Over-the-air software updates in the internet of things : an overview of key principles

Due to the fast pace at which IoT is evolving, there is an increasing need to support over-theair software updates for security updates, bug fixes, and software extensions. To this end, multiple over-the-air techniques have been proposed, each covering a specific aspect of the update process, such as (partial) code updates, data dissemination, and security. However, each technique introduces overhead, especially in terms of energy consumption, thereby impacting the operational lifetime of the battery constrained devices. Until now, a comprehensive overview describing the different update steps and quantifying the impact of each step is missing in the scientific literature, making it hard to assess the overall feasibility of an over-the-air update. To remedy this, our article analyzes which parts of an IoT operating system are most updated after device deployment, proposes a step-by-step approach to integrate software updates in IoT solutions, and quantifies the energy cost of each of the involved steps. The results show that besides the obvious dissemination cost, other phases such as security also introduce a significant overhead. For instance, a typical firmware update requires 135.026 mJ, of which the main portions are data dissemination (63.11 percent) and encryption (5.29 percent). However, when modular updates are used instead, the energy cost (e.g., for a MAC update) is reduced to 26.743 mJ (48.69 percent for data dissemination and 26.47 percent for encryption)

SecuCode: Intrinsic PUF Entangled Secure Wireless Code Dissemination for Computational RFID Devices

The simplicity of deployment and perpetual operation of energy harvesting devices provides a compelling proposition for a new class of edge devices for the Internet of Things. In particular, Computational Radio Frequency Identification (CRFID) devices are an emerging class of battery-free, computational, sensing enhanced devices that harvest all of their energy for operation. Despite wireless connectivity and powering, secure wireless firmware updates remains an open challenge for CRFID devices due to: intermittent powering, limited computational capabilities, and the absence of a supervisory operating system. We present, for the first time, a secure wireless code dissemination (SecuCode) mechanism for CRFIDs by entangling a device intrinsic hardware security primitive Static Random Access Memory Physical Unclonable Function (SRAM PUF) to a firmware update protocol. The design of SecuCode: i) overcomes the resource-constrained and intermittently powered nature of the CRFID devices; ii) is fully compatible with existing communication protocols employed by CRFID devices in particular, ISO-18000-6C protocol; and ii) is built upon a standard and industry compliant firmware compilation and update method realized by extending a recent framework for firmware updates provided by Texas Instruments. We build an end-to-end SecuCode implementation and conduct extensive experiments to demonstrate standards compliance, evaluate performance and security.Comment: Accepted to the IEEE Transactions on Dependable and Secure Computin

Improving the security of wireless sensor networks

With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become the main technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring system with the goal to improve the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our investigational environment. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect firmware in the MSP430 MCU chips. We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse engineer firmware and obtain copies of cryptographic keys. We contributed a solution to improve the BSL password and better protect firmware found in the MSP430 chips. The Secure-BSL software we contributed allows the randomization of the BSL password. Our solution increases the brute force time to decades. The impractical brute force time improves the security of firmware and prevents future reverse engineering tactics. In addition, our Secure-BSL software supports two-factor authentication that allows developers to specify a user-defined passphrase to further protect the MSP430 MCU. Our research serves as proof that any security implemented in a WSN environment is broken if an attacker has access to firmware found in sensor devices

An efficient scheme for applying software updates in pervasive computing applications

The Internet of Things (IoT) offers a vast infrastructure of numerous interconnected devices capable of communicating and exchanging data. Pervasive computing applications can be formulated on top of the IoT involving nodes that can interact with their environment and perform various processing tasks. Any task is part of intelligent services executed in nodes or the back end infrastructure for supporting end users’ applications. In this setting, one can identify the need for applying updates in the software/firmware of the autonomous nodes. Updates are extensions or patches significant for the efficient functioning of nodes. Legacy methodologies deal with centralized approaches where complex protocols are adopted to support the distribution of the updates in the entire network. In this paper, we depart from the relevant literature and propose a distributed model where each node is responsible to, independently, initiate and conclude the update process. Nodes monitor a set of metrics related to their load and the performance of the network and through a time-optimized scheme identify the appropriate time to conclude the update process. We report on an infinite horizon optimal stopping model on top of the collected performance data. The aim is to make nodes capable of identifying when their performance and the performance of the network are of high quality to efficiently conclude the update process. We provide specific formulations and the analysis of the problem while extensive simulations and a comparison assessment reveal the advantages of the proposed solution

Performance Evaluation of Energy-Autonomous Sensors Using Power-Harvesting Beacons for Environmental Monitoring in Internet of Things (IoT)

Environmental conditions and air quality monitoring have become crucial today due to the undeniable changes of the climate and accelerated urbanization. To efficiently monitor environmental parameters such as temperature, humidity, and the levels of pollutants, such as fine particulate matter (PM2.5) and volatile organic compounds (VOCs) in the air, and to collect data covering vast geographical areas, the development of cheap energy-autonomous sensors for large scale deployment and fine-grained data acquisition is required. Rapid advances in electronics and communication technologies along with the emergence of paradigms such as Cyber-Physical Systems (CPSs) and the Internet of Things (IoT) have led to the development of low-cost sensor devices that can operate unattended for long periods of time and communicate using wired or wireless connections through the Internet. We investigate the energy efficiency of an environmental monitoring system based on Bluetooth Low Energy (BLE) beacons that operate in the IoT environment. The beacons developed measure the temperature, the relative humidity, the light intensity, and the CO2 and VOC levels in the air. Based on our analysis we have developed efficient sleep scheduling algorithms that allow the sensor nodes developed to operate autonomously without requiring the replacement of the power supply. The experimental results show that low-power sensors communicating using BLE technology can operate autonomously (from the energy perspective) in applications that monitor the environment or the air quality in indoor or outdoor settings

Synchronous LoRa mesh network to monitor processes in underground infrastructure

Collecting precise real-time information on urban drainage system performance is essential to identify, predict, and manage critical loading situations, such as urban flash floods and sewer overflows. Although emerging low-power wireless communication techniques allow efficient data transfers with great above-ground performance, for underground or indoor applications in a large coverage range are difficult to achieve due to physical and topological limitations, particularly in dense urban areas. In this paper, we first discuss the range limitations of the LoRaWAN standard based on a systematic evaluation of a long-term operation of a sensor network monitoring in-sewer process dynamics. Analyses reveal an-on average-five-fold higher data packet loss for sub-surface nodes, which steadily grows with increasing distance to the gateway. Second, we present a novel LPWAN concept based on the LoRa technology that enhances transmission reliability, efficiency, and flexibility in range-critical situations through meshed multi-hop routing and ensures a precise time-synchronization through optional GPS or DCF77 long-wave time signaling. Third, we illustrate the usefulness of the newly developed concept by evaluating the radio transmission performance for two independent full-scale field tests. Test results show that the synchronous LoRa mesh network approach clearly outperforms the standard LoRaWAN technique with regard to the reliability of packet delivery when transmitting from range-critical locations. Hence, the approach is expected to generally ease data collection from difficult-to-access locations such as underground areas

Enhancing cryptographic protection, authentication, and authorization in cellular networks: a comprehensive research study

This research article provides an extensive analysis of novel methods of cryptographic protection as well as advancements in authentication and authorization techniques within cellular networks. The aim is to explore recent literature and identify effective authentication and authorization methods, including high-speed data encryption. The significance of this study lies in the growing need for enhanced data security in scientific research. Therefore, the focus is on identifying suitable authentication and authorization schemes, including blockchain-based approaches for distributed mobile cloud computing. The research methodology includes observation, comparison, and abstraction, allowing for a comprehensive examination of advanced encryption schemes and algorithms. Topics covered in this article include multi-factor authentication, continuous authentication, identity-based cryptography for vehicle-to-vehicle (V2V) communication, secure blockchain-based authentication for fog computing, internet of things (IoT) device mutual authentication, authentication for wireless sensor networks based on blockchain, new secure authentication schemes for standard wireless telecommunications networks, and the security aspects of 4G and 5G cellular networks. Additionally, in the paper a differentiated authentication mechanism for heterogeneous 6G networks blockchain-based is discussed. The findings presented in this article hold practical value for organizations involved in scientific research and information security, particularly in encryption and protection of sensitive data