Securing the Lifeline

Why FOTA Must Migrate from RSA to PQC

The Internet of Things (IoT) and software-defined vehicles have transformed static hardware into dynamic platforms. The lifeblood of these devices is Firmware Over-the-Air (FOTA) – the ability to remotely patch vulnerabilities, add features, and fix bugs without a physical recall.

Given the critical nature of firmware –  which controls brakes in cars or insulin delivery in medical devices – the security of the FOTA pipeline is paramount. Today, that security is robust against classical computers. Tomorrow, in the era of quantum computing, it will be obsolete. The industry faces an urgent timeline to migrate FOTA mechanisms to Post-Quantum Cryptography (PQC).

Current State: How FOTA is Secure Today

Today’s FOTA security relies on a “Chain of Trust” anchored by asymmetric cryptography, primarily RSA (Rivest–Shamir–Adleman) or Elliptic Curve Cryptography (ECC).

The fundamental principle is digital signing for authenticity and integrity, not just encryption for confidentiality. The goal is to prevent a man-in-the-middle from injecting malicious code that the device accepts as legitimate.

The Classical Security Mechanism:

  1. The Original Equipment Manufacturer (OEM) generates a key pair: a private key (kept highly secure in an HSM) and a public key.
  2. The public key is permanently embedded (e.g., burned into eFuses) in the end device during manufacturing. This is the Root of Trust.
  3. When new firmware is created, the OEM uses its private key to generate a digital signature (a cryptographic hash of the firmware).
  4. The device receives the firmware and the signature. It uses the embedded public key to verify the signature.
  5. If the verification passes, the device knows the firmware came from the OEM and has not been tampered with. If it fails, the update is rejected.

If an attacker intercepts the update package, they cannot modify the code without invalidating the signature. They cannot generate a new valid signature because they lack the OEM’s private key, and current supercomputers would take billions of years to derive the private key from the public key.

The FOTA Upgrade Flow Process

A secure FOTA campaign involves multiple stages moving from the cloud development environment to the physical edge device.

Diagram 1: Typical Secure FOTA Process Flow

The Quantum Threat: Impact of an RSA Certificate Compromise

The security described above rests on the mathematical difficulty of integer factorization (for RSA) or discrete logarithms (for ECC).

Quantum computers operate differently. Using Shor’s Algorithm, a sufficiently powerful Quantum Computer (CRQC) can solve these specific mathematical problems exponentially faster than classical computers.

The Doomsday Scenario: If an attacker gains access to a CRQC, they can take the OEM’s public key (which is easily obtainable from any device’s firmware) and derive the OEM’s private RSA signing key in a matter of hours or days.

The Impact on FOTA: Once the private key is compromised, the Chain of Trust is totally shattered.

  1. Forged Signatures: The attacker can write malicious firmware – perhaps code that disables vehicle brakes at high speed or creates a botnet out of smart meters – and sign it with the compromised private key.
  2. Legitimized Malware: The target devices will receive the malicious update. Their secure bootloaders will use the embedded public key to verify the signature. The verification will pass.
  3. Total Takeover: The devices will install the malware, believing it to be an urgent security patch from the manufacturer.

This is not just a data breach; it is a complete usurpation of control over physical devices at a global scale. Furthermore, the “Harvest Now, Decrypt Later” (HNDL) threat means encrypted firmware packages stolen today could be decrypted later by quantum computers, revealing intellectual property and hardcoded secrets, though forged signing remains the most immediate FOTA threat.

The Solution: PQC on FOTA

To counter this, the industry must transition to Post-Quantum Cryptography. PQC refers to cryptographic algorithms (running on today’s classical computers) that are believed to be secure against both classical and future quantum computer attacks.

NIST (National Institute of Standards and Technology) has recently standardized the first PQC algorithms, such as CRYSTALS-Dilithium (for digital signatures) and CRYSTALS-Kyber (for key encapsulation). These rely on different mathematical structures, such as lattice-based cryptography, which have no known efficient quantum shortcuts.

Implementing PQC in FOTA involves:

  1. Replacing Algorithms: Switching from RSA/ECC to Dilithium or SPHINCS+ for generating and verifying signatures.
  2. Increasing Resources: PQC keys and signatures are generally larger than RSA/ECC, requiring more storage on constrained IoT devices and slightly more bandwidth for updates.
  3. Crypto-Agility: Designing systems that can switch cryptographic standards effortlessly without replacing hardware.

Migration Timelines and Strategies

The transition cannot happen overnight due to the long lifecycles of hardware (e.g., a car built today might be on the road in 15 years). A “Hybrid” approach is necessary.

In a hybrid FOTA setup, the firmware is signed with both RSA and a PQC algorithm. Current devices verify the RSA signature; future-ready devices verify both.

Table 1: Expected PQC FOTA Migration Timeline

Phase

Timeline

Activity

FOTA Status

Preparation

Present – 2025

NIST Standardization finalizing. OEMs begin inventorying cryptography usage and testing PQC algorithms in labs.

RSA/ECC dominant. PQC is experimental.

Hybrid Transition

2025 – 2028

Crucial Phase. New hardware released with Root of Trust capable of PQC. FOTA clouds start dual-signing (Hybrid) updates.

Hybrid Mode. Updates signed with both RSA & PQC to support legacy and new devices.

PQC Primary

2029 – 2033

Quantum computers expected to mature. RSA/ECC is considered depreciated for high-security use.

PQC Required. New devices rely solely on PQC. Legacy devices are increasingly vulnerable.

Quantum Era

2033+

A CRQC likely exists. Classical asymmetric cryptography is broken.

PQC Only. Any device relying only on RSA FOTA is indefensible.

Conclusion

FOTA is the mechanism that keeps our connected world functional and secure. Currently, its foundation rests on cryptography that has a known expiration date. The compromise of an RSA certificate by a quantum computer would not merely be an inconvenience; it would weaponize the very system designed to protect devices, allowing attackers to push malicious code with a fake seal of authenticity. Implementing PQC is the only viable path forward. It is a complex, multi-year engineering challenge that OEMs must begin immediately to ensure the safety and trust of the autonomous and connected future.

Cheers – Amit Tomar!!

Related Posts

Playing with ESP32 Micro Python

Playing with ESP32 Micro Python

ESP32 is a single 2.4 GHz Wi-Fi-and-Bluetooth combo chip designed with the TSMC low-power 40 nm technology. We will use the GPIO pins functionality only in this post, but each…

Symmetric ENCRYPTION

Symmetric ENCRYPTION

A Symmetric cipher is an algorithm which uses only 1 key for both encryption and decryption. So the same key is used to convert the plain text to encoded text…

Architecting for Uncertainty

Architecting for Uncertainty

For decades, the cryptographic foundations of the modern enterprise have been treated as "set it and forget it" infrastructure, poured like concrete and rarely revisited. However, as the shadow of…