Skip to content
An update framework for applications running on hobbyist systems
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lrad-cli
lrad-daemon
lrad-lib
test
.gitignore
.lrad.toml
.travis.yml
Cargo.toml
LICENSE
README.md
ipfs_ssh_key.enc
lrad.svg
rustfmt.toml

README.md

lrad

Build Status Coverage Status

logo

An update framework for applications running on hobbyist single-board-computers (CS5285 Final Project)

TODOs

  • lrad-cli
    • Init
      • Create config file
      • Interactive "wizard"
    • Push
      • Transform Git repo
        • Clone bare repository
        • Unpack objects
        • update-server-info
        • Size constraints
      • Add to IPFS
        • Local IPFS API server
          • Convert to actix-web client
        • Remote IPFS API server
          • SSH tunnel
          • Are there other ways to securely connect?
        • (FUTURE) Use ipld-git, it is not mature right now but is the ideal candidate
      • Put DNS link record
        • Cloudflare
        • AWS Route 53
        • Namecheap
        • Google DNS
  • lrad-daemon
    • ipld-git integration (right now, dummy http transport means the entire history is required and only git cli can clone from ipfs)
    • Docker
      • image build
      • container create
      • container remove
      • container start
      • Docker configuration for the steps
    • DNS txt record polling
      • Naive just every 300 sec poll
      • Smart TTL-based polling with backoff
    • Use Actix

Motivation

What is IoT

Over the course of electronic computer system history, there has been a consistent trend of systems becoming more compact, more powerful, and more common. Today, there are devices ranging from electric scooters to baby monitors to prosthetics that can all be connected to the internet. This movement has come to be known as the Internet of Things (IoT). While the applications are many, IoT has only really reached the common consumer in the past five years through smart home devices like Amazon's Alexa or Nest's Thermostat.

Security Concerns

While IoT promises to bring the next wave of inter-connectivity in our lives, there are several barriers that hinder it from becoming the be-all and end-all of twenty-first century computing. One involves security concerns. If these systems are not properly protected, they will introduce more risk than value; it makes no sense to install a smart lock on your front door if someone can easily exploit a vulnerability in it and lock you out of your home. The attack surface for an IoT device tends to be much larger than that of the traditional device it replaces.

Security through Secure Updates

It is inevitable that someone will discover an IoT device with a zero-day security vulnerability. Currently, high-profile news of a breach has little effect manufacturer profits, it is expensive to have independent security audits done, and humans are just not perfect. With that in mind, it is important that there be a process to update these devices with bug fixes. In this project, I intend to explore current state of the art processes and build upon them in order to design and implement a process ideal for hobbyist single-board computers (SBCs) like those released by the Rasberry Pi Foundation or BeagleBoard.org Foundation. This process

Objectives

This project aims to design and implement a process for remote SBC updates. The process will be demoed using an in-production system used by the Vanderbilt Design Studio.

Implement the Process in the Rust Programming Language

Project Plan

Design Requirements

  • Secure: Minimize the attack surface and make resistant to attacks. Does not try to re-invent the wheel.

  • Remote: Works remotely over the internet -- having technicians on-site just to manually install updates would be unreasonable.

  • Low-Footprint : Does not hinder normal operation of the system. Namely, it should not compromise the system or make it unavailable.

  • Prioritized : Not all updates need to run immediately, so a timeframe for the update can be specified.

  • Realtime : Devices immediately (within a few seconds) discover that a new update is available.

  • Decentralized : Cannot hinder the update process by DoS, fraudulent DMCA, DNS hijacking, or other means.

Implementation

The process will be implemented using the Rust, a systems programming language that focuses on safety without sacrificing performance. It will be open-source, as all projects regarding security should be.

Timeline

  • Identify state of the art processes currently in place

  • Select libraries to use for project

  • Draft system architecture

  • Review system architecture

  • Begin implementation

  • Revise design as needed

  • Begin testing on production system

  • Finish implementation and testing

You can’t perform that action at this time.