Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware
This paper provides an overview of several secure boot architectures with a focus on key rotation. It expands on a practitioner note that the authors submitted to the 2023 IEEE Secure Development Conference. Key rotation is important due to the frequency of lost signing keys and the difficulty of ma...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-10-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/14/21/9942 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846173503185747968 |
|---|---|
| author | Sunil Joshi Kenneth Crowther Jarvis Robinson |
| author_facet | Sunil Joshi Kenneth Crowther Jarvis Robinson |
| author_sort | Sunil Joshi |
| collection | DOAJ |
| description | This paper provides an overview of several secure boot architectures with a focus on key rotation. It expands on a practitioner note that the authors submitted to the 2023 IEEE Secure Development Conference. Key rotation is important due to the frequency of lost signing keys and the difficulty of managing secret keys for the long lifetimes of Industrial Internet of Things (IIOT) devices. Key rotation is not simple for IIOT due to limited resources during a secure boot process and the constraints of the firmware utilities that come from the chip vendors. This paper reviews and compares five common architectures for a secure boot that are seen across the IIOT community. For each architecture, it provides some key strengths and weaknesses associated with that architecture. The paper then provides a detailed comparison and analysis of the architectures to convince the IIOT community to move towards a strong use of certificates (instead of the traditional use of raw public keys). The intent of this paper is to provide a practitioner’s perspective on these challenges and the tradeoffs in hopes of inviting comments from chip vendors and the broader community. |
| format | Article |
| id | doaj-art-0c89b8c6aa1e40588817de4a71ba2a4b |
| institution | Kabale University |
| issn | 2076-3417 |
| language | English |
| publishDate | 2024-10-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-0c89b8c6aa1e40588817de4a71ba2a4b2024-11-08T14:33:53ZengMDPI AGApplied Sciences2076-34172024-10-011421994210.3390/app14219942Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and FirmwareSunil Joshi0Kenneth Crowther1Jarvis Robinson2Enterprise Product Architecture, Cumming, GA 30040, USAProduct Security, Richmond, VA 23233, USACyber Security, Sandy Springs, GA 30328, USAThis paper provides an overview of several secure boot architectures with a focus on key rotation. It expands on a practitioner note that the authors submitted to the 2023 IEEE Secure Development Conference. Key rotation is important due to the frequency of lost signing keys and the difficulty of managing secret keys for the long lifetimes of Industrial Internet of Things (IIOT) devices. Key rotation is not simple for IIOT due to limited resources during a secure boot process and the constraints of the firmware utilities that come from the chip vendors. This paper reviews and compares five common architectures for a secure boot that are seen across the IIOT community. For each architecture, it provides some key strengths and weaknesses associated with that architecture. The paper then provides a detailed comparison and analysis of the architectures to convince the IIOT community to move towards a strong use of certificates (instead of the traditional use of raw public keys). The intent of this paper is to provide a practitioner’s perspective on these challenges and the tradeoffs in hopes of inviting comments from chip vendors and the broader community.https://www.mdpi.com/2076-3417/14/21/9942firmwaresigningintegritykeycertificaterotation |
| spellingShingle | Sunil Joshi Kenneth Crowther Jarvis Robinson Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware Applied Sciences firmware signing integrity key certificate rotation |
| title | Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware |
| title_full | Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware |
| title_fullStr | Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware |
| title_full_unstemmed | Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware |
| title_short | Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware |
| title_sort | tradeoffs in key rotation strategies for industrial internet of things devices and firmware |
| topic | firmware signing integrity key certificate rotation |
| url | https://www.mdpi.com/2076-3417/14/21/9942 |
| work_keys_str_mv | AT suniljoshi tradeoffsinkeyrotationstrategiesforindustrialinternetofthingsdevicesandfirmware AT kennethcrowther tradeoffsinkeyrotationstrategiesforindustrialinternetofthingsdevicesandfirmware AT jarvisrobinson tradeoffsinkeyrotationstrategiesforindustrialinternetofthingsdevicesandfirmware |