Wireless design kit supports secure over-the-air updates

September 05, 2016 // By Graham Prophet
Nordic Semiconductor is introducing secure and signed over-the-air firmware updates in the latest release of its nRF5 SDK to help improve device security.

The nRF5 SDK v12.0 allows firmware updates over-the-air to be accompanied by a secure signature that ensures the update comes from a verified and trusted source. The SDK now supports the Arduino development kit used with the Nordic nRF52832 SoC-based Arduino Primo base board, features a CMSIS configuration Wizard that allows graphical configuration in Keil, offers Bluetooth low energy Continuous Glucose Meter (CGM) profile support, and provides optimized floating point unit execution.


The increased level of security protects against application updates from potentially damaging malicious device upgrade attacks by using secure signatures to authenticate that only updates coming from a verified and trusted source can be made on a given device.


In operation, a classic public/private key security structure is employed whereby public keys are distributed and private keys remain solely with the sending party, thus ensuring one-to-one security. Using ciphers to create keys in the Nordic nRF5 SDK v12.0 can be done in various ways: Nordic says it has given developers flexibility to create ciphers in whichever way they prefer. This includes Nordic-authored examples using, for example, ECDH using the P256 curve to establish secure connections in Bluetooth low energy. (Nordic has also reserved two dedicated 16-bit UUIDs with the Bluetooth SIG for use with signed and unsigned firmware.)


Nordic also supports secure DFU application development with a suite of cross-platform PC tools and additionally mobile tools for Android and iOS.


If a secure OTA-DFU is interrupted, a 'resume-from-failure' feature is intended to allow updates to resume from the last known good point and complete, instead of re-starting the entire upgrade process from scratch.


Additional features of the Nordic nRF5 SDK v12.0 include support for Arduino development kits used with the Nordic nRF52832 System-on-Chip (SoC)-based Arduino Primo base board, that bring the range of Nordic nRF5 SDK modules, features, and application examples to the Arduino platform; a CMSIS configuration Wizard that allows graphical configuration