Skip to Main content Skip to Navigation
Journal articles

Secure Firmware Updates for Constrained IoT Devices Using Open Standards: A Reality Check

Abstract : While IoT deployments multiply in a wide variety of verticals, most IoT devices lack a built-in secure firmware update mechanism. Without such a mechanism, however, critical security vulnerabilities cannot be fixed, and IoT devices can become a permanent liability , as demonstrated by recent large-scale attacks. In this paper, we survey open standards and open source libraries that provide useful building blocks for secure firmware updates for constrained IoT devices -- by which we mean low-power, microcontroller-based devices such as networked sensors/actuators with a small amount of memory, among other constraints. We design and implement a prototype that leverages these building blocks and assess the security properties of this prototype. We present experimental results , including first experiments with SUIT, a new IETF standard for secure IoT firmware updates. We evaluate the performance of our implementation on a variety of commercial off-the-shelf constrained IoT devices. We conclude that it is possible to create a secure, standards-compliant firmware update solution that uses state-of-the-art security for IoT devices with less than 32kB of RAM and 128kB of flash memory.
Document type :
Journal articles
Complete list of metadata

Cited literature [67 references]  Display  Hide  Download

https://hal.inria.fr/hal-02351794
Contributor : Emmanuel Baccelli <>
Submitted on : Wednesday, November 6, 2019 - 3:22:57 PM
Last modification on : Friday, April 30, 2021 - 10:00:50 AM
Long-term archiving on: : Saturday, February 8, 2020 - 6:28:22 AM

File

HAL-version.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Koen Zandberg, Kaspar Schleiser, Francisco Acosta, Hannes Tschofenig, Emmanuel Baccelli. Secure Firmware Updates for Constrained IoT Devices Using Open Standards: A Reality Check. IEEE Access, IEEE, 2019, 7, pp.71907-71920. ⟨10.1109/ACCESS.2019.2919760⟩. ⟨hal-02351794⟩

Share

Metrics

Record views

180

Files downloads

2886