[Tfug] Securing firmware deployments

Bexley Hall bexley401 at yahoo.com
Wed Dec 30 15:01:55 MST 2009


Hi,

I want to be able to TFTP (et al.) firmware updates to
appliances.  *Often* (i.e., imagine deploying executables
"on demand" in this way).

Since these appliances are often *not* just "computing
devices" (i.e., they may control your HVAC, home security,
etc.), the consequences of someone/thing tampering with
an executable -- or, illegitimately installing a bogus
executable -- can have serious financial or health
impacts.

The obvious solution is to use an encrypted tunnel
for deployment.  Or, to sign the binaries (and have
the appliance refuse to load binaries with incorrect
credentials).

Of course, the lame "mass market" approach of one-size-fits-all
for credentials won't work (because folks won't know/remember
to change it -- how many routers have the password "admin"?)
which makes this *worse* than no security (since users won't
realize how they can be screwed!).

I can't go the MS route and embed a private key in the executable
since that would be visible to anyone inspecting the sources.

So, it seems like I have to come up with a way of having a
custom unique key created for each instance of each device?
I.e., a one-time "personalization" step whereby the device is
mated to whatever is going to serve up its binaries?

--don


      




More information about the tfug mailing list