UpKit: An Open-Source, Portable, and Lightweight Update Framework for Constrained IoT Devices

Updating the software running on constrained IoT devices such as low-power sensors and actuators in a secure and efficient way is an open problem. The limited computational, memory, and storage capabilities of these devices, together with their small energy budget, indeed, restrict the number of features that can be embedded into an update system and make it also difficult to build a generic and compact solution. As a result, existing update systems for constrained IoT devices are often not portable, do not perform a proper verification of the downloaded firmware, or focus only on a single phase of the update process, which exposes them to security threats and calls for new solutions. In this paper we present UpKit, a portable and lightweight software update framework for constrained IoT devices encompassing all phases of the update process: from the generation and signature of a new firmware, to the transmission of the latter to an IoT device, its verification and installation. UpKit employs a novel update architecture that is agnostic to how new firmware images are distributed and that introduces a double-signature process to guarantee the freshness of a new firmware. This, together with an additional verification step, allows also to reject invalid software at an early stage and to prevent an unnecessary reboot of the device. We keep UpKit's design modular and provide an open-source implementation for several operating systems, hardware platforms, as well as cryptographic libraries. We further include support for differential updates and flexible memory slots, which allows to significantly increase the efficiency of the update process. An experimental evaluation shows that UpKit can be used to efficiently update highly-constrained IoT devices, and that it has a comparable memory footprint to state-of-the-art solutions, despite the introduction of several features.