mbed: Firmware updates for IoT and IETF SUIT Hackathon

See below blog for a few links to new projects.

Improving firmware updates for Internet of Things devices – the IETF SUIT Hackathon in Berlin/Germany
Last updated about 13 hours ago, by Hannes Tschofenig. Arm Research, hackathon

IoT devices commonly require security patches and updates to protect against known vulnerabilities. In this blog post Hannes Tschofenig highlights a recently-launched standardization effort in the Internet Engineering Task Force (IETF): the “Software Updates group for Internet of Things (SUIT)” working group. The report shares experiences from a Hackathon in Berlin, where several working group members met to work on code for firmware updates.

Working Group Formation and IETF London Hackathon

The Internet Engineering Task Force (IETF) met in London from March 17th – 23rd for the first face-to-face meeting of the IETF Software Updates group for Internet of Things (SUIT). The SUIT working group is chartered to develop firmware update solutions that can be implemented into Internet of Things (IoT) devices, especially microcontrollers with limited RAM and flash memory, such as 10 KiB RAM and 100 KiB flash. The focus of the group is simple: since many IoT devices require software updates to fix security vulnerabilities, the group will develop and standardize a secure approach to these updates. For IoT devices, this software update often comes in the form of a monolithic block, where the entire codebase running on the device, i.e. the firmware, is replaced in one shot.[…]

https://os.mbed.com/blog/entry/Firmware-updates-for-IoT-devices/

https://tools.ietf.org/html/draft-ietf-suit-architecture-00

/media/uploads/dirons/hackathon1.jpg

 

IETF draft-irtf-t2trg-iot-seccons: State-of-the-Art and Challenges for the IoT Security

State-of-the-Art and Challenges for the Internet of Things Security

The Internet of Things (IoT) concept refers to the usage of standard Internet protocols to allow for human-to-thing and thing-to-thing communication. The security needs for IoT systems are well-recognized and many standardization steps to provide security have been taken, for example, the specification of Constrained Application Protocol (CoAP) secured with Datagram Transport Layer Security (DTLS). However, security challenges still exist, not only because there are some use cases that lack a suitable solution, but also because many IoT devices and systems have been designed and deployed with very limited security capabilities. In this document, we first discuss the various stages in the lifecycle of a thing. Next, we document the security threats to a thing and the challenges that one might face to protect against these threats. Lastly, we discuss the next steps needed to facilitate the deployment of secure IoT systems. This document can be used by IoT standards specifications as a reference for details about security considerations applying to the specified protocol.

https://tools.ietf.org/html/draft-irtf-t2trg-iot-seccons-10

ARM IETF I-D changes from FUD to SUIT

Re: https://firmwaresecurity.com/2017/07/18/arm-ietf-id-on-iot-firmware-update-architecture/
It looks like the Internet Draft has changed from “fud” to “suit”:
https://tools.ietf.org/html/draft-moran-suit-architecture-00
The “fud” list is gone, and there is a new “suit” mailing list:
https://www1.ietf.org/mailman/listinfo/suit

A Firmware Update Architecture for Internet of Things Devices
draft-moran-suit-architecture-00
October 30, 2017

Vulnerabilities with IoT devices have raised the need for a solid and secure firmware update mechanism that is also suitable for constrained devices. Incorporating such update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts. This document specifies requires and an architecture for a firmware update mechanism aimed for Internet of Things (IoT) devices. The architecture is agnostic to the transport of the firmware images and associated meta-data. This version of the document assumes asymmetric cryptography and a public key infrastructure. Future versions may also describe a symmetric key approach for very constrained devices.

 

ARM IETF ID on IoT firmware update architecture

IETF Internet draft: draft-moran-fud-architecture-00:

A Firmware Update Architecture for Internet of Things Devices
July 18, 2017
Brendan Moran, Milosch Meriac, Hannes Tschofenig
ARM Limited

Vulnerabilities with IoT devices have raised the need for a solid and secure firmware update mechanism that is also suitable for constrained devices. Incorporating such update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts. This document specifies requires and an architecture for a firmware update mechanism aimed for Internet of Things (IoT) devices. The architecture is agnostic to the transport of the firmware images and associated meta-data. This version of the document assumes asymmetric cryptography and a public key infrastructure. Future versions may also describe a symmetric key approach for very constrained devices.

There’s a mailing list for FUD:

https://www1.ietf.org/mailman/listinfo/fud

https://tools.ietf.org/html/draft-moran-fud-architecture-00