Wisecr: Secure Simultaneous Code Disseminationto Many Batteryless Computational RFID Devices

TL;DR

Wisecr is a novel secure wireless firmware update mechanism for batteryless CRFID devices that prevents attacks, protects IP, and supports remote attestation, all while complying with existing communication standards.

Contribution

It introduces the first secure, simultaneous firmware dissemination protocol for CRFID devices that ensures security, IP protection, and standard compliance.

Findings

Achieves secure, simultaneous firmware updates for multiple CRFID devices.

Demonstrates low overhead and compatibility with ISO standards.

Provides an open-source implementation and comprehensive evaluation.

Abstract

Emerging ultra-low-power tiny scale computing devices in Cyber-Physical Systems %and Internet of Things (IoT) run on harvested energy, are intermittently powered, have limited computational capability, and perform sensing and actuation functions under the control of a dedicated firmware operating without the supervisory control of an operating system. Wirelessly updating or patching the firmware of such devices is inevitable. We consider the challenging problem of simultaneous and secure firmware updates or patching for a typical class of such devices -- Computational Radio Frequency Identification (CRFID) devices. We propose Wisecr, the first secure and simultaneous wireless code dissemination mechanism to multiple devices that prevent malicious code injection attacks and intellectual property (IP) theft, whilst enabling remote attestation of code installation. Importantly, Wisecr is engineered to comply with existing ISO compliant communication protocol standards employed by CRFID devices and systems. We comprehensively evaluate Wisecr's overhead, demonstrate its implementation over standards-compliant protocols, analyze its security and implement an end-to-end realization with popular CRFID devices -- the open-source code is released on GitHub.