Tradeoffs in Key Rotation Strategies for Industrial Internet of Things Devices and Firmware.

This paper provides an overview of several secure boot architectures with a focus on key rotation. It expands on a practitioner note that the authors submitted to the 2023 IEEE Secure Development Conference. Key rotation is important due to the frequency of lost signing keys and the difficulty of managing secret keys for the long lifetimes of Industrial Internet of Things (IIOT) devices. Key rotation is not simple for IIOT due to limited resources during a secure boot process and the constraints of the firmware utilities that come from the chip vendors. This paper reviews and compares five common architectures for a secure boot that are seen across the IIOT community. For each architecture, it provides some key strengths and weaknesses associated with that architecture. The paper then provides a detailed comparison and analysis of the architectures to convince the IIOT community to move towards a strong use of certificates (instead of the traditional use of raw public keys). The intent of this paper is to provide a practitioner's perspective on these challenges and the tradeoffs in hopes of inviting comments from chip vendors and the broader community. [ABSTRACT FROM AUTHOR]