lunduniversity.lu.se

Electrical and Information Technology

Faculty of Engineering, LTH

Denna sida på svenska This page in English

Get updated securely with Pegah!

2022-12-12

Portrait. Pegah Nikbakht Bideh.

Pegah Nikbakht Bideh. Photo: Sajad Ghorbani.

Downloading, preparing to install… we have all seen these messages when updating our various devices, but what is really happening? How do we make sure the update can be trusted? Pegah Nikbakht Bideh knows, and has developed methods improving the security.   On December 16 at 9.15 she defends her PhD thesis “Contributions to Securing Software Updates in IoT” at LTH, Lund University.

Read more about the dissertation.
Download the thesis.

What is your thesis about?

You may use various smart devices in your home, such as light bulbs, and cameras. These devices are usually connected to the Internet and you can connect to them through your smartphones, and control them. However, such devices might have security flaws that can cause attackers to attack and control them. Whenever new security flaws are discovered, manufacturers usually release new updates. Manufacturers are required to transfer and install such updates on the devices securely. However, performing secure updates over the air is challenging since such smart devices have limited resources. Enabling secure updates in smart devices over the air is the primary aspect of my thesis. The secure protocols used by powerful computers as a common language to talk to each other are unfit to address the requirements of smart devices. Hence, many other secure and lightweight protocols were designed for such devices. Manufacturers choose the best-suited protocol based on their devices’ requirements. Sometimes some devices need to talk to other devices or systems that use other protocols. There are tools such as protocol translators that can enable such communications. Enabling secure protocol translation is another aspect of my thesis. The updates are usually targeting a large number of devices. Therefore, the devices can be grouped so that all group members can be updated at once instead of updating them one by one. In either group or one-to-one communication, the communication is secured through the use of secret keys. These secret keys must be distributed among the devices before the communication starts. Enabling secret key distribution for group or one-to-one communication is the final aspect of my thesis.

Connected smart devices

Smart devices are used in many areas such as smart cities, smart homes, and smart agriculture; it is important to update them regularly for security reasons or adding new features.

What is the most fascinating with your thesis subject?

The most interesting thing about the subject of thesis is that smart devices will become inseparable part of your life in near future and updating them in a secure and lightweight way will become more and more important.

How will your results be of use in the future?

I believe that even now my research results can be used in practice by companies that are searching for tools and methods to update their devices securely and efficiently.

What are your plans?

I’m joining CanaryBit after my PhD, it is a startup company working on confidential cloud computing. We believe virtualization of IoT device functionalities to the cloud will become more popular in near future, and my goal is to work more in this field in CanaryBit. Hopefully I will be able to use my PhD experience and knowledge there in practice.