Smart cities are a concept of interest to many industrial, academic and government organisations. However, smart cities present a large attack surface to adversaries if every traffic light, power relay and water pipe are connected to the internet. This paper describes the problem of distributing software in a smart city when strong protection of device software, software installation and update provision are required. A set of requirements for a secure software provisioning system is presented and two models for the software distribution are proposed. Three protocols for distributing software are presented that meet the requirements stated. A formal analysis using Tamarin Prover is described that proves the security of the proposed protocols. Finally, an implementation has been developed using a laptop and Raspberry Pi 3 to demonstrate the proposed protocols in action and the performance of them.
|Title of host publication
|FARES '17 Proceedings of the 12th International Workshop on Frontiers in Availability, Reliability and Security
|Number of pages
|Published - 29 Aug 2017