The Internet of Things (IoT) today encompasses a vast array of devices, from consumer electronics to medical implants and industrial sensors [ 1–6 ]. As the number of IoT devices increases, so does the level of threats to them, especially when it comes to firmware modification, which is one of the key targets of attacks [ 7, 8 ]. Firmware modification or replacement can lead to loss of functionality, leakage of confidential data, or complete device takeover [ 9 ]. Ensuring firmware integrity is becoming a prerequisite for Secure Boot, but in practice its implementation is complicated by the limited resources of IoT devices, in particular limitations in terms of memory, processing power, and power consumption [ 10, 11 ].

Traditional cryptographic hash functions, such as SHA-2 or SHA-3, demonstrate high resistance to attacks, but their use in resource-constrained environments is of little use [ 12 ]. They consume a significant amount of RAM, require a powerful processor, and increase the overall boot time [ 13– 15 ]. These limitations have encouraged research groups to develop lightweight hash functions aimed at IoT needs, including SPONGENT, PHOTON, QUARK, and LESAMNTA-LW [ 16–18 ]. They allow for significant reductions in computational costs and power consumption while maintaining an acceptable level of resistance to cryptanalytic attacks.

Against the background of these limitations, there is considerable scientific interest in analyzing the possibility of using lightweight hash functions for integrity verification, as they are specifically designed for resource-constrained environments. Their application opens up new prospects for embedded systems, allowing for secure booting even where the use of classical algorithms is impractical or technically impossible.

Figure 1 presents a general diagram of a secure boot of an IoT device using a lightweight hash function, showing the main stages—storing a check hash, calculating the hash of the loaded firmware, and comparing the values before launching the main program.

The scheme clearly shows the sequence of actions: first, a reference hash value is read from non-volatile memory, then a hash of the current firmware version is calculated, after which both values are compared. In case of a match, the system proceeds to the next stage of loading, otherwise it blocks the loading or activates recovery procedures.

The specified scheme illustrates the key stages of implementing Secure Boot in an IoT device, emphasizing the role of the hash function as the central element responsible for verifying the authenticity of the loaded code. Importantly, this approach allows integrating the verification mechanism at the software level without the need for hardware crypto modules, while maintaining the limited amount of memory and low power consumption that are critical for autonomous sensor nodes, medical implants and other similar systems.

The aim of the research is to develop a method for verifying firmware integrity for IoT devices, based on the use of lightweight hash functions and taking into account the specifics of resourceconstrained environments, in particular, minimizing computational costs, memory, and power consumption while ensuring an appropriate level of cryptographic stability.

Providing Secure Boot in IoT devices has attracted considerable attention from researchers in recent years [ 19–21 ]. The main goal of Secure Boot is to ensure that only verified and authentic code is executed by the device during startup. According to [ 22 ], the principle of operation of Secure Boot is based on cryptographic verification of digital signatures or hash values of program code stored in the trusted memory of the device. Works [ 23, 24 ] demonstrate the implementation of such approaches based on microcontrollers with hardware support for cryptography, for example, Trusted Platform Module (TPM) or ARM TrustZone, however, these solutions are not suitable for low-end microcontrollers due to their high cost and power consumption.

Current methods for ensuring integrity in microcontrollers are mostly focused on a compromise between the level of security, computational costs and resource consumption. For example, [ 25 ] describes a software implementation of Secure Boot for STM32 microcontrollers, where the SHA-256 hash function is used to verify the integrity of the firmware. The results of the study showed that the use of SHA-256 allows for high cryptographic stability, but leads to an increase in the device boot time by 30–50% depending on the firmware size, and also requires a significant amount of RAM (several tens of kilobytes), which is critical for microcontrollers with limited RAM. The article [ 26 ] considers approaches to optimizing such solutions, including partial hashing, when only the most critical code segments are checked, or a phased integrity check per segment, which allows distributing the load on computing resources. However, the authors emphasize that such simplifications potentially create new attack vectors, for example, selective substitution of uncontrolled segments or attacking actions during intermediate checks.

The development of lightweight hash functions has become a separate research area, since they are specifically designed for use in embedded and sensor systems [ 27 ]. In [ 28 ], a classification of such functions by design approaches was carried out: sponge-constructions, Davies–Meyer block schemes and double-block Hirose. SPONGENT [ 29 ], which belongs to sponge-constructions, demonstrates a noticeable reduction in computational costs compared to SHA-2 due to the use of a compact state block and simple bitwise operations XOR, AND, ROT, which allows minimizing memory consumption to the level of 1–2 kB. PHOTON [ 30 ], built on the principle of Substitution– Permutation Network (SPN), combines a small hardware implementation area and resistance to the main types of attacks, such as differential and linear cryptanalysis, which is confirmed by numerous studies on ARM Cortex-M and AVR microcontrollers. QUARK [ 31 ], designed as a serialized stream cipher-like design, is particularly effective in scenarios with tight energy constraints, as it requires a minimum number of clock cycles per byte of data. LESAMNTA-LW [ 32 ] is positioned as a solution for ARM Cortex-M platforms, providing a balance between speed (due to extensive modular addition and permutation operations) and resistance to collisions and preimage attacks, while maintaining a small code size and low memory consumption.

Despite the presence of a significant amount of research, there are open problems that need to be solved. These include choosing the optimal hash function for specific IoT scenarios, mathematical modeling of the security-resources ratio, adapting Secure Boot for microcontrollers without hardware cryptography support, and providing protection against attacks at the physical level (e.g., fault injection). Recent advances in access control mechanisms emphasize the importance of integrating policy-as-code frameworks to enforce role-based and attribute-based access control, thereby enhancing the security of IoT environments [ 33 ]. Additionally, improvements in device identification and authentication accuracy through electromagnetic (EM) measurements provide promising avenues for strengthening hardware-level trustworthiness in constrained IoT devices [ 34 ]. Furthermore, the design of combined pseudo-random sequence generators, as well as generators based on mathematical constants such as ln 2, contribute to the development of lightweight and secure cryptographic primitives suitable for IoT firmware integrity verification [ 35, 36 ]. These approaches collectively support the enhancement of secure boot processes and firmware integrity validation under resource constraints. Further research should focus on finding methods that consider the balance between cryptographic robustness, hardware platform limitations, and practical time and power consumption requirements.

The proposed method for verifying the integrity of firmware in IoT devices is based on the concept of multi-level, weighted and context-dependent verification, which allows taking into account the heterogeneity of the importance of individual sections of the code, the hardware limitations of the device and the current mode of its operation. A feature of the method is that for each code segment, weight coefficients are determined that reflect its criticality for system security. The aggregated control value is formed on the basis of calculated local hashes taking into account these weights, which allows increasing the depth of verification for the most vulnerable components without a significant increase in the load on the system.

Unlike classic Secure Boot schemes, where a single hash value of the entire firmware is compared, the proposed method uses lightweight hash functions, for example, SPONGENT, PHOTON, QUARK or LESAMNTA-LW, which provide a balance between cryptographic stability and resource efficiency. This opens up the possibility of implementing integrity checking even on low-power microcontrollers, such as STM32F0, ESP8266, AVR, which have a limited amount of RAM (up to several kilobytes) and computing resources. The method takes into account not only memory limitations, but also minimizing power consumption, which is especially relevant for autonomous sensors, medical implants, IoT modules in power grids and transport systems.

A key element of the approach is the adaptive selection of the depth of the check depending on the state of the device, for example, the battery charge level, temperature regime or processor load. In scenarios with limited energy resources, a partial check mode is activated, where only the most critical segments are checked, while under normal conditions a full check is performed. This approach allows the IoT device to dynamically balance between protection and autonomy, maintaining the appropriate level of security in conditions of limited resources.

Additionally, the method involves the implementation of context markers (e.g., time tokens or session identifiers) that are integrated into the hashing process. This increases the system's resistance to replay attacks, since the verification is carried out not only on the basis of the code, but also taking into account the session context, which significantly complicates the preparation of fake firmware. The proposed approach combines the concepts of cryptographic robustness, resource efficiency, and adaptability, which allows it to be scaled for a wide range of IoT applications.

The algorithm of the proposed method for verifying the integrity of the firmware includes multi-level hashing with weighted aggregation, adaptive selection of the verification depth, and the use of context markers to protect against replay attacks. Let the firmware F be divided into segments F = {f 1 , f 2 , .. , f n}, each of which is assigned a weight coefficient wi, reflecting its n criticality, with ∑ w i =1.

i=1

The choice of an aggregation model based on weight coefficients is associated with the need to take into account the criticality of functional modules. The coefficients wi are formed based on a preliminary risk analysis, which takes into account the role of the segment in system security, the frequency of access to resources and the probability of attacks. This approach allows you to achieve a flexible balance between security and resource costs. where S ⊆ { 1 , … , n } is a subset of the most important segments selected by the criterion wi exceeds the set threshold value. The aggregation model is selected at the system configuration stage in accordance with the target usage scenario.

At the reference profile formation stage, the following is performed: 1.

Calculation of local hashes H ( f i ) for each segment using a lightweight hash function H ( x ), such as SPONGENT or PHOTON.

n 2. Formation of an aggregated hash value—H agg= ∑ wi ∙ H ( f i ). i= 1 3. Writing H agg to trusted non-volatile memory together with a time or session token T used as a salt value.

During device boot, the following is performed:

Calculation—H cagg= ∑

j ∈ C ( F ) binds hashing to the session token.

c e Compare H agg and H agg and make a decision (3).

Reading H cagg and T e from trusted memory.

Depending on the state of the device (e.g., battery level), determine the set C ( F ) ⊆ F to be tested.

e w j ∙ H ( f j ∨ T ), where ∨ is a concatenation operation that To form the aggregated control value, the weighted average aggregation model (1) is used.

where H i is the local hash value of the i-th segment, wi is its weighting factor, n is the number of segments. This scheme allows to increase the contribution of critical components to the final result, while reducing the influence of secondary modules. Alternatively, for devices with very tight constraints, it is possible to use a simple additive model (2).

, (1) (2) (3) D ( H cagg , H eagg)= {1 , if H cagg= H eagg .

e 0 , if H cagg ≠ H agg

The computational complexity of the algorithm for full verification is estimated as O ( n ∙ C H ), where n is the number of segments, C H is the average complexity of calculating the hash for one segment. For partial verification, which is activated when resources are reduced, the complexity decreases in proportion to the number of verified segments C ( F ) ∨ . This allows reducing the verification time by 30–60% depending on the selected configuration.

Particular attention is paid to the selection of optimal wi—for example, larger values are assigned to areas responsible for communications, hardware control, or secure data storage, while auxiliary modules (e.g., user interfaces) are given minimal weight. The method is focused on checking only static segments, i.e. parts of the code that do not change during execution. Dynamic modules that are loaded during operation are not covered by the current model and require separate solutions, such as digital signature verification or runtime integrity monitoring.

Figure 2 presents a flowchart of the algorithm, which demonstrates the process of multi-level validation, adaptive segment selection, and the use of session tokens. This algorithm allows for high scalability—it is suitable for both simple sensors and more powerful edge devices, where advanced cryptographic operations are available. The introduction of weighting factors and context markers increases resistance to attacks even in scenarios with limited energy and computing power.

If a mismatch in control values is detected, the device enters a protected mode, which involves blocking the launch of the main code, recording the event in the system log and, if possible, transmitting a message to an external monitoring system. For some categories of devices, for example, in medical applications, automatic activation of the firmware recovery mode with restoration of a previously saved valid firmware version is provided.

The results show that the proposed method of verifying the integrity of the firmware based on lightweight hash functions provides a significant reduction in verification time, memory usage, and power consumption compared to classical algorithms such as SHA-256. The effect of using partial hashing of critical segments is particularly noticeable, which allows reducing resource consumption by 30–60% depending on the configuration, while maintaining a high level of cryptographic stability.

The analysis showed that the use of a weighted average hash value aggregation model increases the sensitivity of verification to modifications of the most important components, while simple additive aggregation may be appropriate for scenarios with minimal resources. The introduction of session tokens significantly increases resistance to replay attacks, which is confirmed by experimental simulation.

Comparison with existing approaches described in the literature demonstrates the advantages of the proposed solution: in [ 25, 26 ], classic Secure Boot schemes based on SHA-256 provide a high level of protection, but are not adapted to microcontrollers with limited resources due to significant computational costs and memory size. In turn, partial hashing without weight analysis, as in [ 26 ], potentially opens up new attack vectors. The proposed method combines the advantages of lightweight hashing with adaptive selection of the check depth, which allows for a flexible balance between security and efficiency. At the same time, the method has certain limitations. The current implementation is focused exclusively on checking static firmware segments, while dynamically loaded modules remain outside its scope. For such components, it is advisable to use digital signatures or runtime integrity monitoring, which is planned to be investigated in future works. Another aspect is the integration of the proposed method into typical IoT device bootloaders, which may require additional optimization for specific hardware architectures. Overall, the results of the experimental evaluation confirm the high practical significance of the developed method for use in autonomous sensor systems, medical implants, smart energy modules, and transport IoT solutions, where not only the level of security, but also the efficiency of use of computing and energy resources is critical.

The paper develops and investigates a method for verifying firmware integrity for IoT devices that takes into account the specifics of environments with limited computing resources. The proposed approach combines the use of lightweight hash functions (SPONGENT, PHOTON, QUARK, LESAMNTA-LW), weighted average aggregation of hash values, and adaptive selection of verification segments depending on the current state of the device, for example, the battery level or processor load. The introduction of session tokens additionally enhances resistance to replay attacks, which is an important advantage compared to other existing solutions.

The results of experimental evaluation on different hardware platforms (STM32F072, ESP8266, ATmega328P) demonstrated a significant reduction in verification time, power consumption, and occupied RAM compared to classical algorithms such as SHA-256. The efficiency of partial hashing of critical segments allows for flexible adaptation of the verification to the limitations of a specific device, while maintaining high accuracy of modification detection. It is important to emphasize that the method can be scaled for different classes of IoT devices—from low-end sensors to edge platforms with advanced capabilities.

Prospects for further research include the development of mechanisms for checking dynamically loaded modules, integration with digital signatures, and research into the system's resistance to attacks at the physical level, in particular fault injection. A separate direction is the optimization of the software implementation of the method to minimize overhead and ensure compatibility with typical microcontroller loaders.

This research was funded by the Ministry of Education and Science of Ukraine under grant 0125U000637.

While preparing this work, the authors used the AI programs Grammarly Pro to correct text grammar and Strike Plagiarism to search for possible plagiarism. After using this tool, the authors reviewed and edited the content as needed and took full responsibility for the publication’s content. Also generative artificial intelligence tools were used exclusively for creating the diagram presented in Figure 5.