Trustworthy firmware update for Internet-of-Thing Devices using physical unclonable functions

Connected devices that are part of the so-called Internet of Things (IoT) need to update their firmware over their lifetime. The problem is that updates can be used by attackers to inject malicious code. This work presents a lightweight protocol to update each device in a secure way. The cryptographic keys employed are fresh and are not stored but reconstructed by exploiting the Physical Unclonable Functions (PUFs) of the device hardware. The feasibility of the proposal is illustrated with experimental results of IoT devices that use the SRAM PUFs in their Bluetooth Low Energy (BLE) system on chips.