In the IEEE S&P 2017,Ronen et al.exploited side-channel power analysis(SCPA)and approximately 5000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware....In the IEEE S&P 2017,Ronen et al.exploited side-channel power analysis(SCPA)and approximately 5000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware.Based on the recovered key,the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things(IoT)security issues.Inspired by the work of Ronen et al.,we propose an AES-CCM-based firmware update scheme against SCPA and denial of service(DoS)attacks.The proposed scheme applied in IoT terminal devices includes two aspects of design(i.e.,bootloader and application layer).Firstly,in the bootloader,the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time,which can effectively counter an SCPA attack.Secondly,in the application layer,using the proposed handshake protocol,the IoT device can access the IoT server to regain update permission,which can defend against DoS attacks.Moreover,on the STM32F405+M25P40 hardware platform,we implement Philips'and the proposed modified schemes.Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps,the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.展开更多
The burgeoning field of artificial intelligence(AI)has led to the development of new educational approaches,particularly in the realm of gesture recognition and Internet of Things(IoT)device control.Despite these rapi...The burgeoning field of artificial intelligence(AI)has led to the development of new educational approaches,particularly in the realm of gesture recognition and Internet of Things(IoT)device control.Despite these rapid advancements,practical applications and hands-on learning opportunities remain scarce.Many learners,including students,educators,and software engineers,have limited knowledge of hardware due to a lack of exposure to IoT,AI libraries,and human–machine interfaces.This gap is exacerbated by the absence of demonstrated examples and academic hardware journals.A significant challenge lies in the cumbersome process of updating IoT firmware,which is essential for incorporating new features.This paper introduces a novel solution that eliminates the need for firmware updates.By leveraging the Python Firmata library,applications on the host computer can be updated without affecting the IoT device’s firmware.The Firmata protocol enables seamless communication between the host and microcontroller,facilitating real-time interactions.Additionally,the abstraction capabilities of AI libraries,such as MediaPipe,simplify complex tasks into manageable components.For instance,MediaPipe provides precise hand landmark coordinates,enabling direct control of simple Arduino Nano devices without requiring detailed calculations.The paper’s contributions are valuable for a wide range of professionals,including mathematicians,AI engineers,software engineers,hardware engineers,IoT engineers,and network programmers.展开更多
基金This work was supported by the National Natural Science Foundation of China under Grant Nos.61572293,61502276 and 61692276the National Cryptography Development Foundation of China under Grant No.MMJJ20170102+1 种基金the Major Scientific and Technological Innovation Projects of Shandong Province of China under Grant No.2017CXGC0704the Natural Science Foundation of Shandong Province of China under Grant No.ZR2016FM22.
文摘In the IEEE S&P 2017,Ronen et al.exploited side-channel power analysis(SCPA)and approximately 5000 power traces to recover the global AES-CCM key that Philip Hue lamps use to decrypt and authenticate new firmware.Based on the recovered key,the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things(IoT)security issues.Inspired by the work of Ronen et al.,we propose an AES-CCM-based firmware update scheme against SCPA and denial of service(DoS)attacks.The proposed scheme applied in IoT terminal devices includes two aspects of design(i.e.,bootloader and application layer).Firstly,in the bootloader,the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time,which can effectively counter an SCPA attack.Secondly,in the application layer,using the proposed handshake protocol,the IoT device can access the IoT server to regain update permission,which can defend against DoS attacks.Moreover,on the STM32F405+M25P40 hardware platform,we implement Philips'and the proposed modified schemes.Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps,the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.
文摘The burgeoning field of artificial intelligence(AI)has led to the development of new educational approaches,particularly in the realm of gesture recognition and Internet of Things(IoT)device control.Despite these rapid advancements,practical applications and hands-on learning opportunities remain scarce.Many learners,including students,educators,and software engineers,have limited knowledge of hardware due to a lack of exposure to IoT,AI libraries,and human–machine interfaces.This gap is exacerbated by the absence of demonstrated examples and academic hardware journals.A significant challenge lies in the cumbersome process of updating IoT firmware,which is essential for incorporating new features.This paper introduces a novel solution that eliminates the need for firmware updates.By leveraging the Python Firmata library,applications on the host computer can be updated without affecting the IoT device’s firmware.The Firmata protocol enables seamless communication between the host and microcontroller,facilitating real-time interactions.Additionally,the abstraction capabilities of AI libraries,such as MediaPipe,simplify complex tasks into manageable components.For instance,MediaPipe provides precise hand landmark coordinates,enabling direct control of simple Arduino Nano devices without requiring detailed calculations.The paper’s contributions are valuable for a wide range of professionals,including mathematicians,AI engineers,software engineers,hardware engineers,IoT engineers,and network programmers.
