A Zero-Trust Multi-Processor Reporter-Verifier Design of Edge Devices for Firmware Authenticity in Internet of Things and Blockchain Applications

Firmware authenticity and integrity during upgrades are critical security factors in Internet of Things (IoT) applications in the age of edge artificial intelligence (AI). Data from IoT applications are vital for business decisions. Any unintended or malicious change in data can adversely impact the goals of an IoT application. Several studies have focused on using blockchain to ensure the authentication of IoT devices and the integrity of data once the data are in the blockchain. Firmware upgrades on IoT edge devices have also been investigated with blockchain applications, with a focus on eliminating external threats during firmware upgrades on IoT devices. In this paper, we propose a new IoT device design that works against internal threats by preventing malicious codes from device manufacturers. In IoT applications that monitor critical data, it is important to ensure that the correct firmware reporting honest data is running on the devices. As devices are owned and operated by a small group of application stakeholders, this multiprocessor design extracts the firmware periodically and checks whether it matches the signatures of the expected firmware designed for the business goals of the IoT applications. The test results show that there is no significant increase in code, disruption, or power consumption when implementing such a device. This scheme provides a hardware-oriented solution utilizing processor-to-processor communication protocols and is an alternative to running lightweight blockchain on IoT edge devices.