In [2]:
# Part II - IoT Device Security Lifecycle Simulation
# Logs five lifecycle stages with timestamps and messages

import time
import logging
from datetime import datetime
import secrets
import hashlib

# ---------------------------------------------------------
# Fix for Jupyter/Colab to allow logging output
# ---------------------------------------------------------
# Remove existing logging handlers so logging.basicConfig works correctly
for handler in logging.root.handlers[:]:
    logging.root.removeHandler(handler)

logging.basicConfig(
    level=logging.INFO,
    format='%(asctime)s - %(levelname)s - %(message)s'
)

def now():
    return datetime.utcnow().isoformat() + "Z"

# ---------------------------------------------------------
# Stage 1 – Threat Modeling
# ---------------------------------------------------------
def threat_modeling():
    model = {
        "assets": ["sensor_data", "device_key", "firmware"],
        "threats": ["default_credentials", "firmware_tamper", "unprotected_comm"],
        "mitigations": ["secure_boot", "AES_GCM", "OTA_signing"]
    }
    logging.info("[Stage 1] Threat modeling completed: %s", model)
    return model

# ---------------------------------------------------------
# Stage 2 – Secure Boot Initialization
# ---------------------------------------------------------
def secure_boot_initialization(firmware_blob):
    firmware_hash = hashlib.sha256(firmware_blob).hexdigest()
    logging.info("[Stage 2] Secure boot init: stored firmware hash %s", firmware_hash)
    return firmware_hash

# ---------------------------------------------------------
# Stage 3 – Secure Key Injection
# ---------------------------------------------------------
def secure_key_injection():
    key = secrets.token_bytes(32)
    logging.info(
        "[Stage 3] Secure key injected into device (mock). Key fingerprint: %s",
        hashlib.sha256(key).hexdigest()[:16]
    )
    return key

# ---------------------------------------------------------
# Stage 4 – OTA Firmware Update Check
# ---------------------------------------------------------
def ota_firmware_update_check(current_hash, new_firmware_blob):
    new_hash = hashlib.sha256(new_firmware_blob).hexdigest()
    logging.info("[Stage 4] OTA update check: new_hash=%s", new_hash)

    # In real systems signature verification is required
    if new_hash != current_hash:
        logging.info("[Stage 4] Update accepted. Firmware will be replaced.")
        return new_hash, True
    else:
        logging.info("[Stage 4] No update required.")
        return current_hash, False

# ---------------------------------------------------------
# Stage 5 – Secure Decommissioning
# ---------------------------------------------------------
def secure_decommissioning(key_storage):
    logging.info("[Stage 5] Device decommissioning: wiping keys and metadata.")
    key_storage = None
    logging.info("[Stage 5] Keys wiped.")
    return key_storage

# ---------------------------------------------------------
# Simulation Run
# ---------------------------------------------------------
if __name__ == "__main__":
    logging.info("Starting IoT device lifecycle simulation.")

    # Stage 1
    tm = threat_modeling()

    # Stage 2 (mock firmware)
    fw = b"firmware_v1.0_binary_blob_example"
    fw_hash = secure_boot_initialization(fw)

    # Stage 3
    key = secure_key_injection()

    # Stage 4 (mock new firmware)
    time.sleep(1)
    new_fw = b"firmware_v1.1_binary_blob_example"
    fw_hash, updated = ota_firmware_update_check(fw_hash, new_fw)

    # Stage 5
    key = secure_decommissioning(key)

    logging.info("Lifecycle simulation finished.")


2025-11-26 15:05:14,586 - INFO - Starting IoT device lifecycle simulation.
2025-11-26 15:05:14,588 - INFO - [Stage 1] Threat modeling completed: {'assets': ['sensor_data', 'device_key', 'firmware'], 'threats': ['default_credentials', 'firmware_tamper', 'unprotected_comm'], 'mitigations': ['secure_boot', 'AES_GCM', 'OTA_signing']}
2025-11-26 15:05:14,590 - INFO - [Stage 2] Secure boot init: stored firmware hash 8da8a70018b39a9c42fe9edb7e2439cad83c9f2623916629cd4c2b1c287f4efc
2025-11-26 15:05:14,592 - INFO - [Stage 3] Secure key injected into device (mock). Key fingerprint: d2b3932dabcf225d
2025-11-26 15:05:15,595 - INFO - [Stage 4] OTA update check: new_hash=a216b3e0a41fb5efcd870794b26ec2f98817bdd786397001dd3814d6168e3649
2025-11-26 15:05:15,595 - INFO - [Stage 4] Update accepted. Firmware will be replaced.
2025-11-26 15:05:15,596 - INFO - [Stage 5] Device decommissioning: wiping keys and metadata.
2025-11-26 15:05:15,597 - INFO - [Stage 5] Keys wiped.
2025-11-26 15:05:15,598 - INFO - L