Coordinating mechanical engineering, electrical engineering, manufacturing, test automation, marketing, and other disciplines is challenging. Each one is difficult on its own, but they are all complicated because most of these do not progress on the same timeline. Every product manager is aware of the challenges of shipping a device on time, which results in 45% of creations overlooking their launch date.
Following an NPI timeline while focusing on firmware processes can help to streamline development and increase the likelihood of meeting development goals. The NPI, inspired by Apple engineers, is a valuable guidepost consisting of six milestones and associated timeframes for teams looking to ship a well-understood product as soon as possible.
Within that model, additional firmware development elements pave the way for optimizing the NPI process. Why concentrate on firmware? The firmware dynamically supports your overall hardware roadmap. By implementing best firmware practices, you can reduce production challenges at each development stage – and get your product to market on time.
We’ll discuss the key milestones below, then look at four ways to untangle your hardware and software to save time and create a more stable timeline.
IoT firmware update considerations
Firmware authors and network operators should keep the following considerations in mind when designing the firmware update process for deployed IoT platforms:
- Install firmware updates cautiously so that the update does not disrupt device functionality. This necessitates thorough testing and the development of recovery strategies if a firmware update fails.
- Make firmware updates available promptly to address emerging vulnerabilities while considering the complexity of the decision-making process for updating devices and the supply chain length before the update reaches the end customer.
- For battery-powered IoT platforms, ensure that the update process is energy efficient. For energy-constrained IoT platforms, firmware updates, particularly radio communication and writing the firmware image to flash, can become an energy-intensive task.
In addition to the abovementioned considerations, device manufacturers and customers should be incentivized to adopt and enforce frequent firmware updates to protect these devices from cyber-attacks. This is the goal of the IoT Solutions Cybersecurity Improvement Act of 2020, which requires federal agencies to refrain from “purchasing or obtaining, renewing a contract to procure or receive, or using an IoT solution “if it does not comply with NIST guidelines.
These “appropriate use and management” guidelines for IoT devices include “minimum security requirements for managing cybersecurity risks” associated with these devices.
How to protect changes to IoT firmware
Security of the update method is just as crucial as updating the firmware to address flaws in IoT solutions. The remote code execution of the update may be exposed to security flaws in the update process. Failure to secure the firmware update procedure will facilitate device takeover by attackers.
Several security controls can be used to safeguard the firmware image and the update procedure.
- A device’s ability to cryptographically identify the author(s) who created the firmware images is ensured through authentication. To determine whether the requested action is permitted to access the device and carry out the update, the authenticated machine IDs can also be utilized as input to the authorization process.
- Integrity protection ensures that an unauthorized party cannot alter the firmware image. To accept an update, a device must confirm the respective code signature of each software component contained in the firmware upgrade. To validate such code signatures, the device must access the trust anchors.
- The author must have the correct machine identification, which can take the form of a certificate/public key or a pre-shared device key, to guarantee the confidentiality of firmware images. The firmware image’s confidentiality ensures that only a legitimate party can access the unencrypted firmware image. The bulk storage, broadcast, and content distribution network protocols should all operate with the encrypted firmware image.
Along with the factors mentioned above, crypto-agility should be critical in the update process security. It is advised to utilize post-quantum secure signature systems like hash-based signatures because RSA and ECC-based signature schemes could one day become susceptible to quantum computing.
By implementing highly scalable, flexible, and cost-efficient solutions that enable the integration of high-assurance identification at every stage of the IoT device lifecycle, IoT device suppliers and operators can protect the firmware update process. Organizations can increase their assurance that IoT firmware upgrades are secure from threats by using Venafi TLS Protect and CodeSign Protect.
Conclusion
For teams wanting to deploy a well-understood product as quickly as feasible, the New Product Pipeline (NPI) is a set of six development milestones and related timeframes. To safeguard these devices from cyberattacks, manufacturers and users should be encouraged to embrace and enact frequent firmware updates. Just as important as updating the firmware is learning how to protect modifications to IoT firmware.
The update’s remote code execution could have security issues. Failure to assure the firmware update method will make it easier for attackers to gain control of the device. Organizations can strengthen their confidence in the security of IoT firmware upgrades.
You can also use akenza.io, a self-service IoT platform that lets you build useful Azure IoT Hub products and services. Akenza.io is confident in its ability to help organizations develop IoT solutions by considerably reducing the workload and complexity.