Abstract:As the Internet of Things (IoT) industry advances, the imperative to secure IoT devices has become increasingly critical. Current practices in both industry and academia advocate for the enhancement of device security through key installation. However, it has been observed that, in practice, IoT vendors frequently assign shared keys to batches of devices. This practice can expose devices to risks, such as data theft by attackers or large-scale Distributed Denial of Service (DDoS) attacks. To address this issue, our intuition is to assign a unique key to each device. Unfortunately, this strategy proves to be highly complex within the IoT context, as existing keys are typically hardcoded into the firmware, necessitating the creation of bespoke firmware for each device. Furthermore, correct pairing of device keys with their respective devices is crucial. Errors in this pairing process would incur substantial human and temporal resources to rectify and require extensive communication between IoT vendors, device manufacturers, and cloud platforms, leading to significant communication overhead. To overcome these challenges, we propose the OTA-Key scheme. This approach fundamentally decouples device keys from the firmware features stored in flash memory, utilizing an intermediary server to allocate unique device keys in two distinct stages and update keys. We conducted a formal security verification of our scheme using ProVerif and assessed its performance through a series of evaluations. The results demonstrate that our scheme is secure and effectively manages the large-scale distribution and updating of unique device keys. Additionally, it achieves significantly lower update times and data transfer volumes compared to other schemes.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is the widespread security vulnerabilities in Internet of Things (IoT) devices during the production process, especially the security risks caused by manufacturers often assigning the same hard - coded keys to a batch of devices. This practice easily exposes the devices to risks such as data theft and large - scale Distributed Denial - of - Service (DDoS) attacks. In addition, setting unique keys for each device faces many challenges, such as the limitations of existing production lines and the need to update keys. Specifically, the paper aims to solve the following problems: 1. **Security risks of shared keys for batch devices**: In current practice, many IoT devices use the same hard - coded keys, which means that once these keys are cracked, a large number of devices will be under security threats. For example, the Mirai botnet attack in 2016 controlled more than 600,000 IoT devices by using known passwords. 2. **Complexity of setting unique keys for each device**: Setting unique keys for each device requires complex management and synchronization operations on the production line, including correctly pairing the keys with device IDs and ensuring that this information is synchronized with the cloud platform. Any error will cause the device to be unusable, and the repair process is time - consuming and costly. 3. **Existing production lines do not support key updates**: Current production lines do not take into account the need for device key updates. Therefore, if the key needs to be updated, the device must be sent back to the manufacturer to re - burn the firmware, which is not only costly but also interrupts the normal use of the product. To address these problems, the paper proposes an agent - based device configuration and management framework - the OTA - Key scheme. This scheme solves the problems in the following ways: - **Decoupling keys from firmware**: Separate the device keys from the firmware and assign unique device keys in two stages through an intermediate server (proxy server). - **Wireless key update**: Allow the device to receive and update keys through the Over - the - Air (OTA) interface without a wired connection, thus avoiding modifying the existing production line. - **Atomic update mechanism**: Ensure that in the event of network interruption or power failure, the key update can be seamlessly resumed, guaranteeing the reliability and integrity of the update process. Through these designs, the OTA - Key scheme not only improves the security and scalability of the device but also supports flexible key updates and cloud - platform switching, meeting the needs of large - scale deployment of IoT devices.

OTA-Key: Over the Air Key Management for Flexible and Reliable IoT Device Provision