IoT

The Software Updates for Internet of Things (SUIT) Working Group is tackling one of the most pressing challenges in IoT security: reliable, secure, and interoperable firmware updates for constrained devices.

Today IoT deployments often depend on proprietary update mechanisms that are fragmented and difficult to audit. As vulnerabilities continue to emerge, security experts, researchers, and regulators agree: every IoT device should have a robust and standardized way to update firmware securely.

The SUIT WG is designing a comprehensive solution, focusing on devices with very limited resources, those with as little as ~10 KiB of RAM and ~100 KiB of flash storage, while also supporting more capable systems.

Key components of the SUIT approach include:

• A manifest, providing metadata about firmware packages, their dependencies, and cryptographic protections.
• Use of CBOR (Concise Binary Object Representation) for compact encoding, along with COSE cryptographic mechanisms to secure manifests.
• Extensions to support encryption, trust domains, update management, and integration with other IoT frameworks like MUD (Manufacturer Usage Description).
• Mechanisms for devices to report update status securely, enabling visibility and compliance across IoT fleets.

The group collaborates closely with the Remote ATtestation Procedures (RATS) WG to define claims that can attest to firmware update status, strengthening supply chain transparency and trust.

The SUIT WG is also committed to working with silicon vendors, OEMs, and the broader IoT ecosystem to drive real-world implementations, including participation in IETF Hackathons to validate and improve specifications.

Link to the WG: https://datatracker.ietf.org/group/suit/about/
Link to the WG Documents: https://datatracker.ietf.org/group/suit/documents/

The IoTops (IoT Operations) WG at the IETF has a document called Terminology for Constrained-Node Networks, whose abstract is as follows:

"The Internet Protocol Suite is increasingly used on small devices with severe constraints on power, memory, and processing resources, creating constrained-node networks. This document provides a number of basic terms that have been useful in the standardization work for constrained-node networks." A new version of this document is dated 7 July 2025.

Link to the document: https://datatracker.ietf.org/doc/draft-ietf-iotops-7228bis/

IoTops WG: https://datatracker.ietf.org/wg/iotops/documents/

The IRTF draft titled "Guidance on RESTful Design for Internet of Things Systems"(https://datatracker.ietf.org/doc/draft-irtf-t2trg-rest-iot/) provides recommendations for applying REST (Representational State Transfer) principles to the design of IoT systems. REST is a well-known architectural style for building scalable and interoperable web services. This draft explores how those same principles can be adapted to the unique constraints and characteristics of the Internet of Things, where devices often have limited resources and operate in constrained networks.

One of the central ideas is that RESTful approaches can help create machine-understandable interfaces that reduce the need for human intervention and make integration between systems easier. To support this, the draft emphasizes the use of lightweight protocols like CoAP (Constrained Application Protocol) and compact data formats suited for constrained environments. It also recommends designing interactions that are resource-based and stateless whenever possible.

The document acknowledges that IoT devices may act both as clients and servers and provides guidance for managing these roles within a RESTful framework. Additionally, because IoT deployments are long-lived and widely distributed, the draft encourages designs that support extensibility and gradual evolution over time, without requiring simultaneous updates to all nodes.

By promoting RESTful design principles tailored for IoT, the draft aims to improve interoperability among devices and systems from different vendors. This reduces integration complexity and fosters a more robust and adaptable IoT ecosystem.

We introduced LoRa mesh networks at in the GAIA WG meeting at IETF 122. Different to LoRaWAN, LoRa mesh networks are not standardized. The current proprietary solutions and open source solutions are not interoperable. The lack of standardization is a difficulty for a quicker adoption of LoRa mesh network technology.

The Internet-Draft titled "Comparison of CoAP Security Protocols" analyzes and compares the message sizes of key exchange processes and per-packet overheads associated with various security protocols used to secure the Constrained Application Protocol (CoAP). Minimizing message sizes is crucial in constrained radio networks, such as Low-Power Wide Area Networks (LPWANs), to reduce energy consumption, latency, and completion times.

The security protocols evaluated in this document include:

• Datagram Transport Layer Security (DTLS) 1.2 and 1.3
• Transport Layer Security (TLS) 1.2 and 1.3
• Compact TLS (cTLS)
• Ephemeral Diffie-Hellman Over COSE (EDHOC)
• Object Security for Constrained RESTful Environments (OSCORE)
• Group OSCORE

The analysis considers the DTLS and TLS record layers with and without 6LoWPAN-GHC compression and examines DTLS both with and without Connection ID.

Find in here https://datatracker.ietf.org/meeting/118/proceedings/ the proceedings of IETF 118, where you can check IoT Working Group work such as ROLL, 6Lo, IoTOps, etc. Minutes, Slides and Video Recording are available.

The IRTF Thing-to-Thing Research Group is working on a document that describes the IoT Edge Challenges and Functions. 

Link: https://datatracker.ietf.org/doc/draft-irtf-t2trg-iot-edge/

From Charter: "The Supply Chain Integrity, Transparency, and Trust (SCITT) WG will define a set of interoperable building blocks that will allow implementers to build integrity and accountability into software supply chain systems to help assure trustworthy operation. For example, a public computer interface system could report its software composition that can then be compared against known software compositions or certifications for such a device thereby giving confidence that the system is running the software expected and has not been modified, either by attack or accident, in the supply chain." 

Source: https://datatracker.ietf.org/wg/scitt/about/

To Subscribe: 

https://www.ietf.org/mailman/listinfo/scitt

Routing Over Low power and Lossy networks (roll) Working Group has met at IETF 115, please find below the link to the video recording

https://www.youtube.com/watch?v=KwV1ajTdpQM

The IETF has published this month a new version of draft about Reliable and Available Wireless Architecture

Abstract: "Reliable and Available Wireless (RAW) provides for high reliability and availability for IP connectivity across any combination of wired and wireless network segments. The RAW Architecture extends the DetNet Architecture and other standard IETF concepts and mechanisms to adapt to the specific challenges of the wireless medium, in particular intermittently lossy connectivity. This document defines a network control loop that optimizes the use of constrained spectrum and energy while maintaining the expected connectivity properties, typically reliability and latency. The loop involves OAM, PCE, and PREOF extensions, and a new Controller plane Function called the Path Selection Engine, that dynamically selects the DetNet path for the next packets to route around local failures."

Source: https://datatracker.ietf.org/doc/draft-ietf-raw-architecture/

we propose to raise awareness on the one hand of IoT standardization players on the energy impact in defining standards and on the other hand to developers of IoT stacks and applications. For this, we propose an approach consisting firstly of starting from the existing to highlight the energy impact in the choices of the use of a standard and its implementations and then secondly to identify a set of recommendations.

The IETF 114 is presenting several topics in IoT, such as:

• RATS (Remote ATtestation ProcedureS), video recording: https://www.youtube.com/watch?v=Fgy20yeT4Eo
• 6lo (IPv6 over Networks of Resource-constrained Nodes), video recording: https://www.youtube.com/watch?v=bTULdS6iI0E
• ANIMA (Autonomic Networking Integrated Model and Approach), video recording: https://www.youtube.com/watch?v=UIsxhY73QrA
• DTN (Delay/Disruption Tolerant Networking), video recording: https://www.youtube.com/watch?v=VF2vB5QTx9c
• ROLL (Routing Over Low power and Lossy networks), video recording: https://www.youtube.com/watch?v=ChhlXBPgbr4
• COSE (CBOR Object Signing and Encryption), video recording: https://www.youtube.com/watch?v=d0zOUQ26qt0
• CORE (Constrained RESTful Environments), video recording: https://www.youtube.com/watch?v=rr1LXhbrs7Y
• RAW (Reliable and Available Wireless), video recording: https://www.youtube.com/watch?v=gG7fVTd95yM
• LPWAN (IPv6 over Low Power Wide-Area Networks), video recording: https://www.youtube.com/watch?v=UTwGyKOTdlk
• LAKE (Lightweight Authenticated Key Exchange), video recording: https://www.youtube.com/watch?v=Oq7O5-ODfqc
• TEEP (Trusted Execution Environment Provisioning), video recording to be published in here: https://www.youtube.com/playlist?list=PLC86T-6ZTP5iqRy5pg4hScW5zp2-j7TVI
• DETNET (Deterministic Networking), video recording to be published in here: https://www.youtube.com/playlist?list=PLC86T-6ZTP5iqRy5pg4hScW5zp2-j7TVI
• SUIT (Software Updates for Internet of Things), video recording to be published in here: https://www.youtube.com/playlist?list=PLC86T-6ZTP5iqRy5pg4hScW5zp2-j7TVI
• CBOR (Concise Binary Object Representation Maintenance and Extensions), video recording to be published in here: https://www.youtube.com/playlist?list=PLC86T-6ZTP5iqRy5pg4hScW5zp2-j7TVI
• MANET (Mobile Ad-hoc Networks), video recording to be published in here: https://www.youtube.com/playlist?list=PLC86T-6ZTP5iqRy5pg4hScW5zp2-j7TVI
• IOTOPS (IOT Operations), video recording to be published in here: https://www.youtube.com/playlist?list=PLC86T-6ZTP5iqRy5pg4hScW5zp2-j7TVI

More Information: https://datatracker.ietf.org/meeting/114/agenda/