ArticlePDF Available

Over-the-Air Software Updates in the Internet of Things: An Overview of Key Principles

Authors:
Jan Bauwens at Ghent University
Jan Bauwens
Peter Ruckebusch at Ghent University
Peter Ruckebusch
Spilios Giannoulis at imec
Spilios Giannoulis
Ingrid Moerman at imec - Ghent University
Ingrid Moerman
  • imec - Ghent University
Show all 5 authorsHide
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

Due to the fast pace at which IoT is evolving, there is an increasing need to support over-theair software updates for security updates, bug fixes, and software extensions. To this end, multiple over-the-air techniques have been proposed, each covering a specific aspect of the update process, such as (partial) code updates, data dissemination, and security. However, each technique introduces overhead, especially in terms of energy consumption, thereby impacting the operational lifetime of the battery constrained devices. Until now, a comprehensive overview describing the different update steps and quantifying the impact of each step is missing in the scientific literature, making it hard to assess the overall feasibility of an over-the-air update. To remedy this, our article analyzes which parts of an IoT operating system are most updated after device deployment, proposes a step-by-step approach to integrate software updates in IoT solutions, and quantifies the energy cost of each of the involved steps. The results show that besides the obvious dissemination cost, other phases such as security also introduce a significant overhead. For instance, a typical firmware update requires 135.026 mJ, of which the main portions are data dissemination (63.11 percent) and encryption (5.29 percent). However, when modular updates are used instead, the energy cost (e.g., for a MAC update) is reduced to 26.743 mJ (48.69 percent for data dissemination and 26.47 percent for encryption).
Figures - uploaded by Jan Bauwens
Author content
All figure content in this area was uploaded by Jan Bauwens
Content may be subject to copyright.
Content uploaded by Jan Bauwens
Author content
All content in this area was uploaded by Jan Bauwens on Feb 17, 2020
Content may be subject to copyright.
IEEE COMMUNICATIONS MAGAZINE 1
Over-the-Air Software Updates in the
Internet-of-Things: An Overview of Key Principles.
Jan Bauwens, Peter Ruckebusch, Spilios Giannoulis, Ingrid Moerman, and Eli De Poorter
Abstract—Due to the fast pace at which Internet-of-Things
(IoT) protocols and applications evolve, there is an increasing
need to support over-the-air software updates for security up-
dates, bug fixes and software extensions. To this end, multiple
over-the-air techniques have been proposed each covering a
specific aspect of the update process, such as (partial) code
updates, data dissemination and security. However, each tech-
nique introduces an overhead, especially in terms of energy
consumption, thereby impacting the operational lifetime of the
constrained battery powered devices. Up until now, a com-
prehensive overview describing the different update steps and
quantifying the impact of each step is missing in scientific
literature, making it hard to assess the overall feasibility of an
over-the-air update. To remedy this, our article (i) analyzes which
parts of an IoT operating system are most updated after device
deployment, (ii) proposes a step-by-step approach to integrate
software updates in IoT solutions, and (iii) quantifies the energy
cost of each of the involved step. The results show that besides
the obvious dissemination cost, other phases such as security also
introduce a significant overhead. For instance, a typical firmware
update requires 135.026mJ, of which the main portions are data
dissemination (63.11%) and encryption (5.29%). However, when
modular updates are used instead, the energy cost (e.g. for a
MAC update) is reduced to 26.743mJ (of which 48.69% for data
dissemination and 26.47% for encryption).
Index Terms—Internet-of-Things, Sensor networks, Over-the-
air software updates, Code dissemination, Update security, Net-
work management.
I. INTRODUCTION
THE Internet-of-Things (IoT) refers to the trend to include
small, cheap and/or energy efficient wireless radios in
everyday objects. Most of these IoT devices are constrained
in terms of processing power and memory storage to keep the
unit price low, as well as in terms of energy since they are
typically battery powered. IoT solutions are already digitizing
an increasing amount of functionalities of modern day society,
impacting application areas such as health care, surveillance,
agriculture, personal fitness, and home and industry automa-
tion. This trend will lead to a further increase in (i) the number
of devices per person and (ii) the number of devices per square
meter, thereby introducing the need for well designed and
maintainable IoT solutions.
However, the specific device limitations, fast technology
evolution and the increasing pace at which new devices are
rolled out in difficult to reach areas raise questions con-
cerning the long term sustainability of previously installed
IoT networks. For instance, security issues or bugs are often
All authors are with the departement of Information Technology - IDLAB
- Ghent University IMEC, Ghent, Oost-Vlaanderen, 9000, Belgium. e-mail:
fistname.surname@ugent.be (except jan.bauwens2@ugent.be).
detected post deployment, thereby hindering the operational
IoT network. Moreover, already deployed devices cannot take
advantage of new features and/or optimizations, or even adapt
to new application requirements. A recent industry study
showed that the frequency of field updates will significantly
increase in the upcoming five to ten years, even with the
possibility of monthly software updates [1].
Despite this increasing interest in over-the-air updates, sci-
entific literature discussing the impact of these updates on
energy consumption is limited. For example, [2] calculates the
energy cost for update data transmission, but ignores security
and reliable dissemination. Similarly, the operational impact of
software updates on code versioning are not discussed. This
paper offers a remedy by providing the steps required for
enabling over-the-air software updates, while discussing the
impact on constrained devices. For each of the steps, state-of-
the-art techniques are discussed and evaluated.
In summary, this article contains the following contributions
and insights:
An analysis concerning the distribution of software de-
velopment effort in different parts (applications, network,
core OS and platform) of widely used IoT operating
systems.
A comprehensive overview of the key steps in an over-
the-air update process is given, as well as an overview on
recent update approaches (firmware based, modular with
dynamic linking, modular with prelinking).
The energy overhead per phase is quantified, showing the
relative energy impact of the different deployment phases.
A discussion is provided on the impact of updates on
operational processes, such as the versioning approach
used for software modules.
Finally, the article lists future research directions that
could enhance the potential of over-the-air updates for
IoT devices.
II. ANALYSI NG U PDATE REQUI REM EN TS IN IOT
OPERATING SYSTEMS
It is important to recognize parts of IoT solutions which
evolve quickly and are hence more likely to require software
updates. Figure 1a depicts the wireless stack of a typical
sensor application, containing the software modules and their
interaction with the (non-upgradable) hardware modules. The
software modules are divided into four blocks: (i) sensor
and actuator application software (blue), (ii) network protocol
stack software (orange), (iii) operating system (OS) core
software (grey), and (iv) platform hardware driver software
IEEE COMMUNICATIONS MAGAZINE 2
(a)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
contiki
riot
openwsn
app (1) net (2) core OS (3) platform (4)
(b)
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
contiki
riot
openwsn
app (1) net (2) core OS (3) platform (4)
(c)
Fig. 1: Git commit statistics and memory usage of three operating systems for a typical IoT device. (a) The typical software components
IoT stack (and their interface towards the hardware), divided in application code (1), networking functionality (2), OS core functionality (3),
and platform specific code (4) (b) Relative memory size of the different components (%). (c) Relative Git commit statistics of the different
software components, indicating the percentage of code lines changed between OS software releases (between versions 2018-01 and 2018.04
for RIoT, versions RB1.4 and RB1.8 for OpenWSN, and versions REL3.1 and the master branch in august 2018 for Contiki).
(yellow). Contrary to traditional software systems, the ap-
plications running on constrained IoT devices are relatively
simple (i.e. sense or actuate) and therefore small in size. Most
logic resides in the various network protocols enabling end-
to-end communication with IoT devices. To demonstrate this,
the memory usage and Git commit history for each block is
calculated for different IoT operating systems on a Zolertia Re-
Mote, which is a typical constrained IoT device (ARM Cortex-
M3 32 MHz clock speed, 512 KB ROM and 32 KB RAM), as
depicted on Figure 1b and 1c (in %). The network protocol
stack comprises a significant portion of the firmware,
occupying between 50% and 72%. The complexity of the
network stack is the main reason for the larger code size.
This has a direct consequence on the development effort.
Moreover, since network protocol standards are frequently
added or updated, there is a continuous push to keep the code
up to date and include the latest features. This in contrast to
the core OS and platform code as illustrated in Figure 1c,
showing the Git commit statistics for two consecutive releases
of three different IoT operating systems. The statistics include
all code lines changed in the software modules required to
build a firmware of a typical sensor application on a Zolertia
Remote IoT device. Between 60% and 84% of the code
changes are related to the network protocol stack. The
rate at which new standards are being proposed seems to be
increasing, and therefore the wireless stack will likely not
achieve a completely “stable“ state in the near future [3].
Although an IoT network operator would be mostly inter-
ested to enable IoT application updates, Figure 1b demon-
strates that other code blocks actually comprise a larger portion
of the firmware, and are hence at higher risk of containing
bugs. Without network protocol updates, it is not possible
to guarantee an optimal performance during the operational
lifetime of the device. A sustainable IoT solution therefore
adopts a continuously running development process, taking
into account the rapid rate in which technology and business
requirements change. In this process, software updates are
essential in keeping an IoT solution up to date for the
following reasons:
Protocol and standard version updates, improving effi-
ciency.
Critical bug fixes and security updates, increasing avail-
ability and security.
New applications, providing additional functionalities;
Integration with third party IoT systems (hardware or
software), extending the scope.
Adopting new communication standards and protocols,
improving performance and interoperability.
However, because the network stack on constrained devices
is currently included in the OS, it can only be upgraded by
means of a full firmware update, consuming a substantial
amount of energy. Given its significance and the rapid change
rate, we argue that partial updates of a network stack should
also be possible, thereby lowering the energy cost for protocol
updates.
III. SOF TWAR E UPDATE PRO CES S
Next, we provide a step-by-step overview of the process
required to enable over-the-air software updates of the above
components in a secure and reliable manner. Figure 2 illus-
trates the sequence of interactions during a software update.
A network operator initiates this procedure by downloading
a new or updated module from a software repository. First,
during the “SW Module Management” phase, the code is
verified offline before being released. This phase includes
(i) a compilation step, automatically adding linker metadata
IEEE COMMUNICATIONS MAGAZINE 3
Fig. 2: Overview of the necessary steps to perform an over-the-air update. This process is split between (i) the management (compilation,
validation and verification), of the software modules, and (ii) the secure software rollout process.
to the resulting binary module; (ii) a compatibility analy-
sis step, checking compatibility with the already deployed
modules maintained in a binary module repository; (iii) a
functional verification step, verifying the new/update module
in a simulation or digital twin network mirroring the actual
network. On successful completion of the first phase, the
“secure software rollout” phase can commence, which includes
(i) a security step, encrypting and signing the binary module;
(ii) a dissemination step, transferring the binary module to
the devices; (iii) an activation step, simultaneously installing
and making operational the binary module, and when needed
safely rolling back the update on all devices in case of failure.
Each of these steps is discussed in more detail in the next
sections.
IV. PHA SE 1: SOFTWARE MODULE MANAGEMENT
Updating the software on a remote wireless device is error
prone: due to unforeseen code interactions the updated code
might decrease the performance rather than improve the per-
formance of a network, or even result in unstable operations.
This could necessitate a rollback to a previous stable version.
Since a wireless update is an intensive process in terms of
medium usage, computational overhead and energy consump-
tion (see Section V), it is important to automatically assess
the validity of the update upfront, before actually performing
the change and possible wasting valuable resources. For this
purpose, a network operator will first pass the software mod-
ules to the SW module management services which include
three distinct steps, each explained further in the remainder of
this section: (i) module compilation, (ii) compatibility analysis
checking the compatibility of software module versions, and
(iii) qualitative predeployment analysis using a digital twin
network or a sandbox. If all these steps are successfully
completed, the network operator can initiate the secure rollout
of the software module, explained in the next section.
A. Software Module Compilation
Module compilation ensures that new or updated software is
transformed from source code into an efficient binary format
that can be distributed to a running system. Three different
over-the-air software compilation methods are available for
constrained devices as discussed in [2]:
Firmware based approaches replace the entire image. All
source code is compiled into a single image and installed
on each device. If an update is required, a new image
must be compiled and distributed to all devices. Binary
differential patching techniques (e.g. sending only the
firmware differences) can be used in order to reduce the
size of the image that needs to be transferred.
Dynamic linking approaches require a linker on the
constrained device to install or update software modules
in an active system. The linker relocates code (data)
section to the allocated ROM (RAM) memory regions and
resolves undefined references to already present modules.
Prelinking approaches offload the task of the dynamic
linker to a more powerful server. An offline linker
relocates and resolves undefined references before the
modules are disseminated to the devices. This approach
requires complete knowledge of the code and data mem-
ory location of each module installed on each device.
The latter two approaches, that is dynamic and prelinking,
are modular and can be further categorized by their binding
models [4], defining how code blocks are linked post deploy-
ment to the external functionality (functions, shared memory,
etc.) provided by other modules:
A linker that uses a strict binding model statically links
code blocks to each other, replacing undefined symbols
in one code block with the correct physical address of
another code block. Because the physical addresses are
hardcoded in memory, it is practically impossible to relink
modules after installation if other modules are updated.
A linker that uses a loosely coupled binding model
employs an indirect function call mechanism and jump
tables to redirect function calls between code blocks. By
manipulating the jump tables, it is possible to update code
blocks in the entire firmware even after installation. This
comes at the cost of an increased complexity for jump
table management and extra memory usage.
IEEE COMMUNICATIONS MAGAZINE 4
The choice of the update method and binding model has
a considerable impact on the possible update scenarios (e.g.
which code blocks can be updated) and the cost of the update
in terms of bandwidth, latency and energy:
Firmware updates allow to replace the entire code base
but requires most bandwidth and, consequently, energy.
The latency is also very high, especially because a reboot
is required, potentially losing running network state.
In all cases, prelinking outperforms dynamic linking
because the resulting binary is smaller. This comes at the
cost of additional computational complexity and requires
that all devices have exactly the same firmware.
A strict binding model only allows to update/add ap-
plication level code blocks (i.e. blue part of Figure 1a)
while a loosely coupled binding model [4] can update
all code blocks, for example when including the network
protocols.
B. Compatibility analysis
Because software modules are often developed indepen-
dently of each other, some versions could prove incompatible
with each other, leading to a degraded or broken network. As
such, a versioning system needs to verify the compatibility
of the different software modules. In case modular software
updates are supported (e.g. only a single protocol or applica-
tion is updated), the compatibility check system should also
be applied on a module level.
This validation process can be split up into several subpro-
cesses (see Figure 3). First, a compatibility check verifies if the
software module can run on the target hardware platform. This
is denoted as ‘platform compatibility’. Second, compatibility
between the different software modules installed on a single
device is checked. This process is referred to as ‘inter-module
compatibility’. Last, the ‘network compatibility’ ensures that
multiple versions of the same software module can co-exist
within the same network (e.g. multiple versions of IPv6 on
different devices).
On traditional component upgradable software systems,
such as OSGi [5], only inter-module compatibility is included.
This is not sufficient when applying the partial update methods
described in the previous section because single network layers
can be updated separately. For instance, an updated MAC
layer could rely on information exchanges (e.g. enhanced
beacons in the IEEE-802.15.4 TSCH mode) that are not
yet available in older versions of the PHY layer, rendering
the new MAC version incompatible with the previous PHY
version. To counter this, the central management server keeps
track of the software version(s) installed on each device and
ensures compatibility. A possible approach utilises a matrix
for keeping track of compatibility, for which an example is
shown in Figure 3. This compatibility matrix can be updated
by performing tests ranging from static code verification, over
simulations, to analysis in a real life deployment.
C. Pre-deployment behavioral verification
While the previous verification step primarily focuses on
compatibility of software versions, this section describes a
Fig. 3: An example matrix showing the compatibility between devices
and network layers. For every combination, a test suite should
perform interaction tests in order to verify the compatibility of the
version combination.
methodology to also investigate if the update actually improves
the network performance and stability. This is necessary be-
cause, contrary to typical software systems, a software update
in constrained IoT networks reduces the battery lifetime and
cannot be easily reverted. A qualitative analysis provides in-
sights in the network operation and verifies the impact on both
the node local and network wide Quality of Service (QoS) after
the update. It can unveil issues that were not detected during
the compatibility analysis using the compatibility matrix. For
instance, it checks if the throughput and latency requirements
are still fulfilled. This new information can also be used to
extend the compatibility matrix.
There are a number of ways in which a qualitative analysis
can be performed. A sandbox or testbed enables testing the
software in a controlled environment on real hardware [6].
While this gives accurate information on a node local level, it
is notoriously hard to verify network wide interactions since a
sandbox is different from the actual environment. To overcome
this, often a network simulator is used (e.g. CupCarbon, Cooja,
OMNeT++, NS-3, QualNet, etc. [7]). This can provide a
network wide view on the overall QoS, although the results
are always an estimation based on a particular channel model.
A simulated virtual environment can be further enhanced
using the digital twin concept, used primarily in the context of
manufacturing and warehousing [8]. The digital twin mimics
the behaviour of real physical objects, allowing to test new
solutions and business processes in a non-invasive manner.
In the context of over-the-air updates, a digital twin mimics
a network of interacting IoT devices containing all node
types and software combinations of the real life deployment.
Moreover, the simulated environment is continuously updated
with information retrieved from the actual network, improving
the simulation model. If the digital twin network behaves as
expected after the update, the network operator can initiate the
IEEE COMMUNICATIONS MAGAZINE 5
Fig. 4: Energy consumption of the different steps of the over-the-
air update process for two update methods: a firmware update (full
stack) and partial updates (MAC layer). All results are shown on a
logarithmic scale.
actual software rollout as described in the next section.
V. PH AS E 2: SE CU RE SO FT WAR E ROLL OU T
After validating the correctness of an upcoming software
update, still several steps need to be taken in order to complete
the update. Minimally the deployment sequence includes: (i)
securing and authenticating the data transfer, (ii) disseminating
the software update module(s), and (iii) installing the software
module(s) on all devices and coordinating a simultaneous
activation. Note that each step introduces a non-negligible
overhead in terms of device memory, network traffic and
power consumption. This could drain the batteries, decreasing
the operational lifetime of the constrained wireless devices.
Therefore a trade-off should be made comparing the (possible)
performance gains with the overhead of the update. To gain
further insights regarding the overall energy cost of each step,
the energy consumption has been measured on a typical IoT
device (Zolertia Remote) for both a modular as well as a
full firmware update, as shown in Figure 4 and detailed in
the next subsections. The results were obtained by using the
model for data dissemination and installation cost as defined
in [2] and combined with extra measurements concerning the
various security techniques. The aforementioned results were
determined for a single hop topology and do not take into ac-
count possible packet loss and/or retransmissions. The energy
consumption was calculated only for the battery-powered end
devices. Overall, a typical full firmware update requires
about 135.026mJ, while a modular update only requires
26.743mJ.
A. Software update security
While wireless updates can be used to fix security vulner-
abilities, the update process can also open possible exploits
and enable malicious control over the software stack. Several
techniques have been proposed in order to secure over-the-air
updates in Wireless Sensor Networks (WSN), or data dissem-
ination in general. For example, the authors of [9] analyzed
how a data transfer can occur while maintaining the four major
security aspects: confidentiality, integrity, authentication and
availability. The software updates are typically provided by
the manufacturer or the local network operator.
Although security is clearly beneficial, the impact on the
device functionality as well as network performance should not
be underestimated. The remainder of this section will elaborate
which security measures are feasible and will quantify the
overhead for the constrained end devices. These end nodes
typically have to verify the origin of the software update, and
decrypt the packet contents.
In order to verify the data integrity and origin of traffic,
a hash based message authentication code (HMAC) can be
appended to each data packet. However, HMAC is commonly
used with SHA-256, which requires 32 bytes per packet or
25% of the 127 bytes IEEE802.15.4 Maximum Transmission
Unit (MTU). Figure 4 (third column) shows the measured
energy consumption for data integrity and authentication,
requiring 6.641 (42.690) mJ for a modular update (full
firmware update), which accounts for 24.83% (31.62%) of
the total energy consumption. The HMAC packet overhead is
the main reason for the high energy cost of authentication and
data integrity, while the computational overhead for calculating
the HMAC only constitutes to ±0.01% for both methods. The
energy cost can be drastically lowered by appending a single
HMAC for the entire update file on the last packet. On the
other hand, this disables the possibility to verify data integrity
on a per packet basis.
Besides authentication and data integrity, confidentiality is
an equally important security aspect. Two flavours of data
encryption methods exist: symmetric key encryption (e.g.
AES), and asymmetric encryption (e.g. RSA or ECC). In gen-
eral, symmetric key encryption is faster then the asymmetric
counter part. For instance, on the IEEE 802.15.4 CC2538
radio chip it takes 3.4ms to decrypt a full firmware upgrade
of 24012 bytes using AES-256, while the same decryption
takes 12606.3ms using RSA-1024. On the other hand, sym-
metric keys offer less security, since the shared key enables
unauthorized network access when compromised. Also using
multicast traffic in combination with asymmetric encryption
is difficult to realise, since all data recipients should have
the same decryption key requiring a key sharing protocol.
Therefore it is not feasible to solely rely on either symmetric
or asymmetric encryption to guarantee confidentiality.
In order to achieve a high level of security with a decreased
energy cost and a lower computational overhead, it is ad-
vised to combine both methods. For instance, the Datagram
Transport Layer Security (DTLS) standardized protocol [10]
implements a combination of the two previously described
approaches. During the initial device bootstrapping, server and
clients exchange certificates containing their public key. Per
software update a new symmetric session key is generated,
which is subsequently asymmetrically encrypted and trans-
mitted via a ‘Server Key Exchange‘. Any further over-the-
air traffic, related to the current software update, is encrypted
using this session key. This mechanism offers the advantages
of (i) minimizing the consequences of a compromised sym-
metric encryption key; (ii) enabling multicast during over-
the-air update; and (iii) offering a good trade-off between
IEEE COMMUNICATIONS MAGAZINE 6
performance and security. Summarizing the above results,
when using DTLS like approaches, encryption still requires
a significant amount of energy: 7.080mJ for a modular
update and 7.101mJ for a full firmware update. Compared
to the total update cost this accounts to 26.47% and 5.29%
respectively.
B. Code dissemination
Before the installation of a software update, it must be
possible to guarantee successful dissemination of the update to
all devices in the network. Several techniques were proposed,
as surveyed in [11]. They focus on minimal energy consump-
tion by applying efficient broadcast schemes and try to avoid
flooding the network. More recently, with the rise of low power
wide area networks, operating in the duty cycle restricted
unlicensed sub-GHz bands, novel techniques [12] have been
proposed to overcome the duty-cycle restrictions imposed
by regulatory bodies such as FCC and ETSI. Dissemination
techniques that rely on unicast transmission schemes cannot
be applied in large scale networks due to these restrictions.
For networks with such limitations, coordinated multicast
techniques [13] should be applied that can initiate a over-the-
air update session on groups of devices [14].
In most cases, software updates exceed the MTU of packets,
hence fragmentation is required. A software dissemination
protocol must make sure that all devices receive the entire
update file. This process does not tolerate any lost packets
or bit errors, as this results in corrupted binary code. To
overcome this problem efficiently (e.g. with minimal impact on
energy and latency), special measures such as block (N)acks
and caching on intermediate devices in case of a multi-hop
topology are required. Especially when employing multicast
dissemination, retransmissions should also be grouped and
multicasted to reduce overhead.
Figure 4 shows the energy usage for the constrained wireless
end devices during an over-the-air operation. A large portion of
the overall energy usage can be accounted to the dissemination
(yellow column), especially when considering that the HMAC
message overhead (gray column) is calculated separately. Also
notable are the differences between full firmware and modular
updates. Overall, dissemination costs 13.020 (85.219) mJ
for a modular (full firmware) update. Relative to the
total energy cost of the update, this constitutes to 48.68%
(63.11%).
C. Software module installation and activation
After disseminating the update, the software must be in-
stalled and subsequently activated on all IoT devices. The
installation procedure is different for each of the update
methods (i.e. firmware based, dynamic linking and prelinking)
as discussed earlier in Software Module Compilation. The
installation starts as soon as the server notifies that all devices
have received and verified the complete update file. The result
of this process is reported back to the server after which it
can initiate the activation procedure.
Activating software on a group of networked devices should
happen simultaneously, especially when concerning network
functionality. A failed or delayed activation on one or more
devices could introduce protocol inconsistencies, resulting in
network connectivity issues. Even worse, if the connection
between the server and (some) end devices is completely
broken, it is even not possible to fix the issues remotely. This is
also the reason why automatic rollback mechanisms should be
incorporated, forcing devices to restore the previous software
version, either when demanded by the server, or when the
connection to the server has been lost.
Figure 4 demonstrates that the installation and activation
overhead is negligible, as installing only requires copying the
relevant sections to RAM or ROM. Note that when using
a dynamic linker on the device, a small portion of CPU
overhead is added. Overall installing and activating an
update requires 0.002 (0.017) mJ for a modular (full
firmware) update, constituting only ±0.01% of the overall
energy cost for both methods.
VI. FUTURE RESEARCH DIRECTIONS
When IoT systems become more mature, their ecosystems
grow, often attracting third party developers that want to
add custom software. This is a natural evolution that helps
extending software systems beyond its originally intended
scope. This will put forward many challenges that need to
be tackled properly before IoT networks are truly sustainable.
(i) The trustworthiness of third party code needs to be ver-
ified. Verifying the origin of a software update is therefore
important. (ii) The solutions which are offered by this (and
other) article(s) do not take into account the existence of
multiple owners or owner groups, which has a deep impact
on the properties of secure software dissemination protocols.
(iii) Code isolation techniques should be developed in order
to prevent attacks from inserting malicious code. This will
have an impact on run-time performance and memory require-
ments. (iv) Recent software-defined-radio (SDR) platforms
also allow partial updates of Field-Programmable Gate Array
(FPGA) functionality. By combining both micro controller
and SDR reprogramming, the entire network stack, including
the physical layer, becomes upgradable. (v) The recent trends
towards software defined networking (SDN) approaches and
virtualization, allows networks to inject new network rules into
the application layer, thereby influencing lower layer protocol
behaviour. These approaches could be extended by injecting
not only rules, but even full software components or new
network stacks at the application layer. (vi) An edge/fog-based
architecture could be used to to more efficiently disseminate
update data to the end devices, minimising the impact on the
network.
VII. CONCLUSIONS
In the fast growing world of the Internet-of-Things, net-
works are deployed in increasingly diverse application do-
mains, ranging from smart homes to Industry 4.0 factories.
Most IoT devices are constrained in terms of energy, memory
and processing power. In order to make IoT solutions truly
sustainable, it is necessary to periodically update (parts of) the
software post deployment. This article gave a comprehensive
IEEE COMMUNICATIONS MAGAZINE 7
overview of the principles, necessary to implement a secure
and efficient over-the-air software update mechanism, resulting
in a step-by-step approach as summarised in Figure 2.
Two distinct phases were identified: (i) the software mod-
ule management phase, and (ii) the secure software rollout.
The first phase is performed completely offline, in order to
minimise the impact for the deployment network. Using the
combination of a compatibility matrix and digital twin network
it is possible to identify bugs, version incompatibilities or
performance issues even before the update is executed. The
second phase elaborated on the eventual rollout of the software
modules to the devices, quantifying the energy overhead per
step (symmetric/asymmetric encryption, authentication, data
integrity, data dissemination, installation, and activation) as
can be seen in Figure 4. The results show that beside the
obvious dissemination cost, the other steps also introduce
a significant overhead especially for modular updates (i.e.
51.31% vs. 36.89% for a full firmware update). The use of
HMAC for data integrity and authentication, and the use of
ECC for (a single) encryption occupy the main portion of this
overhead.
To conclude, using this step-by-step approach, it is possible
to improve the sustainability of IoT solutions and calculate the
possible overhead upfront. The results obtained in the second
phase allow a network operator to estimate the cost of either
a modular or a full firmware update in terms of energy. This
enables the operator to make a trade-off between this cost and
the impact on the performance after the update. Moreover, the
digital twin network, included in the first phase, can be used
to evaluate the potential performance gains as well upfront.
ACKNOWLEDGMENT
This work was partially supported by the FWO SBO
IDEAL-IoT project (S004017N), the FWO EOS MUSE-
WINET project (G0F4918N), and the H2020 ORCA project
(732174).
REFERENCES
[1] H. Guissouma et al., “An empirical study on the current and future chal-
lenges of automotive software release and configuration management,” in
Euromicro Conf. on Software Engineering and Advanced Applications.
IEEE, 2018, pp. 298–305.
[2] P. Ruckebusch et al., “Modelling the energy consumption for over-the-
air software updates in lpwan networks: Sigfox, lora and ieee 802.15.
4g,” Internet of Things, vol. 3, pp. 104–119, 2018.
[3] J. C. Cano et al., “Evolution of iot: An industry perspective,” IEEE
Internet of Things Magazine, vol. 1, no. 2, pp. 12–17, 2018.
[4] P. Ruckebusch, E. D. Poorter, C. Fortuna, and I. Moerman, “Gitar:
Generic extension for internet-of-things architectures enabling dynamic
updates of network and application modules,” Ad Hoc Networks, vol. 36,
pp. 127–151, 2016.
[5] P. Brada and J. Bauml, “Automated versioning in osgi: A mechanism
for component software consistency guarantee,” in Euromicro Conf. on
Software Engineering and Advanced Applications, 08 2009, pp. 428–
435.
[6] S. De et al., “Test-enabled architecture for iot service creation and
provisioning,” in The Future Internet Assembly. Springer, 2013, pp.
233–245.
[7] M. Chernyshev et al., “Internet of things: Research, simulators, and
testbeds,” Internet of Things Journal, pp. 1637–1647, 2017.
[8] W. Kritzinger, M. Karner, G. Traar, J. Henjes, and W. Sihn, “Digital
twin in manufacturing: A categorical literature review and classification,
IFAC-PapersOnLine, vol. 51, no. 11, pp. 1016–1022, 2018.
[9] F. Doroodgar, M. A. Razzaque, and I. F. Isnin, “Seluge++: A secure
over-the-air programming scheme in wireless sensor networks,Sensors,
vol. 14, no. 3, pp. 5004–5040, 2014.
[10] S. L. Keoh, S. S. Kumar, and H. Tschofenig, “Securing the internet of
things: A standardization perspective,IEEE Internet of Things Journal,
vol. 1, no. 3, pp. 265–275, 2014.
[11] X.-L. Zheng and M. Wan, “A survey on data dissemination in wireless
sensor networks,” Journal of Computer Science and Technology, vol. 29,
no. 3, pp. 470–486, 2014.
[12] L. Cheng et al., “Towards minimum-delay and energy-efficient flooding
in low-duty-cycle wireless sensor networks,Computer Networks, vol.
134, pp. 66–77, 2018.
[13] B. Kim and K.-i. Hwang, “Cooperative downlink listening for low-power
long-range wide-area network,” Sustainability, vol. 9(4), p. 627, 2017.
[14] J. Toussaint, N. El Rachkidy, and A. Guitton, “Performance analysis
of the on-the-air activation in lorawan,” in Information Technology,
Electronics and Mobile Communication Conf. IEEE, 2016, pp. 1–7.
Jan Bauwens (jan.bauwens2@ugent.be) received
his B.Sc. and M.Sc. Engineering in Computer Sci-
ence from Ghent University. Since 2015 he has
been a Ph.D. student at Ghent University as part
of the Internet Technology and Data Science Lab
(IDLAB) research group. He has been participating
in several European and national research projects.
His research topic is concentrated around flexible
MAC development in Internet-of-Things networks.
Peter Ruckebusch (peter.ruckebusch@ugent.be)
received his M.Sc. in computer science from
Hogeschool Ghent Faculty Engineering, Belgium.
Since 2011 he has been a Ph.D. student at the
University of Ghent, IMEC, IDLab, in the Depart-
ment of Information Technology (INTEC). He has
been collaborating in several national and European
projects. His research topics are situated in the low
end of IoT, mainly focusing on reconfigurability
and reprogrammability aspects of protocol stacks for
constrained devices in IoT networks.
Spilios Giannoulis (spilios.giannoulis@ugent.be)
received his M.Sc in electrical and computer engi-
neering (2001) and Ph.D. (2010) from the University
of Patras. Since 2015 he has been a postdoctoral
researcher at the University of Ghent, IMEC, IDLab.
He is involved in several EU projects. His main
research interests are mobile ad hoc networks, wire-
less sensor networks, especially flexible and adaptive
MAC and routing protocols, QoS provisioning, and
cross layer and power aware architecture design as
well as dynamic spectrum access techniques.
Ingrid Moerman (ingrid.moeman@ugent.be) re-
ceived her M.Sc. in electrical engineering (1987)
and Ph.D. (1992) from the University of Ghent,
where she became a part time professor in 2000.
She is a member of IDLab-UGent-IMEC, where
she coordinates research on mobile and wireless
networking. Her research interests include IoT, LP-
WAN, cooperative networks, cognitive radio net-
works and flexible architectures for radio/network
control and management. She has long experience
in coordinating national and EU research projects.
Eli De Poorter (eli.depoorter@ugent.be) received
his M.Sc (2006) in computer science engineering
and Ph.D. (2011) from the University of Ghent. He is
now a professor at INTEC, University of Ghent. He
is currently also coordinating several national and
international projects. His main research interests
include wireless network protocols, network archi-
tectures, wireless sensor and ad hoc networks, future
Internet, self learning networks, and next generation
network architectures.
... Likewise, new approaches involving the use of an extra recovery layer containing order tables for rollback purposes were proposed in the field of distributed systems [5] [8]. In terms of software updates within the field of IoT, several research have delineated the overall architecture and software components of the IoT stack, including the few aspects which have to be considered when updating software, such as inter-module compatibility, network compatibility and platform compatibility [6]. Due to how the software stack and the corresponding updates are designed, some update scenarios involve the replacement of the entire code base, in which case compatibility analysis would be crucial prior to executing an update process [6]. ...
... In terms of software updates within the field of IoT, several research have delineated the overall architecture and software components of the IoT stack, including the few aspects which have to be considered when updating software, such as inter-module compatibility, network compatibility and platform compatibility [6]. Due to how the software stack and the corresponding updates are designed, some update scenarios involve the replacement of the entire code base, in which case compatibility analysis would be crucial prior to executing an update process [6]. In other cases, updating application-level code blocks is said to allow the remaining software components to stay intact [6]. ...
... Due to how the software stack and the corresponding updates are designed, some update scenarios involve the replacement of the entire code base, in which case compatibility analysis would be crucial prior to executing an update process [6]. In other cases, updating application-level code blocks is said to allow the remaining software components to stay intact [6]. In terms of future work, it has been mentioned that code modularity and code isolation practices are crucial towards increasing the security and efficiency of software system updates within the field of IoT [6] [7]. ...
View
... Research studies such as [22][23][24] focused on secure update mechanisms, including covering techniques for authentication, integrity checks and encryption, aiming to mitigate attacks coming from potential adversaries with various levels of computing power, up to quantum computing power levels. Efficiency and reliability aspects are explored, along with strategies for network load minimization and power management, aiming to optimize the OTA update process in IoT environments with limited network and battery resources [25]. Standardization efforts at the Internet Engineering Task Force (IETF), such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) and Constrained Application Protocol (CoAP) [26,27], have shrunk on-board memory footprint and network transfer costs of Internet Protocol version 6 (IPv6) and Hypertext Transfer Protocol (HTTP)-like interaction over the network, while more recent standards such as Software Updates for Internet of Things (SUIT) [28] aim further at specifying generic architectures, data models and metadata for low-power secure IoT software updates over transfer protocols such as CoAP. ...
RIOT-ML: toolkit for over-the-air secure updates and performance evaluation of TinyML models
Article
Full-text available
  • May 2024
Practitioners in the field of TinyML lack so far a comprehensive, “batteries-included” toolkit to streamline continuous integration, continuous deployment and performance assessments of executing diverse machine learning models on various low-power IoT hardware. Addressing this gap, our paper introduces RIOT-ML, a versatile toolkit crafted to assist IoT designers and researchers in these tasks. To this end, we designed RIOT-ML based on an integration of an array of functionalities from a low-power embedded OS, a universal model transpiler and compiler, a toolkit for TinyML performance measurement, and a low-power over-the-air secure update framework—all of which usable on an open-access IoT testbed available to the community. Our open-source implementation of RIOT-ML and the initial experiments we report on showcase its utility in experimentally evaluating TinyML model performance across fleets of low-power IoT boards under test in the field, featuring a wide spectrum of heterogeneous microcontroller architectures and fleet network connectivity configurations. The existence of an open-source toolkit such as RIOT-ML is essential to expedite research combining artificial intelligence and IoT and to foster the full realization of edge computing’s potential.
View
... Solutions for updating the software stack of IoT devices have adopted the OTA (Over The Air) method [Bauwens et al., 2020] as a basis, as it enables updates through the network. The proposed solutions allow the firmware update [Chandra et al., 2016], can use blockchain to improve the update process [Lee and Lee, 2017], cryptography [Frisch et al., 2017] or still focus on the integrity of the updates [Zandberg et al., 2019]. ...
UP-Home: A Self-Adaptive Solution for Smart Home Security
Article
Full-text available
  • Apr 2024
Smart home devices are vulnerable to attacks that put their users’ security at risk. Vulnerabilities are discovered very frequently and can expose these devices through unsecured services. Meanwhile, the lack of standardisation in upgrade methods makes smart homes a potentially vulnerable environment. Furthermore, many manufacturers release their products and then abandon them, refusing to support security updates. As a result, security updates are needed to deal with the emergence of new attacks. There are several proposals to promote security in smart homes. However, there are rare solutions where changes for security purposes occur with little or no human intervention. This paper presents UP-Home, a self-adaptive solution that manages the security of smart homes. UP-Home aims to ensure that smart home devices meet the security requirements set by industry standards. The solution can continually identify and mitigate smart home security vulnerabilities. With autonomous computing techniques, UP-Home seeks to ensure the self-protection of devices and, consequently, the entire smart home. With the UP-Home evalu-ation, it was possible to notice significant improvements in the security of the smart home without any human intervention.
View
... The authors of [21] conducted a comprehensive analysis of the components within an IoT operating system that receive the most updates post-deployment. They offered an exhaustive quantification of the energy consumption tied to each stage of the process. ...
Firmware Updates over The Air via LoRa: Unicast and Broadcast Combination for Boosting Update Speed
Article
Full-text available
  • Mar 2024
  • SENSORS-BASEL
The capacity to update firmware is a vital component in the lifecycle of Internet of Things (IoT) devices, even those with restricted hardware resources. This paper explores the best way to wirelessly (Over The Air, OTA) update low-end IoT nodes with difficult access, combining the use of unicast and broadcast communications. The devices under consideration correspond to a recent industrial IoT project that focuses on the installation of intelligent lighting systems within ATEX (potentially explosive atmospheres) zones, connected via LoRa to a gateway. As energy consumption is not limited in this use case, the main figure of merit is the total time required for updating a project. Therefore, the objective is to deliver all the fragments of the firmware to each and all the nodes in a safe way, in the least amount of time. Three different methods, combining unicast and broadcast transmissions in different ways, are explored analytically, with the aim of obtaining the expected update time. The methods are also tested via extensive simulations, modifying different parameters such as the size of the scenario, the number of bytes of each firmware chunk, the number of nodes, and the number of initial broadcast rounds. The simulations show that the update time of a project can be significant, considering the limitations posed by regulations, in terms of the percentage of airtime consumption. However, significant time reductions can be achieved by using the proper method: in some cases, when the number of nodes is high, the update time can be reduced by two orders of magnitude if the correct method is chosen. Moreover, one of the proposed methods is implemented using actual hardware. This real implementation is used to perform firmware update experiments in a lab environment. Overall, the article illustrates the advantage of broadcast approaches in this kind of technology, in which the transmission rate is constant despite the distance between the gateway and the node. However, the advantage of these broadcast methods with respect to the unicast one could be mitigated if the nodes do not run exactly the same firmware version, since the control of the broadcast update would be more difficult and the total update time would increase.
View
... With Phoenix, the reconfiguration process can be triggered internally by the edge IoT devices or by external stimuli such as a user or an application intent. Reconfiguration can be done on both wired and wireless edge IoT devices using Over the Air (OTA) programming [7]. To support various IoT applications, edge IoT devices typically offer a variety of connectivity options (e.g., Wi-Fi, LoRa, cellular, etc.), computational power, input/output capabilities, and storage models. ...
Phoenix: Transformative Reconfigurability For Edge IoT Devices In Small-Scale IoT Systems
Article
Full-text available
  • Jan 2023
Transformative reconfigurability refers to the ability of changing the current software stack of a configurable device by fully replacing its existing one. In the context of IoT systems, such major device reconfigurations can be used to change the role, to adapt new functionality, and to keep reconfigurable IoT devices compatible with the IoT systems requirements as the ambient technology around them evolve, thus fostering a thriving and continuously-connected IoT environment. In this paper, we introduce Phoenix, an IoT device configuration management system that is designed to automate transformative reconfigurability for edge IoT devices at small scales. Edge IoT devices are typically computationally capable and configurable devices that have enough processing power to run user programs and control sensors and embedded devices in an IoT environment. Enabling transformative reconfigurability for such devices at small scales can increase IoT systems flexibility, efficiency, and adaptability in small IoT environments, for example, agri-farms, smart homes, micro grids, and the like. Phoenix manages the life cycle of edge IoT devices configuration and uses bare-metal provisioning to provide unattended installation of new software stacks that are defined by user intents that instruct the reconfiguration process. We implemented a Phoenix proof-of-concept system and deployed it on the SAVI testbed where we evaluated its performance in reconfiguring a variety of edge IoT devices under different network conditions. Our results indicate that Phoenix can meet the requirements of small-scale heterogeneous IoT systems in various application environments.
View
... Go to Step 3, wherein there is an error, be it resultant of anything, the updating will not be done and the ANFUOTA In order that the algorithm described before work properly, it is necessary that there must be alteration in UPDATE APPLICATION area. That updating is done by data packets sent thought the gateway/coordinator to the IoT device that is receiving all data packets by a communication protocol that possesses a command of firmware updating [21]. Thereby, when you want to update one IoT device firmware, the network coordinator sends the messages of updating to the IoT device that recognize them due to the protocol used in the communication [22]. ...
Asynchronous network firmware update over the air designed for wireless sensor and actuator networks: Atualização de firmware através do ar via rede de sensores e atuadores sem fio de forma assíncrona
Article
  • Jul 2023
This paper improvies the traditional FOTA system to a more robust one named ANFUOTA. This technique is only applicable to systems without embedded operating systems and to microcontrollers without multiple flash memory bank. This novel system is capable of updating the firmware in an asynchronous mode via networks WSN/WSAN kind and furthermore, it guarantees that the system never be without a valid firmware or rather, it is immune of communication failure or loss of packets and even feeding loss, independently of the updating phase. Even during the memory rewriting, in case it happens a feeding failure, the system will begin all over again the recording in the next rebooting. The used technique foresses an updating via networks WSN kind in an asynchronous mode and the firmware can be received in a distributed way in time and in many pieces or capable of being continuous. During this phase, the system remains online and doesn't enter in recording mode, keeping its activity on network. The system guarantees immunity in face of feeding loss and loss of packets by the network in all phases of updating, enabling updating all devices in network, simultaneously.
View
Secure Targeted Message Dissemination in IoT Using Blockchain Enabled Edge Computing
Preprint
Full-text available
  • Jan 2024
Smart devices are considered as an integral part of Internet of Things (IoT), have an aim to make a dynamic network to exchange information, collect data, analysis, and make optimal decisions in an autonomous way to achieve more efficient , automatic, and economical services. Message dissemination among these smart devices allows adding new features, sending updated instructions, alerts or safety messages, informing the pricing information or billing amount, incentives, and installing security patches. On one hand, such message disseminations are directly beneficial to the all parties involved in the IoT system. On the other hand, due to remote procedure, smart devices, vendors, and other involved authorities might have to meet a number of security, privacy, and performance related concerns while disseminating messages among targeted devices. To this end, in this paper, we design STarEdgeChain, a security and privacy aware targeted message dissemination in IoT to show how blockchain along with advanced cryptographic techniques are devoted to address such concerns. In fact, the STarEdgeChain employs a permissioned blockchain assisted edge computing in order to expedite a single signcrypted message dissemination among targeted groups of devices, at the same time avoiding the dependency of utilizing multiple unicasting approaches. Finally, we develop a software prototype of STarEdgeChain and show it's practicability for smart devices. The codes are publicly available at https://github.com/mbaqer/Blockchain-IoT
View
View
View
Design and Evaluation of a Method for Over-The-Air Firmware Updates for IoT Devices
Conference Paper
Full-text available
  • Aug 2023
Internet of Things (IoT) has been gaining a lot of attention in the last few years and despite the large amount of investments, there are still many challenges to be overcome within all parts of IoT architecture. One challenge is how to develop a long-lasting application. With regard to devices, one of the main contributors to longevity is the ability to update devices firmware. In practical terms, software and firmware updates over-the-air (OTA) are a crucial part of IoT architecture, along with the capacity to manage them remotely. This dissertation explains the IoT architecture with a layered approach and how updates OTA are part of it. As a solution to this problem, the design and implementation of an OTA firmware update method is presented. The method is based on the standard architecture recently proposed by the Internet Engineering Task Force (IETF), in the form of RFC 9019. The proposed solution is evaluated through two testbeds: one with 20 constrained IoT devices connected to an open source IoT cloud platform through a WiFi network and the other one with a set of 75 devices spread in a large geographic area as part of a real world application. Results show that the proposed solution is suitable for constrained devices and has little impact on the network traffic.
View
Modelling the energy consumption for over-the-air software updates in LPWAN networks: SigFox, LoRa and IEEE 802.15.4g
Article
Full-text available
  • Sep 2018
The recent trend towards the use of low-power wide-area-networks (LPWAN) communication technologies in the Internet of Things such as SigFox, Lora and Weightless gives rise to promising applications in smart grids, smart city, smart logistics, etc. where tens of thousands of sensors in a large area are connected to a single gateway. However, to manage such a sheer number of deployed devices, solutions to provide over-the-air firmware updates are required. This paper analyses the feasibility of over-the-air (partial) software updates for three LPWAN technologies (LoRa, SigFox and IEEE-802.15.4g) and discusses the best suited update method for different scenarios: full system updates, application updates and network stack updates. The results indicate that full firmware upgrades consume a substantial amount of energy, especially for the lowest bit-rate LPWAN technologies such as SigFox which drains a single AA battery with 2% when performing a version update. However, technologies with a similar range (i.e. LoRa SF12) require only 0.12%. The trade-off between range and energy (or bit-rate) becomes clear when considering that the least sensitive technology (IEEE-802.15.4g-OFDM) consumes only 0.0001%. Partial updates require significantly less energy for all technologies. Adding a single application uses 6 to 38 times less energy compared to a firmware update, depending on the update method and LPWAN technology. Even partial network stack updates (i.e. MAC) cost 3 to 8 times less energy, making over-the-air updates feasible.
View
Cooperative Downlink Listening for Low-Power Long-Range Wide-Area Network
Article
Full-text available
  • Apr 2017
Recently, the development of the Internet of Things (IoT) applications has become more active with the emergence of low-power wide-area network (LPWAN), which has the advantages of low-power and long communication distance. Among the various LPWAN technologies, long-range wide-area network (LoRaWAN, or LoRa) is considered as the most mature technology. However, since LoRa performs uplink-oriented communication to increase energy efficiency, there is a restriction on the downlink function from the network server to the end devices. In this paper, we propose cooperative downlink listening to solve the fundamental problem of LoRa. In particular, the proposed scheme can be extended to various communication models such as groupcasting and geocasting by combining with the data-centric model. Experiments also show that the proposed technology not only significantly reduces network traffic compared to the LoRa standard, but also guarantees maximum energy efficiency of the LoRa.
View
Evolution of IoT: An Industry Perspective
Article
  • Dec 2018
Mobile ad hoc networks have evolved since the early 1990s: over two decades. However, the unique concept of wireless deviceto- device networking has now ballooned into a major technology and industry revolution with applications impacting many facets of our lives. In fact, it has paved the way for the Internet of Things and smart cities. In this article, the evolution of IoT through mobile ad hoc networks is discussed, and its penetration into defense, society, and industries through ZigBee, Z-Wave, and other technologies is revealed. Finally, a discussion is presented of IoT architecture, connectivity, cloud, and analytics, and its implications on the realization of future smart cities.
View
Digital Twin in manufacturing: A categorical literature review and classification
Article
  • Jan 2018
The Digital Twin (DT) is commonly known as a key enabler for the digital transformation, however, in literature is no common understanding concerning this term. It is used slightly different over the disparate disciplines. The aim of this paper is to provide a categorical literature review of the DT in manufacturing and to classify existing publication according to their level of integration of the DT. Therefore, it is distinct between Digital Model (DM), Digital Shadow (DS) and Digital Twin. The results are showing, that literature concerning the highest development stage, the DT, is scarce, whilst there is more literature about DM and DS.
View
An Empirical Study on the Current and Future Challenges of Automotive Software Release and Configuration Management
Conference Paper
  • Aug 2018
Current automotive trends, such as autonomous and connected driving, are mainly enabled by embedded software that is deployed on a network of several, often more than one hundred, electronic control units. These software parts are responsible for many complex tasks concerning safety, comfort, energy management, and vehicle dynamics. Currently, they are deployed to the units at the end of the assembly line. Although a new software baseline of electronic control units is released in regular terms, normally six months, updates during aftersales are mostly conducted only in urgent cases, such as recall campaigns. Upcoming over-the-air services will enable more frequent updates to fix bugs and add new functionality. The possible alternatives of engines, chassis, and customer wishes lead to a high number of existing vehicle variants, so that the management of releases and configurations becomes more complex and costly. In a survey, we asked participants from different automotive institutions about the current state of practice, and the challenges they face during release development and management. This paper presents and discusses the main results of this survey: We have identified that field updates will be deployed more frequently in the future, and that over-the-air communication is an efficient way to realize them. The reported main update reasons are bug fixes and function improvement. However, the shortening release and update cycles, the increasing number of variants, and the multidisciplinarity in the automotive field are major challenges requiring suitable processes, methods, and tools to achieve software that operates correctly.
View
Towards minimum-delay and energy-efficient flooding in low-duty-cycle wireless sensor networks
Article
  • Apr 2018
  • COMPUT NETW
Wireless sensor networks (WSNs) play a very important role in realizing Internet of Things (IoT). In many WSN applications, flooding is a fundamental network service for remote network configuration, diagnosis or disseminating code updates. Despite a plethora of research on flooding problem in the literature, there has been very limited research on flooding tree construction in asynchronous low-duty-cycle WSNs. In this paper, we focus our investigation on minimum-delay and energy-efficient flooding tree construction considering the duty-cycle operation and unreliable wireless links. We show the existence of the latency-energy trade-off in flooding. We formulate the problem as a undetermined-delay-constrained minimum spanning tree (UDC-MST) problem, where the delay constraint is known a posteriori. Due to the NP-completeness of the UDC-MST problem, we design a distributed Minimum-Delay Energy-efficient flooding Tree (MDET) algorithm to construct an energy optimal tree with flooding delay bounding. Through extensive simulations, we demonstrate that MDET achieves a comparable delivery latency with the minimum-delay flooding, and incurs only 10% more transmission cost than the lower bound, which yields a good balance between flooding delay and energy efficiency.
View
Internet of Things (IoT): Research, Simulators, and Testbeds
Article
  • Dec 2017
The Internet of Things (IoT) vision is increasingly being realized to facilitate convenient and efficient human living. To conduct effective IoT research using the most appropriate tools and techniques, we discuss recent research trends in the IoT area along with current challenges faced by the IoT research community. Several existing and emerging IoT research areas such as lightweight energy-efficient protocol development, object cognition and intelligence, as well as the critical need for robust security and privacy mechanisms will continue to be significant fields of research for IoT. IoT research can be a challenging process spanning both virtual and physical domains through the use of simulators and testbeds to develop and validate the initial proof-of-concepts and subsequent prototypes. To support researchers in planning IoT research activities, we present a comparative analysis of existing simulation tools categorized based on the scope of coverage of the IoT architecture layers. We compare existing large-scale IoT testbeds that have been adopted by researchers for examining the physical IoT prototypes. Finally, we discuss several open challenges of current IoT simulators and testbeds that need to be addressed by the IoT research community to conduct large-scale, robust and effective IoT simulation, and prototype evaluations.
View
Performance analysis of the on-the-air activation in LoRaWAN
Conference Paper
  • Oct 2016
Long-range low-power communications are starting to replace short-range low-power communications in monitoring applications based on wireless sensor networks, both in rural and urban environments, due to the small deployment cost of long-range technologies. In this paper, we focus on the MAC layer of the recent LoRaWAN (long-range wide area network) standard, and specifically on the on-the-air activation procedure, which defines how nodes join an existing network. We propose a Markov chain model of the on-the-air activation, and we derive the expected delay and the expected energy required to join the network. We analyze the impact of several parameters on these metrics, including traffic conditions, duty cycles, and channel availability. We also discuss the impact of the regional settings of the standard. To the best of our knowledge, this is the first analysis of the MAC layer of LoRaWAN.
View
GITAR: Generic extension for Internet-of-Things ARchitectures enabling dynamic updates of network and application modules
Article
  • Jun 2015
  • AD HOC NETW
The Internet-of-Things (IoT) represents the third wave of computing innovation and relies on small, cheap and/or energy efficient devices, densely deployed in various spaces. Automatically managing, updating and upgrading the software on these devices, particularly the network stacks, with new, improved functionality is currently a major challenge. In this paper we propose GITAR, a generic extension for Internet-of-Things architectures, that enables dynamic application and network level upgrades in an efficient way. GITAR consists of four design concepts which can be applied to any operating system running on IoT/M2M devices. The proof of concept implementation in this paper uses the Contiki OS and the evaluation, based on analytical and experimental methods, shows that GITAR i) is up to 14% more efficient in terms of memory usage and ii) has less or similar run-time CPU overhead as state of the art solutions while offering upgrade functionality down to the network level and iii) can reuse existing Contiki network protocols for dynamic updates without requiring modifications to the code.
View
A Survey on Data Dissemination in Wireless Sensor Networks
Article
  • May 2014
Wireless sensor networks (WSNs) have been applied in a variety of application areas. Most WSN systems, once deployed, are intended to operate unattended for a long period. During the lifetime, it is necessary to fix bugs, reconfigure system parameters, and upgrade the software in order to achieve reliable system performance. However, manually collecting all nodes back and reconfiguring through serial connections with computer is infeasible since it is labor-intensive and inconvenient due to the harsh deploying environments. Hence, data dissemination over multi-hop is desired to facilitate such tasks. This survey discusses the requirements and challenges of data dissemination in WSNs, reviews existing work, introduces some relevant techniques, presents the metrics of the performance and comparisons of the state-of-the-art work, and finally suggests the possible future directions in data dissemination studies. This survey elaborates and compares existing approaches of two categories: structure-less schemes and structure-based schemes, classified by whether or not the network structure information is used during the disseminating process. In existing literatures, different categories have definite boundary and limited analysis on the trade-off between different categories. Besides, there is no survey that discusses the emerging techniques such as Constructive Interference (CI) while these techniques have the chance to change the framework of data dissemination. In a word, even though many efforts have been made, data dissemination in WSNs still needs some more work to embrace the new techniques and improve the efficiency and practicability further.
View