Over-the-air (OTA) Firmware Update
IoT systems typically involve the deployment of hundreds of devices in the field. It is critical for device stability and maintenance costs to be able to manage the software in these devices remotely. The Samsung ARTIK platform provides a way to update or install applications on devices after deployment in the field, incorporating OTA functionality in various components/layers of the platform.
ARTIK is a secure IoT solution, and provides security across the entire IoT pipeline. The ARTIK platform software solution includes an on-boarding service using secure device registration, edge node device management from the gateway, an over-the-air update protocol, and an easy-to-use API library.
The ARTIK OTA solution supports application firmware updates on ARTIK 053/055 edge node devices directly from ARTIK cloud services, leveraging ARTIK Cloud Device Management.
Within the ARTIK ecosystem, the means of addressing over-the-air (OTA) software updates depends on the module type and OS.
Secure Device Registration
ARTIK Cloud Secure Device Registration (SDR) relies on strong mutual authentication between a gateway device and the cloud registration servers. The device registration involves a binding of user and device authentications, with a convenient mobile application to assist the process. The device authentication is based on use of SHA256_ECDSA X.509 certificates for both devices and servers as part of a two-way TLS handshake.
To ensure the integrity of the certificate based TLS authentication, ARTIK devices and servers are provisioned with certificates from a Public Key Infrastructure (PKI) as a root of trust for the ARTIK ecosystem. Furthermore, ARTIK devices are equipped with secure storage for the purpose of storing factory-provisioned keys and assisting the TLS authentication as a session key generation, using secure APIs.
ARTIK 05X modules incorporate a Wi-Fi-based on-boarding service. The service relies on LWM2M to ARTIK cloud services for communication between the cloud and the gateway or edge device.
ARTIK Cloud OTA Solution
Over their lifetime, IoT devices may require software updates to support new functionality, standards, security, or environments. At the same time, it is important to ensure that the software update has originated from a legitimate source. The update must be delivered and installed to the intended device in a tamper-free manner.
Samsung ARTIK Cloud offers a secure over-the-air (OTA) infrastructure for delivery of software updates to all registered ARTIK devices. The ARTIK OTA solution follows the Light Weight Mobile To Mobile (LWM2M) payload format as its delivery mechanism over a TLS-secured link. It features:
Resistance against redirect attacks – for example, where an attacker might send an unsuspecting device to a malicious software store that would then cause the device to download a malicious or unauthorized update, or to cease functioning
Protection against DDOS attacks against the image store by ensuring that only registered and authorized devices will be able to download a new image
Generation of a unique single-use URL for each device to download a given update; a different URL is provided for every OTA update.
With these capabilities, ARTIK Cloud offers flexibility in the update mechanism while providing the ability to customize the update process to include additional security measures for different types of application requirements.