Attestation and Secure Code Update for Trusted Sensor Nodes

Compromised sensor nodes and potential insider attacks are a serious threat in wireless sensor networks. at is why implicit attestation protocols have been proposed for detecting compromised sensor nodes in hybrid sensor networks. ese protocols can provide evidence through attestation techniques that the soŸware of a node is unmodied. However, they are not compatible with code updates, because soŸware updates change the initial trusted system state of the node, which makes a successful attestation impossible. In addition, most existing code update protocols for wireless network reprogramming do not provide any security features or use public-key cryptography, particularly digital signatures, for protection, which needs computationally intensive operations and therefore is inapplicable to resource-constrained sensor nodes. So in this thesis, we propose a novel approach for a secure code update protocol, which provides security features to verify the wirelessly transmitted code update and is compatible with the implicit attestation protocols. For that purpose, we investigate the relevant security requirements and design a concept of our proposed protocol, which is based on the dissemination protocol Deluge and the boot loader TOSBoot. e concept includes a specication of a new image format, which comprises chained hashes and two hash-based message authentication codes for the protection and verication of the wirelessly transmitted code update. On the nodes where the update is performed, the concept species a security layer and two platform congurations, a full and a reduced conguration: In general bound to the full platform conguration, sensitive information is cryptographically linked to the reduced platform conguration during a code update to allow for updating the soŸware on top of the security layer. at way, the code update protocol provides security as well as compatibility with implicit attestation.