CrowdPatching: Decentralized Distribution of IoT Software Updates

The number of Internet of Things (IoT) devices deployed around the world is growing at incredible speed. The primary goal of their design is optimizing their size, cost and usability, while their security is underestimated. As a consequence, they often present serious vulnerabilities, posing security threats to both individual users and organizations. For this reason, delivering software updates to these devices to patch their vulnerabilities is crucial. In this context, manufacturers face three main challenges. Firstly, the integrity of new updates must be strictly enforced to avoid the installation of malicious software, which would create more threats than it mitigates. Secondly, only efficient and lightweight protocols can be adopted, to account for the limited hardware and software resources characterizing IoT smart objects. And thirdly, one crucial issue is scalability: software patches are currently delivered by means of traditional client-server architectures, which is not a sustainable approach considering the number of devices involved. Motivated by these limitations, we propose CrowdPatching, a decentralized protocol leveraging blockchain technologies and zero-knowledge proofs, where IoT manufacturers delegate the delivery of software updates to self-interested distributors in exchange for cryptocurrency. Manufacturers announce new updates by deploying a smart contract, which in turn will issue cryptocurrency payments to any distributor who provides an unforgeable proof-of-delivery. The latter consists in a signature provided by IoT devices when they receive a valid zero-knowledge proof from the distributor. Compared with related work, the CrowdPatching protocol offers three main advantages. First, the number of distributors can scale indefinitely. The update is initially shared by the manufacturer with a finite set of distributors. Other proposals do not allow this set to grow at a later time. Instead, we introduce a mechanism through which distributors can share the update with others in exchange for a cryptocurrency payment. Furthermore, we leverage the recent common integration of Hub (or gateway) devices in IoT deployments, by letting them perform the most demanding actions of the protocol. As a consequence, the protocol is feasible even for the more constraint IoT objects. Finally, we propose a score system for distributors, which records their trustworthiness on the blockchain and rewards honest behavior. We provide an informal security analysis of the CrowdPatching protocol, analyzing possible attacks, as well as the corresponding protections and mitigations. And we also provide a formal security analysis, which was performed by means of the Tamarin Prover, a state-of-the-art protocol analysis tool allowing to verify security properties in the symbolic model. What is more, we present a prototype implementation, enabling the execution of all protocol steps. In particular, we focus on the implementation of (1) the blockchain smart contracts and (2) the zero-knowledge proving system. The former is based on Ethereum, the second most popular blockchain platform after Bitcoin. While the latter is based on the zk-SNARKs proving system, and exploits the most advanced cryptographic library available in this context, called libsnark.