distributed systems

Implementing secure over-the-air (OTA) updates in embedded devices

This is a follow up article related to Secure Booting and Secure Flashing. It is the 5th article related to Strengthening the Security of Embedded Devices Implementing secure over-the-air (OTA) updates in embedded devices requires careful consideration of various security aspects. Here are some key steps to implement secure OTA updates: 1. Secure Communication Channel – Use secure protocols such as HTTPS or MQTT over TLS/SSL to establish an encrypted communication channel between the device and the update server. – Authenticate the server using certificates to ensure the device is communicating with a trusted source. – Employ strong encryption algorithms to protect the confidentiality and integrity of the update data during transmission. 2. Code and Firmware Integrity – Digitally sign the firmware updates using a private key and verify the signature using a corresponding public key on the device. – Implement mechanisms such as checksums or hash functions to verify the integrity of the received update files. – Use secure boot techniques to ensure that only trusted and authenticated firmware updates are installed on the device. 3. Access Control and Authorization – Authenticate and authorize the device before allowing it to download and install updates. – Implement access control mechanisms…

Read More

No Image

Some thoughts about the spam attack sent through InternetOfThings (Proofpoint)

http://www.proofpoint.com/about-us/press-releases/01162014.php More than 750,000 Phishing and SPAM emails Launched from “Thingbots” Including Televisions, Fridge Note: An article about this has been published by Richard Adhikari in TechNewsWorld.   A general comment on the entire story. Security researchers usually use spamtraps (an email address that receive nothing else than pure spam) to collect these emails and then some kind of spam trap processsing machine would analyse the emails and extract the IP address of the sender. In order to see that an email is coming from a certain type of device, it is required to obtain the IP address of the sender, to get a connection to that machine and – either perform a deep scan on that IP using various tools (like nmap) or – to query thorough official protocols (like SNMP) information about the device. Both these things assume that the device is freely available from the Internet. I find understandable that a router or a NAS device are accessible from the Internet, but why would someone allow other device to be fully accessible from the Internet? 1. So…did anyone else notice these waves of attacks? We receive millions of emails every month and we only perform deep analysis…


No Image

Quoted in TechNewsWorld about the challenges of the cloud adoption

Who Watches the Watchmen, Part 3: Flying Headlong Into a Cloud By Richard Adhikari, TechNewsWorld   “Once you’re in the cloud, information doesn’t belong only to you but also to the provider of the cloud service,” Sorin Mustaca, a data security expert at Avira, told TechNewsWorld. The risks involved in moving to the cloud include the possibility that the cloud provider could be hacked by external cybercriminals or rogue employees. There’s also the risk of the cloud provider going bankrupt, causing customers to lose their data, Sorin pointed out. “The cloud is a generic concept which can’t actually be used without personalizing it,” Mustaca said. Enterprises and government agencies should only move to the cloud after they have identified what they need and expect from the cloud service, and have set security and privacy policies. “People think that if they move their computers and services to the cloud, they make the problems disappear,” Mustaca remarked. “But the problems don’t vanish; they simply move to the cloud.” Cloud service providers must guarantee a minimum level of security and privacy, but the differences between vendors’ offerings “are sometimes significant,” Mustaca warned. Going to a big provider doesn’t necessarily mean you’re any safer…


No Image

Potential Threat through Opera Unite, Part II

Together with Dirk Knopp I published an update to the Opera Unite – Everybody is becoming a Web server which is called : Potential Threat through Opera Unite, Part II. I have written some details about the P2P networks and about how Opera is using the concept. I am thinking now to build a honeypot running Windows and Opera Unite without any passwords.


No Image

Opera Unite and Security

Have a look at the article that Dirk Knopp wrote in the Avira Techblog. This article was referenced here : http://www.h-online.com/security/Opera-says-Opera-Unite-web-server-is-not-a-security-problem–/news/113719 His concern is that a lot of malware can be now served directly from user’s computer. And he is right. Even more, if there is a flaw in the Opera and somebody can alter the mini HTTP-Server (why mini, it is a full blown server) then, theoretically, it can access the user’s private files. That’s not good !!! Here is what the CEO of Opera says: “Today, we are opening the full potential of the Web for everyone. Technology moves in distinct cycles. PCs decentralized computing away from large mainframes. Opera Unite now decentralizes and democratizes the cloud. With server capability in the browser, Web developers can create Web applications with profound ease. Consumers have the flexibility to choose private and efficient ways of sharing information. We believe Opera Unite is one of our most significant innovations yet, because it changes forever the fundamental fabric of the Web.” And as reply to our concern in the Blog, he says : “When you’re hacking a single system, if you have everything that belongs to everyone in one location, you only…


No Image

Why no antivirus for P2P programs ?

I received a nice email with a very good question from Mehdy Mohajery. It is not the first time I am asked the same question. This time I am documenting the answer I always give. Question: I saw you profile on linkedin.com just tonight , and I noticed that you are specialist in both p2p systems and designing security systems. that encouraged me to ask a question from you. As you know, nowadays a lot of viruses are being distributed via p2p networks like KAD & EDonkey. If an anti virus vendor like avira could provide a plug-in for a major p2p2 client (emule) to detect viruses before downloading by their FileID (MD4 Hash) , then a major part of virus traffic on p2p networks can be eliminated. So why nobody on security industry seems to care about securing p2p networks with this method? should I download every piece of scrap to know if it’s infected? I like to know your opinion about this. Dear Mehdy Mohajery, There are several reasons why nobody adds an AV for the P2P programs: 1. Having in mind the “free of charge” nature of the P2P networks, nobody will pay for an Antivirus program….


%d bloggers like this: