[Iot-lacnog] FW: Call For Papers: Internet of Things Software Update Workshop (IoTSU)
Alvaro Retana (aretana)
aretana at cisco.com
Wed May 11 15:47:59 BRT 2016
On 5/11/16, 12:00 PM, "IETF-Announce on behalf of IAB Executive
Administrative Manager" <ietf-announce-bounces at ietf.org on behalf of
execd at iab.org> wrote:
>Internet of Things Software Update Workshop (IoTSU)
>13-14 June 2016, Trinity College Dublin, Ireland
>In his essay ŒThe Internet of Things Is Wildly Insecure And Often
>Unpatchable¹  Schneier expressed concerns about the status of
>software/firmware updates for Internet of Things (IoT) devices. IoT
>devices, which have a reputation for being insecure at the time when
>they are manufactured, are often expected to stay active in the field
>for 10+ years and operate unattended with Internet connectivity.
>Incorporating a software update mechanism to fix vulnerabilities, to
>update configuration settings as well as adding new functionality is
>recommended by security experts but there are challenges when using
>software updates, as the FTC staff report on Internet of Things
>Privacy & Security in a Connected World  and the Article 29 Working
>Party Opinion 8/2014 on the on Recent Developments on the Internet of
>Things  express. Even providing such software update may provide
>challenges for constrained devices, as a buffer overflow vulnerability
>in the implementation of a software update protocol (TR69)  and an
>expired certificate in a hub device  demonstrated. On top of
>challenges there are various problems with privacy, lack of incentives
>to distribute software updates along the value chains, and questions
>about who should be able to update devices, and when, e.g. at or after
>the end-of-life of a product or component.
>There are various (proprietary) software update mechanisms in use today
>and the details vary significantly, particularly depending on the
>envisioned use with IoT devices. More powerful IoT devices, such as
>those running general purpose operating systems (like embedded Linux),
>make use of sophisticated software update mechanisms known from the
>desktop and the mobile world. The focus of this workshop is, however, on
>more constrained embedded devices that run embedded OSs or potentially
>no operating system at all. These devices are typically not equipped
>with a memory management unit or similar concepts. Many of these devices
>also do not allow software packages to be downloaded to be run in a
>sandbox (such as a virtual machine) either.
>We solicit contributions in the following areas:
>- Protocol mechanisms for distributing software updates.
>- Securing software updates.
>- Meta-data about software / firmware packages.
>- Implications of operating system and hardware design on the software
> update mechanisms.
>- Installation of software updates (in context of software and hardware
> security of IoT devices).
>- Privacy implications of software update mechanisms.
>- Seeking input on experience and state-of-the-art.
>- Implications of device ownership and control for software update.
>Participation at the workshop is free of charge.
>The IoTSU workshop is co-sponsored by the Internet Architecture Board
>and the Science Foundation Ireland funded CONNECT Centre for future
>networks and communications. The program committee would welcome
>additional sponsorship for a social event.
>Position papers must be submitted by 20th May 2016 at the latest.
>The program committee will review submitted position papers and send an
>invitation to the workshop to one of the paper authors. Invitations will
>be distributed by May 23rd, 2016 at the latest.
>This workshop will be a day and a half, and take place on the 13th and
>14th of June, 2016.
>Position Paper Requirements
>Interested parties must submit a brief document. We welcome papers that
>describe existing work, raise new requirements, highlight challenges,
>write-ups of implementation and deployment experience, lessons-learned
>from successful or failed attempts, and ideally a vision on how to
>improve interoperability of software update mechanisms. Contributions
>are not required to be original in content.
>We solicit brief write-ups of one to three pages, formatted as HTML,
>PDF, or plain text (for example as a submitted Internet Draft).
>We will publish accepted position papers (as well as meeting minutes,
>slides, and a workshop report). Please submit your position papers via
>The planned location for the workshop is at Trinity College Dublin,
>Ireland. We will provide the full details of the meeting venue to the
>invited workshop participants. Smaller workshops tend to encourage
>focused conversation and deep dives on specific topics, so the number of
>participants will be limited to ~40 persons. For local information
>please contact Stephen Farrell <stephen.farrell at cs.tcd.ie>.
>The workshop will have no expectation of IPR disclosure or licensing
>related to its submissions.
>You provide your name and your email address for the registration to
>this workshop. We use this information for planning purposes (such as
>finding rooms and ordering refreshments). We will also use this
>information to contact you about the location of the meeting venue, or
>other urgent and relevant notifications. Before the meeting minutes are
>publicly distributed, you will also receive a copy for review. We will
>share your contact details with the other workshop participants, if
>necessary, for example for post-workshop discussions. Your name and
>affiliation will be listed on the participant list contained in the
>This workshop is organized by:
>- Stephen Farrell, IETF Security Area Director, Trinity College Dublin
>- Arnar Birgisson, Google
>- Ned Smith, IPSO Identity and Security Committee Chair, Intel
>- Jari Arkko, IETF Chair, Ericsson
>- Carsten Bormann, IETF CORE WG Chair, IRTF T2TRG Chair, TZI University
>- Hannes Tschofenig, IETF ACE/OAuth Chair, ARM Ltd.
>- Robert Sparks, IAB member/IETF STIR Chair, Oracle
>- Russ Housley, IAB member/IETF STIR WG chair, Vigilsec.
> Bruce Schneier, ³The Internet of Things Is Wildly Insecure And
>Often Unpatchable², January 2014.
> FTC, ³FTC Report on Internet of Things Urges Companies to Adopt Best
>Practices to Address Consumer Privacy and Security Risks², January 2015.
> Article 29 Data Protection Working Party, ³Opinion 8/2014 on the on
>Recent Developments on the Internet of Things², September 2014.
> Lior Oppenheim and Shahar Tal, ³Too Many Cooks Exploiting the
>Internet-of-TR-069-Things², December 2014.
> Brian Barrett, ³Winks Outage Shows Us How Frustrating Smart Homes
>Could Be², April 2014.
More information about the Iot