IoT Firmware Security Automation: QEMU-Based Fuzzing, CVSS Scoring, and Mender OTA Updates

Authors

  • Sandhya Guduru Masters in Information Systems Security, Software Engineer - Technical Lead, USA. Author

DOI:

https://doi.org/10.47363/JMCA/2023(2)205

Keywords:

IoT Security, Firmware Vulnerabilities, QEMU Emulation, AFL++ Fuzzing, CVSS Scoring, OTA Updates, Mender, The Update Framework (TUF), Ed25519 Signatures, Automated Security Testing

Abstract

Firmware security is a growing concern in IoT environments, as many devices are shipped with outdated or vulnerable software. Traditional security methods, such as manual testing and patching, are time-consuming and ineffective against the increasing complexity of firmware architectures. This research proposes an automated approach to firmware security using QEMU-based emulation, AFL++ fuzzing, and CVSS scoring to identify vulnerabilities. Additionally, secure OTA updates are implemented through Mender, ensuring compliance with The Update Framework (TUF) and leveraging Ed25519 cryptographic signatures for protection. By integrating these technologies, this framework enhances IoT security by automating both vulnerability detection and firmware updates, reducing the risks of cyberattacks.

Author Biography

  • Sandhya Guduru, Masters in Information Systems Security, Software Engineer - Technical Lead, USA.

    Sandhya Guduru, Masters in Information Systems Security, Software Engineer - Technical Lead, USA. 

Downloads

Published

2023-12-23

Issue

Vol. 2 No. 4 (2023): Volume 2 Issue 4

Section

Articles