Security Architecture and Secure OTA for Smart City Lighting System

Architecture design and implementation

Security Architecture and Secure OTA for Smart City Lighting System

Project Details

  • Task : Security
  • Completion : February 2020

Client

Polish Smart Lighting infrastructure provider

Challenge

Designing a completely secure, attack-resistant firmware update mechanism (OTA) for a distributed network of intelligent road lighting (thousands of units). The hardware architecture imposed a critical challenge: communication between the secure microcontroller (nRF) and LTE modem (BG95) occurred via an unsecured, unencrypted UART bus. It was necessary to guarantee that encrypted firmware would not leak or be modified in transit on the device itself.

Solution

Providing consulting services, I was responsible for designing and implementing the entire security stack on the nRF microcontroller (C++ with FreeRTOS). I based the solutions on the following pillars:

Zero-Trust OTA Architecture: I designed a process where encrypted firmware was streamed from the LTE modem (through unsecured UART) directly to a dedicated, secure partition in flash memory. No keys or fragments of decrypted code were ever exposed.

Secure Boot and Image Verification: I implemented a Secure Boot mechanism. After download, the bootloader first cryptographically verified the integrity and authenticity of the new firmware image (using digital signatures).

Atomic Update and Rollback: Only after successful verification did the system proceed to “atomic” image replacement. If the update process was interrupted (e.g., by power loss) or the new firmware did not start correctly, the bootloader automatically performed rollback, restoring the previous, verified software version. This guaranteed 100% resistance to “bricking” devices in the field.

Network Communication: My work also included the communication layer for the OpenThread protocol, enabling the same secure updates within the local mesh network.

Result

The created security architecture enabled mass deployment of devices on highways and in cities, giving the client full guarantee of security and reliability of updates in the field. The solution effectively eliminated risks associated with physical hardware limitations (unencrypted UART), which was crucial for project success.

Technologies Used:

MCU: nRF52 / nRF91

System: FreeRTOS

Language: C++

Protocols: OpenThread, LTE-M (BG95)

Concepts: Secure OTA, Secure Boot, Rollback, Cryptography (Digital Signatures, Encryption), Security Architecture (Zero-Trust), Mesh Systems, UART

Domain: Smart City, IoT