Reliable Firmware Updates for the Information-Centric Internet of Things

TL;DR

This paper presents a system leveraging information-centric networking standards to enable reliable, secure, and efficient firmware updates in IoT networks, addressing challenges of constrained environments and ensuring integrity and resilience.

Contribution

It introduces a novel firmware update system based on IETF SUIT standards that supports secure, cascading roll-outs with DoS detection in low-power multi-hop IoT networks.

Findings

Feasible adaptive bandwidth strategies demonstrated.

High resilience to connectivity loss shown.

Effective DoS detection prevents malicious updates.

Abstract

Security in the Internet of Things (IoT) requires ways to regularly update firmware in the field. These demands ever increase with new, agile concepts such as security as code and should be considered a regular operation. Hosting massive firmware roll-outs present a crucial challenge for the constrained wireless environment. In this paper, we explore how information-centric networking can ease reliable firmware updates. We start from the recent standards developed by the IETF SUIT working group and contribute a system that allows for a timely discovery of new firmware versions by using cryptographically protected manifest files. Our design enables a cascading firmware roll-out from a gateway towards leaf nodes in a low-power multi-hop network. While a chunking mechanism prepares firmware images for typically low-sized maximum transmission units (MTUs), an early Denial-of-Service (DoS) detection prevents the distribution of tampered or malformed chunks. In experimental evaluations on a real-world IoT testbed, we demonstrate feasible strategies with adaptive bandwidth consumption and a high resilience to connectivity loss when replicating firmware images into the IoT edge.