Workshop Report: RFC 8240: Report from the Internet of Things Software Update (IoTSU) Workshop 2016
In his essay ‘The Internet of Things Is Wildly Insecure And Often Unpatchable’  Schneier expressed concerns about the status of software/firmware updates for Internet of Things (IoT) devices. IoT devices, which have a reputation for being insecure at the time when they are manufactured, are often expected to stay active in the field for 10+ years and operate unattended with Internet connectivity.
Incorporating a software update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts but there are challenges when using software updates, as the FTC staff report on Internet of Things – Privacy & Security in a Connected World  and the Article 29 Working Party Opinion 8/2014 on the on Recent Developments on the Internet of Things  express. Even providing such software update may provide challenges for constrained devices, as a buffer overflow vulnerability in the implementation of a software update protocol (TR69)  and an expired certificate in a hub device  demonstrated. On top of challenges there are various problems with privacy, lack of incentives to distribute software updates along the value chains, and questions about who should be able to update devices, and when, e.g. at or after the end-of-life of a product or component.
There are various (proprietary) software update mechanisms in use today and the details vary significantly, particularly depending on the envisioned use with IoT devices. More powerful IoT devices, such as those running general purpose operating systems (like embedded Linux), make use of sophisticated software update mechanisms known from the desktop and the mobile world. The focus of this workshop is, however, on more constrained embedded devices that run embedded OSs or potentially no operating system at all. These devices are typically not equipped with a memory management unit or similar concepts. Many of these devices also do not allow software packages to be downloaded to be run in a sandbox (such as a virtual machine) either.
We solicit contributions in the following areas:
- Protocol mechanisms for distributing software updates.
- Securing software updates.
- Meta-data about software / firmware packages.
- Implications of operating system and hardware design on the software update mechanisms.
- Installation of software updates (in context of software and hardware security of IoT devices).
- Privacy implications of software update mechanisms.
- Seeking input on experience and state-of-the-art.
- Implications of device ownership and control for software update.
Participation at the workshop is free of charge.
The IoTSU workshop is co-sponsored by the Internet Architecture Board and the Science Foundation Ireland funded CONNECT Centre for future networks and communications. The programme committee would like to express our thanks to Comcast for sponsoring the social event.
We won’t be having everyone present their submission. Instead, each of the session leaders will construct an agenda for the session with whatever they think is the right combination of presentation and discussion. We aim for at-most 15-20 minutes of presentation time for all sessions, with the rest being discussion. There is therefore no need to prepare any presentation material unless asked (or you just want to anyway:-) Feel free to contact the leader of the session with which your submission is associated to chat about that.
1030-1200, coffee, wifi, find seats, snack
1200-1215, welcome, leader: Stephen Farrell
1215-1230, brief introductions (roll call)
1230-1400, session I – experiences, leader: Hannes Tschofenig
- Paper 01: Housley, Position Paper for Internet of Things Software Update Workshop (IoTSU)
- Paper 10: Thomas, Incentivising software updates
- Paper 15: Zappaterra, Software Updates for Wireless Connected Lighting Systems: requirements, challenges and recommendations
- Paper 21: Zugenmaier, Updates in IoT are more than just one iota
- Paper 25: Plonka, The Internet of Things Old and Unmanaged
1430-1600, session II – requirements and constraints, leader: Russ Housley
- Paper 04: David Bosschaert, Using OSGi for an extensible, updatable and future proof IoT
- Paper 11: Acosta, The Future of IoT Software Must be Updated
- Paper 12: Hardie, Software Update in a multi-system Internet of Things
- Paper 14: Sparks, Avoiding the Obsolete-Thing Event Horizon
- Paper 18: Karkov, SW update for Long lived products
- Paper 19: Farrell, Some Software Update Requirements
- Paper 22: Chakrabarti, Internet Of Things Software Update Challenges: Ownership, Software Security & Services
- Paper 24: Kovatsch, Why Software Updates Are More Than a Security Issue
1630-1715, open discussion, planning day 2 unconference slot, leader Ned Smith
0900-0930, day 1 summary/day 2 agenda bash
0930-1045, session III – current solutions and designs, leader: Robert Sparks
- Paper 02: Grau, Secure Software Updates for IoT Devices
- Paper 06: Birr-Pixton, Electric Imp’s experiences of upgrading half a million embedded devices
- Paper 07: Groves, oneM2M device management and software/firmware update
- Paper 08: Smith, User Experience (UX) Centric IoT Software Update
- Paper 09: Fassino, Secure Firmware Update in Schneider Electric IOT-enabled offers
- Paper 17: Orehek, Summary of existing firmware update strategies for deeply embedded systems
1115-1230, session IV – unconference style, leader: Arnar Birgisson
1330-1430, session V – future solutions, leader: Carsten Bormann
- Paper 05: Smith, Toward A Common Modeling Standard for Software Update and IoT Objects
- Paper 13: Schmidt, Secure Firmware Update Over the Air in the Internet of Things Focusing on Flexibility and Feasibility
- Paper 16: Adomnicai, How careful should we be when implementing cryptography for software update mechanisms in the IoT?
- Paper 20: Prevelakis, Controlling Change via Policy Contracts
- Paper 23: Birkholz, IoT Software Updates need Security Automation
- Robert Bisewski, Comparative Analysis of Distributed Repository Update Methodology and How CoAP-like…
1500-1600, session VI – wrap up, plans, standards work, … leader: Stephen Farrell
1600-late, more beer/food for those remaining
We also got three late submissions that the TPC felt were worth including here. Those are:
- Arrko, Architectural Considerations with Smart Objects and Software Updates
- Jimenez and Ocak, Software Update Experiences for IoT
- Tschofenig, Software and Firmware Updates with the OMA LWM2M Protocol
You can download a tarball of all submissions. This is the June 7th snapshot. Updates are no longer being accepted. The original submissions are in this tarball.
Position papers must be submitted by 20th May 2016 at the latest.
The program committee will review submitted position papers and send an invitation to the workshop to one of the paper authors. Invitations will be distributed by May 23rd, 2016 at the latest.
This workshop will be a day and a half, and take place on the 13th and 14th of June, 2016.
Position Paper Requirements
Interested parties must submit a brief document. We welcome papers that describe existing work, raise new requirements, highlight challenges, write-ups of implementation and deployment experience, lessons-learned from successful or failed attempts, and ideally a vision on how to improve interoperability of software update mechanisms. Contributions are not required to be original in content.
We solicit brief write-ups of one to three pages, formatted as HTML, PDF, or plain text (for example as a submitted Internet Draft).
We will publish accepted position papers (as well as meeting minutes, slides, and a workshop report). Please submit your position papers via EasyChair
The planned location for the workshop is at Trinity College Dublin, Ireland. We will provide the full details of the meeting venue to the invited workshop participants. Smaller workshops tend to encourage focused conversation and deep dives on specific topics, so the number of participants will be limited to ~40 persons. For local information please contact Stephen Farrell.
As of now, we plan to meet in the Lloyd Institute in TCD. Room information will be emailed to folks.
There are a number of hotels nearby. We have not arranged any specific room rate or block booking so make your own bookings. We’ll be based in the east end of college, near Pearse Station and the Science Gallery (both good landmarks if you need directions). In no particular order, the hotels people usually use close to there are:
- The Davenport Hotel
- The Alexander Hotel
- The Mont Clare Hotel
- The Trinity Capital Hotel
- Buswell’s Hotel
There are also some B-and-B type things nearby but fewer than one might expect. Your favourite mapping/search engine can I’m sure help you out there, or there’s this. Anything south or west of college (nearer to Grafton Street or St. Stephen’s Green) is probably best if you care about being closer to shopping, pubs etc. Lastly, if you want to stay in student rooms in TCD, you can – it’s a good bit cheaper and fairly ok, though availability can be a challenge depending on what students are still about and what other conferences/meetings are happening.
The workshop will have no expectation of IPR disclosure or licensing related to its submissions.
You provide your name and your email address for the registration to this workshop. We use this information for planning purposes (such as finding rooms and ordering refreshments). We will also use this information to contact you about the location of the meeting venue, or other urgent and relevant notifications. Before the meeting minutes are publicly distributed, you will also receive a copy for review. We will share your contact details with the other workshop participants, if necessary, for example for post-workshop discussions. Your name and affiliation will be listed on the participant list contained in the workshop report.
This workshop is organized by:
- Stephen Farrell, IETF Security Area Director, Trinity College Dublin
- Arnar Birgisson, Google
- Ned Smith, IPSO Identity and Security Committee Chair, Intel
- Jari Arkko, IETF Chair, Ericsson
- Carsten Bormann, IETF CORE WG Chair, IRTF T2TRG Chair, TZI University Bremen
- Hannes Tschofenig, IETF ACE/OAuth Chair, ARM Ltd.
- Robert Sparks, IAB member/IETF STIR Chair, Oracle
- Russ Housley, IAB member/IETF STIR WG chair, Vigilsec.
You can send email to the TPC
 Bruce Schneier, “The Internet of Things Is Wildly Insecure And Often Unpatchable”, January 2014.
 FTC, “FTC Report on Internet of Things Urges Companies to Adopt Best Practices to Address Consumer Privacy and Security Risks”, January 2015.
 Article 29 Data Protection Working Party, “Opinion 8/2014 on the on Recent Developments on the Internet of Things”, September 2014.
 Lior Oppenheim and Shahar Tal, “Too Many Cooks – Exploiting the Internet-of-TR-069-Things”, December 2014.
 Brian Barrett, “Winks Outage Shows Us How Frustrating Smart Homes Could Be”, April 2014.