Tsague, HDVan der Merwe, Johannes JMoabalobelo, Terrence2016-04-222016-04-222015-03Tsague, H.D, Van der Merwe, J and Moabalobelo, T. 2015. Secure firmware updates for point of sale terminals. In: The 10th International Conference on Cyber Warfare and Security, 24-25 March 2015, Mpumalanga, South Africahttp://academic-bookshop.com/ourshop/prod_3774091-ICCWS-2015-10th-International-Conference-on-Cyber-Warfare-and-Security-Kruger-National-Park-South-Africa-PRINT-ver-ISBN-978191030996.htmlhttp://hdl.handle.net/10204/8516The 10th International Conference on Cyber Warfare and Security, 24-25 March 2015, Mpumalanga, South Africa. Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, please consult the publisher's websiteA large number of electronic transactions are performed with credit or debit cards at point of sale terminals located at merchant stores. The success of this form of payment however, has an associated cost due to the management and maintenance of the equipment. In particular, there is an important cost related to the deployment of new software upgrades for the point of sale terminals, since in most cases human intervention is required. In this paper, we present a lightweight protocol for secure firmware updates for smart card based point of sale terminals. The protocol has especially been designed with respect to the limited hardware resources in such devices. Also, the low bandwidth and the risk of packet loss in the wireless link have been taken into consideration. The protocol provides data integrity and authenticity protection, and thus prevents an attacker from modifying a firmware in transit and installing malicious firmware in the terminals. In addition, terminals can verify that, the received firmware originated from a trusted source. The protocol includes confidentiality protection, and thus the proprietary firmware is kept secret from attackers.enPoint of saleFirmware updatesUpgradesAuthenticityConfidentialityInformation securityElectronic transactionsConference PresentationTsague, H., Van der Merwe, J. J., & Moabalobelo, T. (2015). Secure firmware updates for point of sale terminals. Academic Conferences International. http://hdl.handle.net/10204/8516Tsague, HD, Johannes J Van der Merwe, and T Moabalobelo. "Secure firmware updates for point of sale terminals." (2015): http://hdl.handle.net/10204/8516Tsague H, Van der Merwe JJ, Moabalobelo T, Secure firmware updates for point of sale terminals; Academic Conferences International; 2015. http://hdl.handle.net/10204/8516 .TY - Conference Presentation AU - Tsague, HD AU - Van der Merwe, Johannes J AU - Moabalobelo, T AB - A large number of electronic transactions are performed with credit or debit cards at point of sale terminals located at merchant stores. The success of this form of payment however, has an associated cost due to the management and maintenance of the equipment. In particular, there is an important cost related to the deployment of new software upgrades for the point of sale terminals, since in most cases human intervention is required. In this paper, we present a lightweight protocol for secure firmware updates for smart card based point of sale terminals. The protocol has especially been designed with respect to the limited hardware resources in such devices. Also, the low bandwidth and the risk of packet loss in the wireless link have been taken into consideration. The protocol provides data integrity and authenticity protection, and thus prevents an attacker from modifying a firmware in transit and installing malicious firmware in the terminals. In addition, terminals can verify that, the received firmware originated from a trusted source. The protocol includes confidentiality protection, and thus the proprietary firmware is kept secret from attackers. DA - 2015-03 DB - ResearchSpace DP - CSIR KW - Point of sale KW - Firmware updates KW - Upgrades KW - Authenticity KW - Confidentiality KW - Information security KW - Electronic transactions LK - https://researchspace.csir.co.za PY - 2015 T1 - Secure firmware updates for point of sale terminals TI - Secure firmware updates for point of sale terminals UR - http://hdl.handle.net/10204/8516 ER -