Secure Software Updates for IoT Based on Industry Requirements

Ludwig Seitz; Marco Tiloca; Martin Gunnarsson; Rikard Höglund

doi:10.5220/0011790100003405

Secure Software Updates for IoT Based on Industry Requirements

Ludwig Seitz, Marco Tiloca, Martin Gunnarsson, Rikard Höglund

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

Abstract

This paper analyzes the problem and requirements of securely distributing software updates over the Internet,
to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures
controlling a physical system, such as power grids and water supply systems. We present a novel approach
that allows to securely distribute software updates of different types, e.g., device firmware and customer applications,
and from sources of different type, e.g., device operators, device manufacturers and third-party library
providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update
process, while ensuring both authenticity and confidentiality of the distributed software updates.

Original language	English
Title of host publication	Proceedings of the 9th International Conference on Information Systems Security and Privacy
Publisher	SciTePress
Pages	698-705
Number of pages	8
Volume	1
ISBN (Electronic)	9789897586248
DOIs	https://doi.org/10.5220/0011790100003405
Publication status	Published - 2023 Feb 22
Externally published	Yes
Event	9th International Conference on Information Systems Security and Privacy, ICIPSS 2023 - Lisbon, Portugal Duration: 2023 Feb 22 → 2023 Feb 24

Conference

Conference	9th International Conference on Information Systems Security and Privacy, ICIPSS 2023
Country/Territory	Portugal
City	Lisbon
Period	2023/02/22 → 2023/02/24

Subject classification (UKÄ)

Computer Engineering

Free keywords

Security
Software Update
Industrial Control Systems
Internet of things

Access to Document

10.5220/0011790100003405Licence: CC BY-NC-ND

Cite this

@inproceedings{a1864d617e66405390ef193a17aef97c,

title = "Secure Software Updates for IoT Based on Industry Requirements",

abstract = "This paper analyzes the problem and requirements of securely distributing software updates over the Internet, to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures controlling a physical system, such as power grids and water supply systems. We present a novel approach that allows to securely distribute software updates of different types, e.g., device firmware and customer applications, and from sources of different type, e.g., device operators, device manufacturers and third-party library providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update process, while ensuring both authenticity and confidentiality of the distributed software updates.",

keywords = "Security, Software Update, Industrial Control Systems, Internet of things",

author = "Ludwig Seitz and Marco Tiloca and Martin Gunnarsson and Rikard H{\"o}glund",

year = "2023",

month = feb,

day = "22",

doi = "10.5220/0011790100003405",

language = "English",

volume = "1",

pages = "698--705",

booktitle = "Proceedings of the 9th International Conference on Information Systems Security and Privacy",

publisher = "SciTePress",

note = "9th International Conference on Information Systems Security and Privacy, ICIPSS 2023 ; Conference date: 22-02-2023 Through 24-02-2023",

}

Seitz, L, Tiloca, M, Gunnarsson, M & Höglund, R 2023, Secure Software Updates for IoT Based on Industry Requirements. in Proceedings of the 9th International Conference on Information Systems Security and Privacy. vol. 1, 110, SciTePress, pp. 698-705, 9th International Conference on Information Systems Security and Privacy, ICIPSS 2023, Lisbon, Portugal, 2023/02/22. https://doi.org/10.5220/0011790100003405

TY - GEN

T1 - Secure Software Updates for IoT Based on Industry Requirements

AU - Seitz, Ludwig

AU - Tiloca, Marco

AU - Gunnarsson, Martin

AU - Höglund, Rikard

PY - 2023/2/22

Y1 - 2023/2/22

N2 - This paper analyzes the problem and requirements of securely distributing software updates over the Internet, to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures controlling a physical system, such as power grids and water supply systems. We present a novel approach that allows to securely distribute software updates of different types, e.g., device firmware and customer applications, and from sources of different type, e.g., device operators, device manufacturers and third-party library providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update process, while ensuring both authenticity and confidentiality of the distributed software updates.

AB - This paper analyzes the problem and requirements of securely distributing software updates over the Internet, to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures controlling a physical system, such as power grids and water supply systems. We present a novel approach that allows to securely distribute software updates of different types, e.g., device firmware and customer applications, and from sources of different type, e.g., device operators, device manufacturers and third-party library providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update process, while ensuring both authenticity and confidentiality of the distributed software updates.

KW - Security

KW - Software Update

KW - Industrial Control Systems

KW - Internet of things

UR - https://www.scopus.com/pages/publications/85163739130

U2 - 10.5220/0011790100003405

DO - 10.5220/0011790100003405

M3 - Paper in conference proceeding

VL - 1

SP - 698

EP - 705

BT - Proceedings of the 9th International Conference on Information Systems Security and Privacy

PB - SciTePress

T2 - 9th International Conference on Information Systems Security and Privacy, ICIPSS 2023

Y2 - 22 February 2023 through 24 February 2023

ER -

Secure Software Updates for IoT Based on Industry Requirements

Abstract

Conference

Subject classification (UKÄ)

Free keywords

Access to Document

Other files and links

Fingerprint

Cite this