In the IEEE S&P 2017, Ronen et al. exploited side-channel power analysis (SCPA) and approximately 5 000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware. Based on the recovered key, the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things (IoT) security issues. Inspired by the work of Ronen et al., we propose an AES-CCM-based firmware update scheme against SCPA and denial of service (DoS) attacks. The proposed scheme applied in IoT terminal devices includes two aspects of design (i.e., bootloader and application layer). Firstly, in the bootloader, the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time, which can effectively counter an SCPA attack. Secondly, in the application layer, using the proposed handshake protocol, the IoT device can access the IoT server to regain update permission, which can defend against DoS attacks. Moreover, on the STM32F405+M25P40 hardware platform, we implement Philips’ and the proposed modified schemes. Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps, the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.

在IEEE S＆P 2017中，Ronen等人。利用边信道功率分析（SCPA）和大约5000条功率迹线来恢复Philip Hue灯用来解密和认证新固件的全局AES-CCM密钥。根据恢复的密钥，攻击者可以创建恶意固件更新，并将其加载到Philip Hue灯中，从而引起物联网（IoT）安全问题。受到罗尼（Ronen）等人工作的启发。，我们针对SCPA和拒绝服务（DoS）攻击提出了一种基于AES-CCM的固件更新方案。在物联网终端设备中应用的拟议方案包括设计的两个方面（即引导加载程序和应用程序层）。首先，在引导加载程序中，每单位时间的更新次数受到限制，以防止攻击者在短时间内获取足够数量的有用跟踪，从而可以有效地应对SCPA攻击。其次，在应用程序层中，使用提出的握手协议，物联网设备可以访问物联网服务器以重新获得更新权限，从而可以抵御DoS攻击。此外，在STM32F405 + M25P40硬件平台上，我们实现了Philips和拟议的改进方案。实验结果表明，与飞利浦Hue智能灯的固件更新方案相比，