Secure over-the-air firmware updates of IoT devices

In a world where all software needs to be maintained for cybersecurity reasons, also software installed on devices with intermittent or even no connectivity have to be updatable in a reliable way. Moreover, in industries such as railway, many devices are kept as spare parts for years. These devices need to be made secure at first booth regardless of the years they lay in a customer warehouse. This talk will explain Televic GSPs approach to such challenging update requirements.

• short intro to Hydroko and HydroKonekt
• how to manage a firmware update of a very large number of devices 
• in-house developed software simulator for massive firmware updates 
• security aspects

• short intro to NB-IoT
• dealing with sub-optimal coverage of devices
• data rate, latency, duration, energy consumption
• encryption & signature

This talk addresses the problem that cellular IoT network reliability continuously fluctuates throughout the lifetime of an IoT device, resulting in variable energy costs per data transmission (particularly if retransmissions are needed). This can be exacerbated by unpredictable losses of connectivity and their associated power-hungry network rejoins. Since these reliability fluctuations have massive consequences in terms of total energy consumption, it is very difficult to predict the IoT device’s battery-lifetime and uphold long lifetime guarantees (cf. talks by Quicksand and Hydroko).
The presented solution offers a tiny but accurate power monitor (miniMaP) that runs locally on the IoT device and maintains a live energy profile throughout the device’s lifetime, while adding neglectable overhead.
Such an energy profile can be exploited by the IoT operating system to schedule IoT operations with energy consumption in mind (e.g. collect sensor data, transmit data, download large firmware images), adapt wake-up strategies, or tailor communication settings.

Initialising new IoT devices into the network is a tedious process – most of these devices run on small embedded platforms and lack the usual I/O interfaces present, and often rely on external hardware and equipment for configuration. This makes it a manual process, and incurs significant costs when scaled up. And more often than not, to account for scalability or cheap initialisation, security gets neglected. In our work, we have designed a solution for this commissioning problem for indoor environments which does not require significant human involvement. We show that it is possible to effortlessly and securely commission new devices into an existing network, using the signal strengths of the devices already present inside. We will show a short demonstrator of our solution in which we simulate an indoor environment, and demonstrate how we can securely initialise a legitimate device into the network. We do this, all without using any additional sophisticated devices, and thus only relying on commercially available devices.

• Demo 1 – Televic GSP:
  reliable and secure update flow for embedded IoT systems in railway
• Demo 2 – VUB-ETRO & KU Leuven – COSIC:
  drone setup for FPGA use case (demo of battery-powered lift-off) & microcontroller boards with TEE (trusted execution environments)
• Demo 3 – Hydroko & Quicksand:
  remote firmware update over NB-IoT of smart water meters
• Demo 4 – KU Leuven – DistriNet – Gent:
  observe how hackers can exploit vulnerabilities discovered in the Eufy smart doorbell ecosystem to infiltrate a home network in a demo session
• Demo 5 – VUB-ETRO & KU Leuven-DistriNet:
  secure programmability of IoT with Rust
• Demo 6 – KU Leuven – DistriNet – Leuven:
  a Nordic Semiconductor nRF9160 using the miniMaP scheme to provide in-situ power/energy consumption statistics for each thread running on the device along with the asynchronous activity of the cellular modem. These statistics will be streamed over UART to a connected laptop for viewing
  

An introduction to secure Firmware Updates Over-The-Air (FUOTA) over LoRaWAN, covering the following topics:

• An update on LoRaWAN and the evolution of the specifications
• FUOTA over LoRaWAN:
  • Challenges and corresponding standardized solution
  • FUOTA implementation incl. campaign management
  • Reference solutions in different vertical markets

In this talk, we present our research on “Benchmarking and Comparison of Security Analysis Tools” for IoT firmware. The growing integration of firmware analysis tools in the development pipelines of IoT manufacturers underscores the need to identify security vulnerabilities in embedded devices before they reach the market. Our study introduces B4IoT, a Linux-based platform that generates customized firmware benchmarks to evaluate static and dynamic security analysis tools. Through the evaluation of five state-of-the-art open-source tools, our findings highlight the gaps in current analysis capabilities, particularly in detecting issues related to specific protocols like MQTT and CoAP. This research aims to guide IoT developers in selecting and combining security tools to ensure comprehensive vulnerability detection in their devices.

Recently, manufacturers started to integrate more and more hardware assisted security mechanisms to counter the various attacks on IoT devices. In this presentation, we will discuss two concrete examples in which the exploitation of different types of hardware security on different types of devices is exploited. The first example deals with low-power microcontrollers having Trustzone on board, which ensures physical separation of secure and non-secure code. We discuss the challenges, layout, and performance of our open-source framework developed for Trustzone-assisted devices. The second example illustrates how publicly available implementations of the RISC-V architecture can be downloaded, tailored and implemented to meet processing requirements. Additionally, by implementing these implementations on FPGA, a scalable and completed device-attestation can be achieved.

Over-the-air (OTA) upgrades play an important role to ensure both the cost-effective operation and lifecycle of industrial internet-of-things (IIoT) solutions. Despite its importance, integrating OTA support typically introduces considerable complexities — impacting critical non-functional requirements like security, reliability, availability, and cost-effectiveness. In this talk, we discuss Rombit’s implementation of OTA support across its entire product range, shedding light on obstacles encountered and lessons learned.