Considering Attackers with Root Access in Embedded Linux Update Systems

Description

Bachelor’s thesis in cooperation with Fraunhofer AISEC
Considering Attackers with Root Access in
Embedded Linux Update Systems
Secure over-the-air updates become increasingly important as the number of IoT devices rises. While software updates are crucial to patch system vulnerabilities, they can also introduce new attack vectors. Our previous research indicates that most of the open-source
update solutions1 have a large Trusted Computing Base (TCB) making them susceptible to root attackers. Hence, in a previous project we have proposed SUITED, a mechanism which excludes the Linux OS from the TCB by performing all update verification and in-
stallation in the U-Boot bootloader.
The goal of this Bachelor thesis is to improve the security of an existing open-source update solution using SUITED. Therefore, a suitable solution needs to be identified and modified to perform update installation and verification in the bootloader. The feasibility of
the approach shall be demonstrated in a proof of concept (PoC) implementation.
Task Description
• Research existing embedded Linux update solutions
• Evaluate compatibility between existing solutions and SUITED
• Provide a PoC implementation of one update solution using SUITED
• Evaluate the efficiency and the security of the implementation
Requirements
• High motivation and ability to work independently
• Good C programming skills
• Preferably experience with U-Boot bootloader and/or the Yocto Toolchain.
Contact
Please send your application with current CV and transcript of records to:
Corinna Lingstädt
Secure Embedded Systems Software
Department Secure Operating Systems
corinna.lingstaedt@aisec.fraunhofer.de
Phone: +49 89 322 9986-1022

Dr. Mykolai Protsenko
Head of Research Group
Secure Embedded Systems Software
Department Secure Operating Systems
mykolai.protsenko@aisec.fraunhofer.de
Phone: +49 89 322 9986-192

1e.g. https://rauc.io/, https://mender.io/, https://sbabic.github.io/swupdate/