Skip to main content
  • First annual IETF community survey

    The IETF is launching its first annual IETF community survey.

    • Jay DaleyIETF Executive Director
    7 May 2021
  • Deadline Extended for Applied Networking Research Workshop Paper Submissions

    The deadline for submitting papers for consideration for the ACM/IRTF Applied Networking Research Workshop 2021 (ANRW’21) has been extended to 5 May 2021.

    • Nick FeamsterANRW Program co-chair
    • Andra Elena LutuANRW Program co-chair
    20 Apr 2021
  • Proposed Process to Conduct Assessment Activity of IETF Administrative Support Activity

    After three years of operation, the IETF Administration LLC (IETF LLC) is preparing to conduct a complete assessment of the structure, processes, and operation of the IETF Administrative Support Activity (IASA 2.0) and the IETF LLC. Before beginning this work, we are soliciting community feedback on the proposed timeline and process we will use to conduct the retrospective.

    • Jason LivingoodIETF Administration LLC Board Chair
    12 Apr 2021
  • IETF Annual Report 2020

    The IETF Annual Report 2020 provides a summary of Internet Engineering Task Force (IETF), Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and RFC Editor community activities from last year.

    • Jason LivingoodIETF Administration LLC Board Chair
    • Lars EggertIETF Chair
    6 Apr 2021
  • IETF 110 Hackathon: The fruit of our labor

    I use the Internet almost every day. If you are reading this, you probably do too. The Internet provides access to information and to each other in ways that are ingrained in our daily routines and on which we rely for both work and play.

    • Charles EckelIETF Hackathon Co-chair
    2 Apr 2021

Filter by topic and date

Filter by topic and date

Patching the Internet of Things: IoT Software Update Workshop 2016

  • Pierre Pfister
  • Maciek Konstantynowicz

26 Jul 2016

“There’s a huge problem with the Internet of Things and we need to do something about it.” That was the invitation that brought participants to the Internet of Things Software Update Workshop (IoTSU) held at Trinity College, Dublin on June 13 and 14.

IOTSU

photo: Hannes Tschofenig

The “huge problem” with many IoT devices is that they are un-patchable, and if they cannot be patched, they cannot be made secure. The IoT is on a growth path that is quickly leading to the ubiquitous deployment of unattended devices throughout our homes, offices, factories, and public spaces. All of them, by definition, are connected to the Internet and hackers will eventually discover and exploit the vulnerabilities in these devices. When that happens, there must be a way to detect the intrusion and deploy software updates to fix the security flaws. This is a hard problem to solve and it has the attention of the IoT industry as well as that of the Internet Architecture Board (IAB) and the Science Foundation Ireland-funded CONNECT Centre who sponsored this workshop.

The workshop materials and raw minutes are here. An IAB report will be published in the near future.

The participants at the IoTSU workshop submitted nearly 30 papers on topics covering analysis of past incidents, current practices, and proposals for future standards. The organizers classified the papers and the participants discussed them during four sessions across two days. The following summarizes just a few topics from the workshop that I felt were particularly significant.

Problem Scope and Technical Constraints:
IoT devices are deployed on a range of hardware platforms, many of which are more highly constrained than others. At one end of the spectrum are the “System-On-Chip” devices with full memory management units (MMUs) running embedded Linux and full time access to mains power and a permanent Wi-Fi connection. At the other end of the spectrum are tiny “motes” connected via Low-Power and Lossy networks and required to run for years on battery power or harvest their own energy. The biggest software update challenges are with these highly constrained devices considering that all updates must be done securely and with zero risk of bricking the device. It seemed that most of the participants felt the greatest need was to first address the challenges at the lower end of this spectrum.

P6140623

Photo: Hannes Tschofenig

IoT as a Service:
When I buy a product, I have a certain set of expectations regarding ownership, control, and life expectancy for that product. An IoT device, however, is not a standalone product; it is highly dependent on the services it receives over the Internet and all of the technical, organizational, and policy infrastructure that underpin those services. Many of the IoT devices on the market are being sold today as products, and consumers are not always aware of the services those devices depend upon for their long term continued operation. Developers and vendors need to keep this perspective in mind when designing and marketing the IoT.

Full Lifecycle Requirements:
To properly address the challenges of the IoT software update problem, it is essential to consider the full lifecycle of the IoT device. This begins during manufacturing when the security credentials must be generated, allocated, and provisioned into the devices in a secure manner. It also incorporates the lifecycle of the device vendor who might be bought out or go bankrupt – we need to consider how to continue patching essential devices when the original manufacturer no longer exists. Finally, it ends with addressing various end-of-life scenarios such as how to decommission and recycle those devices that no longer can or should be supported.

Next Steps:

The workshop concluded with a discussion about next steps. For starters, the organizers will publish an official workshop report. The participants also supported the concept of publishing a document to capture the current best practices in the IoT industry relative to software update. Some also brought up the need to clarify the scope of the workshop activities in terms of whether the focus should be on constrained devices or to also include other platforms or even networks of connected devices such as those found in vehicles. There may also be the opportunity for future standards work such as recommendations for certain minimum hardware requirements to address the need for random number generation, real time clock, and memory to support multiple binary images during an upgrade.

The participants at the IoTSU workshop came together because of their common concern about issues that could potentially threaten the long term success of the IoT. It was a good mix of representatives from both industry and academia who willingly and openly shared their experience and expertise. I believe the workshop was a good first step towards working together to address the common challenges that we are facing as the IoT continues to grow.

Bob Ensink – Embedded Software Engineer, SpinDance; Adjunct Professor, Department of Engineering, Hope College


Share this page