Full Program
Summary:
Firmware update mechanisms are a critical part of the software supply chain in IoT and embedded systems yet they remain vulnerable to a range of attacks—particularly those targeting the signing keys of firmware authors. A compromised signing key can be used to distribute malicious firmware that appears legitimate undermining the integrity of the entire update process. In this paper we address this class of attacks by introducing transparency and traceability services into the firmware update pipeline.We propose the use of a \textit{transparency registry}—an immutable append-only log where all firmware signing events are recorded. By monitoring this registry key compromise and unauthorized signing activity can be detected and mitigated. Our approach shifts trust from opaque signature validation to verifiable auditable records of signing activity.
To evaluate this approach we design and implement two systems: one based on a centralized transparency registry built using Merkle tree structures and another based on a decentralized
Author(s):
Nikos Fotiou
Greece
Lefteris Georgiadis
Greece
George Polyzos
Greece
Vasilios Siris
Greece