2017-07-06

Secure OTA for MIRACLE Secure OTA IoT

Miracle Linux Corporation

MIRACLE Secure OTA is a cloud system that realizes secure data deployment and updates that can be used by RZ/G. The premise is that the IoT device will be connected to the internet, and because a lot of people will be able to access it network-wise and physically, it will be exposed to various threats that were not there before. Here, in order to avoid unauthorized operation, it is important to update as a countermeasure once a weakness is spotted, and to control unexpected behavior by preventing such as unauthorized logins and software intrusion.

MIRACLE Secure OTA uses various certification and performs mutual authentication of the developer and the device, preventing unauthorized software to enter the IoT device. The developer will be given a developer certificate and authenticated in order for them to use the MIRACLE Secure OTA. Once the developer uploads an update file, it will be signed at the MIRACLE Secure OTA cloud. The MIRACLE Secure OTA cloud checks the product certificate of the destination device, and verifies if it is a regulated device. In RZ/G’s case, the product certificate is stored in the security region TSIP. Because the certificate cannot be controlled from the outside, the certificate’s safety can also be secured. When the distribution is performed, the update file will be downloaded only for the device that has a certificate. The electric signature and the product certificate will be compared, and only the correct software will be applied. By using this system, you will be able to prevent the application of unauthorized software and tampering of content by rogue developers, and protect the correct operation of IoT devices. As the distributable data ranges from a few bytes up to several gigabytes, it can widely support from the modification of minute contents to the major version upgrade of firmware and OS level.