While the IoT deployments multiply in a wide variety of verticals, the most IoT devices lack a built-in secure firmware update mechanism. Without such a mechanism, however, critical security vulnerabilities cannot be fixed, and the IoT devices can become a permanent liability, as demonstrated by recent large-scale attacks. In this paper, we survey open standards and open source libraries that provide useful building blocks for secure firmware updates for the constrained IoT devices-by which we mean lowpower, microcontroller-based devices such as networked sensors/actuators with a small amount of memory, among other constraints. We design and implement a prototype that leverages these building blocks and assess the security properties of this prototype. We present experimental results including first experiments with SUIT, a new IETF standard for secure IoT firmware updates. We evaluate the performance of our implementation on a variety of commercial off-the-shelf constrained IoT devices. We conclude that it is possible to create a secure, standards-compliant firmware update solution that uses the state-of-the-art security for the IoT devices with less than 32 kB of RAM and 128 kB of flash memory.
In rescue scenarios, real-time requirements are one key issue when using wireless sensor networks (WSNs) for tracking and monitoring of rescue forces. If a node detects an alarm condition, the alarm message must be delivered to the base station in time. To guarantee the timely delivery the whole system architecture has to fulfill real-time requirements. There are only a few real-time architectures which can be used for sensor networks. These architectures are too generic to comply with the other requirements of a WSN architecture, like RAM usage and energy awareness.In this paper, we present FireKernel, a real-time micro kernel designed for WSN operating systems with a special focus on hard real-time requirements and strict energy management. It offers a preemptive real-time scheduler, mutexes and synchronous message passing for interprocess communication (IPC). The scheduler is prioritybased and uses no periodical timers. As part of the kernel we introduce a tickless timer system. We have implemented and tested the kernel on MSP430 and ARM7TDMI based sensor nodes.We discuss the kernel's architecture, implementation and resource usage. Further, we present benchmark results for interrupt latency and energy consumption of the timer architecture.
The Internet of Things (IoT) connects a variety of small devices, via gateways, to the cloud. Use-cases often require IoT devices to run logic that is not pre-determined before deployment, and that must be updated during the life-time of the device. In this paper, we explore the potential of over-the-air scripting and updatable runtime containers hosting application logic on heterogeneous low-end IoT devices. Based on RIOT and Javascript, we provide a proof-of-concept implementation of this approach for a building automation IoT scenario. A preliminary evaluation shows our prototype runs on common off-the-shelf low-end IoT hardware with as little as 32kB of memory.
The Internet of Things (IoT) is rapidly evolving based on low-power compliant protocol standards that extend the Internet into the embedded world. Pioneering implementations have proven it is feasible to inter-network very constrained devices, but had to rely on peculiar cross-layered designs and offer a minimalistic set of features. In the long run, however, professional use and massive deployment of IoT devices require full-featured, cleanly composed, and flexible network stacks.This paper introduces the networking architecture that turns RIOT into a powerful IoT system, to enable low-power wireless scenarios. RIOT networking offers (i) a modular architecture with generic interfaces for plugging in drivers, protocols, or entire stacks, (ii) support for multiple heterogeneous interfaces and stacks that can concurrently operate, and (iii) GNRC, its cleanly layered, recursively composed default network stack. We contribute an in-depth analysis of the communication performance and resource efficiency of RIOT, both on a micro-benchmarking level as well as by comparing IoT communication across different platforms. Our findings show that, though it is based on significantly different design tradeoffs, the networking subsystem of RIOT achieves a performance equivalent to that of Contiki and TinyOS, the two operating systems which pioneered IoT software platforms.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.