example, a hardware reset of the controller is employed as the mechanism to initiate an update. In another embodiment, the update procedure may be initiated by a call to a secure update function stored in the ROM or other secure memory. In this implementation, the trusted code being called can itself set the state machine to the “Write-Enable” state, as well as disable all interrupts and exceptions, as part of the update process.
- In yet another embodiment, the secure update function need not be automatically executed upon the occurrence of a reset. Rather, after reset, the controller can first check the
predefined location 317 in memory, and determine whether an update command is stored there. If so, it first validates the command and then proceeds to execute the update code stored in the ROM. In this embodiment as well, the update code can set the state machine to the “Write Enable” state instead of having it automatically set to that state by the hardware reset. To ensure proper operation of the update code, a program counter can be used to inhibit the execution of the code if it starts at any location other than the memory address for the first instruction line of the code. In that manner, the state machine will be set to the “Write Enable” state before any other operations are performed that require access to thenon-volatile memory device 280. -
FIG. 4 is a process flow chart illustrating steps performed by an exemplary fieldupgradeable unit 110. First, fieldupgradeable unit 110 may receive a signedupdate object 320, and optional update signature, in association with one or more keys (e.g.,Key 1,Key 2, Key 3) atStep 405. As described above, the object may be provided directly, such as by a host device operated by a technician, or indirectly, such as overnetwork 130. - In some embodiments, field
upgradeable unit 110 may only enter update mode if a predetermined value is stored in apredefined location 317 of memory (Step 407, “Yes”). Otherwise, the update object cannot be stored in memory 280 (Step 408). Furthermore,state machine 270 may be triggered to enter an update state based on whether the predetermined value is stored in thepredefined location 317 ofmemory device 280. Whenstate machine 270 is not in the update state,controller 210 and any software executed by the controller, such asupdate module 284, may be prevented from modifying the information stored inmemory device 280. - Before installing the update object, field
upgradeable unit 110 may place itself in update mode (step 410), in which fieldupgradeable unit 110 disables its interrupthandler 286 and exception handler 288 (step 415) to prevent tampering with the unit during update. For instance, in response to the receipt of an update object, fieldupgradeable unit 110 may restart using a secure, update mode in which exceptions and interrupts are disabled. - After
update object 320, andoptional update signature 321, are stored inverification portion 319,update module 284 may authenticate the data in verification portion 319 (Step 420), for example as described previously. If authentication fails (step 425, “No”), the upgrade process ends and/or restarts (Step 430). If authentication passes (step 425, “Yes”), thebootloader 282 and/orKey 2 andKey 3 are copied toinactive portion 310 of memory device 280 (Step 435). In some embodiments, the copies ininactive portion 310 are verified again to ensure that no changes occurred during copying (Step 440). - If
update module 284 determines thatbootloader 282,Key 2 andKey 3 were successfully copied (step 445, “Yes”) toinactive portion 310,update module 284 swaps theinactive portion 310 and theactive portion 305 ofmemory device 280, such that theinactive portion 310, including the new key and bootloader, becomes active automatically (Step 450). Fieldupgradeable unit 110 may then restart (i.e., reboot) using thenew bootloader 282 and keys. In addition, after performing an update, field upgradeable unit may be required to rejoinnetwork 130 including, for example, obtaining a new network certificate from anothernode 110 orhost 120. - The exemplary systems and methods described above provide for the secure updating of network devices such that, if network keys are stolen by an attacker, the keys can be replaced before the attacker has an opportunity to make use of them. Furthermore, by providing the above-described cryptographic, procedural and physical security, the exemplary network devices prevent an attacker from compromising a device's keys or update object while the device is being updated.
- As disclosed herein, embodiments and features of the invention can be implemented through computer hardware and/or software. While illustrative embodiments of the invention have been described herein, further embodiments can include equivalent elements, modifications, omissions, combinations (e.g., of aspects across various embodiments), adaptations and/or alterations as would be appreciated by those in the art based on the present disclosure. Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments of the invention disclosed herein. Further, the steps of the disclosed methods can be modified in various manners, including by reordering steps and/or inserting or deleting steps, without departing from the principles of the invention. It is therefore intended that the specification and embodiments be considered as exemplary only.
Claims (18)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/486,348 US20170250818A1 (en) | 2009-08-11 | 2017-04-13 | Method and System for Securely Updating Field Upgradeable Units |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US23305709P | 2009-08-11 | 2009-08-11 | |
US12/854,117 US9652755B2 (en) | 2009-08-11 | 2010-08-10 | Method and system for securely updating field upgradeable units |
US15/486,348 US20170250818A1 (en) | 2009-08-11 | 2017-04-13 | Method and System for Securely Updating Field Upgradeable Units |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/854,117 Continuation US9652755B2 (en) | 2009-08-11 | 2010-08-10 | Method and system for securely updating field upgradeable units |
Publications (1)
Publication Number | Publication Date |
---|---|
US20170250818A1 true US20170250818A1 (en) | 2017-08-31 |
Family
ID=43031525
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/854,117 Active 2035-03-17 US9652755B2 (en) | 2009-08-11 | 2010-08-10 | Method and system for securely updating field upgradeable units |
US15/486,348 Abandoned US20170250818A1 (en) | 2009-08-11 | 2017-04-13 | Method and System for Securely Updating Field Upgradeable Units |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/854,117 Active 2035-03-17 US9652755B2 (en) | 2009-08-11 | 2010-08-10 | Method and system for securely updating field upgradeable units |
Country Status (4)
Country | Link |
---|---|
US (2) | US9652755B2 (en) |
AR (1) | AR077857A1 (en) |
TW (1) | TWI436236B (en) |
WO (1) | WO2011019390A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180095769A1 (en) * | 2016-10-03 | 2018-04-05 | Schneider Electric It Corporation | System and method for updating device software |
US10282189B2 (en) * | 2016-06-30 | 2019-05-07 | Synaptics Incorporated | Updating program code stored in an external non-volatile memory |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102010062908B4 (en) * | 2010-12-13 | 2012-10-31 | Siemens Aktiengesellschaft | Method for parameterizing a device, parameterizable device and Parameterisationvorrtchtung |
US9026805B2 (en) | 2010-12-30 | 2015-05-05 | Microsoft Technology Licensing, Llc | Key management using trusted platform modules |
US9111099B2 (en) * | 2011-05-31 | 2015-08-18 | Red Hat, Inc. | Centralized kernel module loading |
TWI467485B (en) * | 2011-06-07 | 2015-01-01 | Insyde Software Corp | Verification of the basic input and output system update method, the computer can read the recording media and computer program products |
US9021246B2 (en) * | 2011-10-28 | 2015-04-28 | GM Global Technology Operations LLC | Method to replace bootloader public key |
US8281119B1 (en) * | 2011-11-22 | 2012-10-02 | Google Inc. | Separate normal firmware and developer firmware |
US9008316B2 (en) * | 2012-03-29 | 2015-04-14 | Microsoft Technology Licensing, Llc | Role-based distributed key management |
WO2014177904A1 (en) * | 2013-04-29 | 2014-11-06 | Freescale Semiconductor, Inc. | Memory controller |
US9086985B2 (en) | 2013-07-16 | 2015-07-21 | Honeywell International Inc. | Unpowered data-transfer device |
EP3031195B1 (en) * | 2013-08-05 | 2022-03-02 | Nokia Technologies Oy | Secure storage synchronization |
US9510195B2 (en) * | 2014-02-10 | 2016-11-29 | Stmicroelectronics International N.V. | Secured transactions in internet of things embedded systems networks |
CN106104561B (en) * | 2014-03-28 | 2019-10-22 | 惠普发展公司,有限责任合伙企业 | Allow the method and apparatus for installing and using test key for BIOS |
TW201619866A (en) | 2014-11-20 | 2016-06-01 | 萬國商業機器公司 | Method of customizing appliances |
CN104503786B (en) * | 2014-12-15 | 2020-10-16 | 小米科技有限责任公司 | Firmware refreshing method and device |
AU2015374202B2 (en) * | 2014-12-29 | 2019-02-14 | Visa International Service Association | Over-the-air provisioning of application library |
US10114747B2 (en) * | 2015-05-13 | 2018-10-30 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Systems and methods for performing operations on memory of a computing device |
US20180375730A1 (en) * | 2017-06-23 | 2018-12-27 | Infinera Corporation | Technique for verification of newtork state after device upgrades |
US11042138B2 (en) * | 2018-10-09 | 2021-06-22 | Johnson Controls Technology Company | Auto detection of signature and native reference changes from data sources |
KR102567097B1 (en) * | 2018-12-05 | 2023-08-14 | 삼성전자주식회사 | Method for updating Boot ROM of Embedded system and booting of thereof |
CN110601851B (en) * | 2019-09-12 | 2021-06-04 | 腾讯科技(深圳)有限公司 | Method, apparatus, medium, and device for replacing identity credentials in a blockchain network |
TWI720694B (en) * | 2019-11-18 | 2021-03-01 | 中華電信股份有限公司 | Device and method of burning authentication with time sequence algorithm |
JP7362583B2 (en) * | 2020-09-23 | 2023-10-17 | 株式会社東芝 | information processing equipment |
US11816076B2 (en) * | 2021-01-14 | 2023-11-14 | Salesforce, Inc. | Declarative data evacuation for distributed systems |
TWI784500B (en) * | 2021-04-28 | 2022-11-21 | 威鋒電子股份有限公司 | Electronic apparatus and firmware secure update method thereof |
CN115421756B (en) * | 2022-09-16 | 2023-07-18 | 杭州云动智能汽车技术有限公司 | Service type gateway upgrading method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6223284B1 (en) * | 1998-04-30 | 2001-04-24 | Compaq Computer Corporation | Method and apparatus for remote ROM flashing and security management for a computer system |
US20060248172A1 (en) * | 2003-06-24 | 2006-11-02 | Thomas Zurawka | Method for updating software of an electronic control device by flash programming via a serial interface and corresponding automatic state machine |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5826015A (en) * | 1997-02-20 | 1998-10-20 | Digital Equipment Corporation | Method and apparatus for secure remote programming of firmware and configurations of a computer over a network |
US6243809B1 (en) * | 1998-04-30 | 2001-06-05 | Compaq Computer Corporation | Method of flash programming or reading a ROM of a computer system independently of its operating system |
US7111292B2 (en) * | 2001-09-10 | 2006-09-19 | Texas Instruments Incorporated | Apparatus and method for secure program upgrade |
EP1357454A1 (en) | 2002-04-23 | 2003-10-29 | Hewlett-Packard Company | Data processing system and method with protected BIOS |
US7774619B2 (en) * | 2004-11-17 | 2010-08-10 | Broadcom Corporation | Secure code execution using external memory |
US20060159269A1 (en) * | 2005-01-20 | 2006-07-20 | Matsushita Electric Industrial Co., Ltd. | Cryptographic system for resource starved CE device secure upgrade and re-configuration |
US9627081B2 (en) * | 2007-10-05 | 2017-04-18 | Kinglite Holdings Inc. | Manufacturing mode for secure firmware using lock byte |
-
2010
- 2010-08-10 US US12/854,117 patent/US9652755B2/en active Active
- 2010-08-11 WO PCT/US2010/002210 patent/WO2011019390A1/en active Application Filing
- 2010-08-11 AR ARP100102950A patent/AR077857A1/en unknown
- 2010-08-11 TW TW099126719A patent/TWI436236B/en not_active IP Right Cessation
-
2017
- 2017-04-13 US US15/486,348 patent/US20170250818A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6223284B1 (en) * | 1998-04-30 | 2001-04-24 | Compaq Computer Corporation | Method and apparatus for remote ROM flashing and security management for a computer system |
US20060248172A1 (en) * | 2003-06-24 | 2006-11-02 | Thomas Zurawka | Method for updating software of an electronic control device by flash programming via a serial interface and corresponding automatic state machine |
Non-Patent Citations (1)
Title |
---|
Ron White, How Computers Work, 7th Ed, 2003 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10282189B2 (en) * | 2016-06-30 | 2019-05-07 | Synaptics Incorporated | Updating program code stored in an external non-volatile memory |
US20180095769A1 (en) * | 2016-10-03 | 2018-04-05 | Schneider Electric It Corporation | System and method for updating device software |
US10241803B2 (en) * | 2016-10-03 | 2019-03-26 | Schneider Electric It Corporation | System and method for updating device software |
Also Published As
Publication number | Publication date |
---|---|
US20110040960A1 (en) | 2011-02-17 |
WO2011019390A1 (en) | 2011-02-17 |
US9652755B2 (en) | 2017-05-16 |
AR077857A1 (en) | 2011-09-28 |
TW201109969A (en) | 2011-03-16 |
TWI436236B (en) | 2014-05-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20170250818A1 (en) | Method and System for Securely Updating Field Upgradeable Units | |
US9594909B2 (en) | Software updating apparatus, software updating system, invalidation method, and invalidation program | |
US11843705B2 (en) | Dynamic certificate management as part of a distributed authentication system | |
US8464347B2 (en) | Software updating apparatus, software updating system, alteration verification method and alteration verification program | |
JP5543949B2 (en) | Control device and monitor program | |
CN102063591B (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
US8745735B2 (en) | Monitoring system, program-executing device, monitoring program, recording medium and integrated circuit | |
EP2727040B1 (en) | A secure hosted execution architecture | |
US20080184341A1 (en) | Master-Slave Protocol for Security Devices | |
JP6385842B2 (en) | Information processing terminal, information processing method, and information processing system | |
US20100313011A1 (en) | Identity Data Management in a High Availability Network | |
CN102165457A (en) | Ticket authorized secure installation and boot | |
JP3863401B2 (en) | Software processing device | |
US11899777B2 (en) | Memory module authentication extension | |
JP2007336040A (en) | Program management system and terminal | |
JP7356483B2 (en) | Information processing device, authenticity verification method, and program | |
CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
CN107943508A (en) | It is a kind of based on service processor as the renewable BIOS update methods for trusting root | |
WO2018092289A1 (en) | Information processing device | |
CN112487500B (en) | Authentication method | |
CN118627076A (en) | BIOS firmware security verification method and server | |
CN118922831A (en) | Advanced firmware lock | |
CN115935335A (en) | Firmware starting method, chip and computing equipment | |
CN115048640A (en) | Anti-rollback method and device for terminal, computer readable storage medium and computing equipment | |
CN114721693A (en) | Microprocessor, BIOS firmware updating method, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, NORTH CAROLINA Free format text: SECURITY INTEREST;ASSIGNORS:ITRON, INC.;ITRON NETWORKED SOLUTIONS, INC.;REEL/FRAME:045017/0893 Effective date: 20180105 Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, NORTH CARO Free format text: SECURITY INTEREST;ASSIGNORS:ITRON, INC.;ITRON NETWORKED SOLUTIONS, INC.;REEL/FRAME:045017/0893 Effective date: 20180105 |
|
AS | Assignment |
Owner name: ITRON NETWORKED SOLUTIONS, INC., WASHINGTON Free format text: CHANGE OF NAME;ASSIGNOR:SILVER SPRING NETWORKS, INC.;REEL/FRAME:045221/0804 Effective date: 20180105 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |