Biblio
Cyber-physical systems (CPS) and their Internet of Things (IoT) components are repeatedly subject to various attacks targeting weaknesses in their firmware. For that reason emerges an imminent demand for secure update mechanisms that not only include specific systems but cover all parts of the critical infrastructure. In this paper we introduce a theoretical concept for a secure CPS device update and verification mechanism and provide information on handling hardware-based security incorporating trusted platform modules (TPM) on those CPS devices. We will describe secure communication channels by state of the art technology and also integrity measurement mechanisms to ensure the system is in a known state. In addition, a multi-level fail-over concept is presented, ensuring continuous patching to minimize the necessity of restarting those systems.