Securing Over-the-Air Code Updates in Wireless Sensor Networks

Securing Over-the-Air Code Updates in Wireless Sensor Networks

Christian Wittke (Leibniz-Institut für innovative Mikroelektronik, Germany), Kai Lehniger (Leibniz-Institut für innovative Mikroelektronik, Germany), Stefan Weidling (Leibniz-Institut für innovative Mikroelektronik, Germany) and Mario Schoelzel (Leibniz-Institut für innovative Mikroelektronik, Germany)
DOI: 10.4018/978-1-5225-7332-6.ch013
OnDemand PDF Download:
No Current Special Offers


With the growing number of wireless devices in the internet of things (IoT), maintenance and management of these devices has become a key issue. In particular, the ability to wirelessly update devices is a must in order to fix security issues and software bugs, or to extend firmware functionality. Code update mechanisms in wireless sensor networks (WSNs), a subset of IoT networks, must handle limited resources and strict constraints. Also, over-the-air (OTA) code updates in the context of an IoT ecosystem may open new security vulnerabilities. An IoT security framework should therefore be extended with additional mechanisms to secure the OTA code update functionality. The chapter presents an overview of various OTA code update techniques for WSNs and their security flaws along with some existing attacks and possible countermeasures. It is discussed which attacks can be used more easily with the code update functionality. Countermeasures are compared as to whether they secure the weakened security objectives, giving a guideline to choose the right combination of countermeasures.
Chapter Preview


With the growing number of wireless devices in the Internet of Things (IoT), maintaining and managing these devices has become a key issue. In particular, the ability to wirelessly update devices is a must in order to fix security issues and software bugs, or to extend firmware functionality. Recent attacks, such as the Mirai Distributed-Denial-of-Service (DDoS) attack (Kolias, Kambourakis, Stavrou, & Voas, 2017), where IoT devices were used as a botnet, have shown that IoT can be used very easily to cause serious damage.

Thereby, code update mechanisms in these devices must cope with limited computational resources, power constraints, and limited bandwidth for communication. On top of that, the capability of wireless code updates also opens new security vulnerabilities in these systems.

Wireless Sensor Networks (WSNs) are a subset of IoT networks that are suited for long time operations without any human interaction. The elements of the network, called nodes, are mostly battery powered. For this reason, the resource restriction in terms of power consumption is even more critical than in classical IoT applications. Classical security measures may be impractical because of these restrictions. Focusing on WSNs is therefore useful because they represent an edge case for IoT applications.

When the over-the-air (OTA) code update feature for devices is placed in the context of an IoT ecosystem (Rahman, Daud, & Mohamad, 2016), it becomes clear that additional measures are needed to prevent the opening of new security holes. An IoT ecosystem typically identifies four layers, as shown in Figure 1.

Figure 1.

OTA code update in the context of an IoT ecosystem


The code update initially affects all layers, as it passes from the users/devices/applications via the IoT fog and network to the addressed IoT devices/sensor nodes. However, potential new security vulnerabilities only affect the wireless communication between the network’s gateway and IoT devices, assuming that security mechanisms of an IoT security framework are already in place. The code update feature may allow already existing security mechanisms to be bypassed. This means that an IoT security framework (Babar, Stango, Prasad, Sen, & Prasad, 2011; Pacheco & Hariri, 2016; Rahman, Daud, & Mohamad, 2016) needs to be extended with additional mechanisms to secure the OTA code update functionality.

This chapter first presents a general overview of various OTA code update techniques for WSNs. This ranges from interpreter-based systems, over modularized systems that allow exchanging particular modules to systems where the full binary image can be replaced. Distribution protocols and techniques for improving the reliability of these updates are also presented. In particular, the authors discuss important techniques for reducing the size of the code update that must be transmitted wirelessly, taking into account some practical limitations. The authors focus on two main techniques: first, a differencing algorithm to find reusable data, or the optimal combination of instructions; second, preprocessing the binary files to increase their similarity. Examples are provided for both techniques.

Based on this overview of existing OTA code update techniques, their security flaws as well as some existing attacks and possible countermeasures are presented. Although the code update feature has several benefits, it also comes with new scopes from the attacker’s point of view. For this reason, securing the code update is a very important issue. Therefore, the authors will present a classification of security threats and discuss which of them can be used more easily with code update functionality. In particular, the authors will show which of the basic security objectives confidentiality, integrity, and availability are weakened and to what extent. Finally, the authors present state-of-the-art countermeasures and clearly compare them to whether they are securing the above-mentioned weakened security objectives.

Key Terms in this Chapter

Authenticity: Authenticity is a property that confirms the identity of an entity.

Over-the-Air (OTA) Programming: Methods of distributing software updates to devices using wireless communication can be taken under the term of over-the-air programming.

Asymmetric cryptography: Asymmetric cryptography or public-key cryptography is based on key pairs. It consists of a public key for encryption, known to everyone, and a private key for decryption, known only to the owner. Public-key algorithms can be used for encryption and authentication. Common algorithms are ECC (elliptic curve cryptography) and RSA (Rivest, Shamir, and Adleman cryptosystem).

Secure Erasure: Secure erasure is a process that clears all memory to remove the code on a device, including malicious code.

Heterogeneity: With regard to wireless sensor networks, the term heterogeneity refers to the property of a network to have nodes with different characteristics.

Integrity: Integrity of a WSN means that neither information nor functionality can be altered by unauthorized persons, and if they are altered, it can be detected.

Internet of Things (IoT): This widely used term refers to the idea that all physical objects are connected to the Internet and have the ability to communicate or interact with each other.

Symmetric cryptography: Symmetric cryptography is based on the use of just one key. This key is used for both encryption and decryption and is shared with all entities. Common algorithms are AES (advanced encryption standard), DES (data encryption standard), and triple-DES.

Code Attestation: Code attestation is a process used to validate the integrity of a device.

Wireless Sensor Network (WSN): A group of spatially dispersed and wirelessly communicating devices that use sensors to monitor environmental conditions such as temperature or humidity can be called wireless sensor networks. The data can be collected centrally.

Complete Chapter List

Search this Book: