Re: [Suit] Fwd: Firmware Update Paper

Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr> Wed, 04 December 2019 11:38 UTC

Return-Path: <emmanuel.baccelli@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3C1212080C for <suit@ietfa.amsl.com>; Wed, 4 Dec 2019 03:38:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.417
X-Spam-Level:
X-Spam-Status: No, score=-1.417 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c__KhyFFOgOT for <suit@ietfa.amsl.com>; Wed, 4 Dec 2019 03:38:34 -0800 (PST)
Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B641120013 for <suit@ietf.org>; Wed, 4 Dec 2019 03:38:34 -0800 (PST)
Received: by mail-ot1-f43.google.com with SMTP id 66so6000228otd.9 for <suit@ietf.org>; Wed, 04 Dec 2019 03:38:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=z1F2SC/WVxqjf21Fv3kerDzxOAXolC3s7LAuOWo71WE=; b=Qjfyjlu9tDaEiE4wA6BbJRe9u1bEJyvpCMwxjyr6mVf3iNCBVqT/QHzfvo1yqtLZLf dz0bbmP44pdjQxB4Cf7ei1UkspuomatcDodKuxb4QDXVgxpANgqhxj/cA5fBjyMKudvy MvLE0PXHdBrI1b+nB3YgC1QkhUPknH3Rmut6xLv4U/HLsKlZT8HLTkwB4VK0qqiP3t3X erb9spd0XqHOz8Bp4+209VmEMfI/Hc6XUrfQRooWm78YzRnWUPiOZWdBRut+/4hh7Tmj q7gr0GjfPT6g+1s2hE27EI157M03HMlWu3nKntoEuCU7v0Yw6xRWXHHpKtZnUrMcBJxA 1WIg==
X-Gm-Message-State: APjAAAWESy0fR6+1rT3uAS472s2Xl0xzdq+nn2JrqPSOKzNZoaD9csmx a+rpZjJEqALlO3C3IiWKrjaZ95Oy8vgIgQ4YLNk7QIxJ
X-Google-Smtp-Source: APXvYqz5yRmRZi5pkuBsuUpKeskuq1bKYSAQ2+v5s1EC+gaUlzu5rtYzgYMlsamJ7nY7zwaAyOr/u9nPR2VJzAmQjPA=
X-Received: by 2002:a9d:7e99:: with SMTP id m25mr2012530otp.212.1575459513548; Wed, 04 Dec 2019 03:38:33 -0800 (PST)
MIME-Version: 1.0
References: <VI1PR08MB53600B1D1A194F49B67B90DFFAC60@VI1PR08MB5360.eurprd08.prod.outlook.com> <20191127203651.GA117656@davidb.org> <CANK0pbaWkn7w2swRgkOqsTubE1os=rDo2BLjrTZ5eW6ePv3WnA@mail.gmail.com> <20191129183627.GA16289@davidb.org> <DB6PR0801MB1879D9742622EA0AE08A8B72EA430@DB6PR0801MB1879.eurprd08.prod.outlook.com> <CABNHR1yEFvgEzHjBhpqTW-FX+LQTVYuSJE_9SP9OMwzjWsdORQ@mail.gmail.com> <CANK0pbaf8TTtMOSKHD0D-73+MCzSdjk7p+6hVO0WzpSxhF2fVg@mail.gmail.com> <CABNHR1z4N=uH9d5DvyYi17DCULqu3T6Ve9k-_EJr-37zUjF-uw@mail.gmail.com> <CANK0pbYGbzu8VAr7ZuzUOY1yQ75qkMKQ6PAncZCfkH2=RZWNUQ@mail.gmail.com> <CABNHR1wOXx6QRYMMFgnNs12qtc5Ofs8MdR-Oe=d4KRCzXtaiQA@mail.gmail.com>
In-Reply-To: <CABNHR1wOXx6QRYMMFgnNs12qtc5Ofs8MdR-Oe=d4KRCzXtaiQA@mail.gmail.com>
From: Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>
Date: Wed, 4 Dec 2019 12:38:22 +0100
Message-ID: <CANK0pbagZtjzE4vsW6ez76aT2sFeNj_vMr=fKP8Xo6kvCcSF9A@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a9c4a60598df40dd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/M8wRKJc_pqt28feAKL6-27NnVHY>
Subject: Re: [Suit] Fwd: Firmware Update Paper
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 11:38:37 -0000

Hi Simon,

Some comments & answers inline.

On Wed, Dec 4, 2019 at 1:56 AM Szymon Słupik <simon@silvair.com> wrote:

> Hi Emmanuel,
>
> [...]
>
> In the experiment you point out (reported in Table 3 and 4 in [1]) the
>> transfer of the firmware binary + the manifest (totaling ~35kB) took about
>> 11 seconds.
>>
>
> [SS] yeah... that 35kB is a bit unrealistic... for production stacks
> (including application functionality) we see the FW sizes (uncompressed) to
> be in 200kB range.
>

[EB] Just to be clear: we did not make this number up. 35kB is the actual
binary size for a (basic) RIOT configuration including standard CoAP and
crypto functionalities, among others.
That said, indeed, firmware size does depend on the OS, the libraries that
are used, and on the required functionalities.


[SS] Have you considered the link saturation during the transfer? In many
> cases you do not want the transfer to [significantly] affect the operation
> of the network, so a strategy to reduce the transfer duty cycle may be
> prudent.
>
> [..] And that was a single-hop, right? Have you considered multi-hop
> transfers over a mesh network?
>
>

[EB] The measurements we made for this paper were in the simplest scenario
you can think of (single hop, and good network conditions).
In other scenarios (multihop, side traffic etc.) results would be
different, delaying network transfer completion time.
Nevertheless I think this does not invalidate the observations made in the
paper,
i.e. that crypto makes up for a significant chunk of the memory and energy
footprints.


The signature verification was performed with the HACL library (ed25519) on
>> an ARM Cortex-M0+ and took approx. 7 seconds -- so yes, pretty long indeed,
>> in this case.
>
>
> [SS] Does that scale linearly with image size? Do memory requirements (RAM
> usage) increase with the image size?
>
>
[EB] Not really: in the context of this paper, what is signed (and
verified) is a hash of the image, not the image itself.


Best regards,

Emmanuel


On Tue, Dec 3, 2019 at 10:05 PM Emmanuel Baccelli <
> Emmanuel.Baccelli@inria.fr> wrote:
>
>> Hi Szymon
>>
>> below some more information, since you ask ;)
>>
>> In the experiment you point out (reported in Table 3 and 4 in [1]) the
>> transfer of the firmware binary + the manifest (totaling ~35kB) took about
>> 11 seconds.
>> The 802.15.4 radio was used in 2.4GHz band in default mode (we used an
>> off-the-shelf SAMR21 board [2] for this experiment).
>> The signature verification was performed with the HACL library (ed25519)
>> on an ARM Cortex-M0+ and took approx. 7 seconds -- so yes, pretty long
>> indeed, in this case.
>>
>> For other microcontrollers and/or with other signature schemes or
>> alternative implementations/libraries, the speed & memory footprint we
>> measured are compared in Tables 8, 7 and 6 (see [1])..
>>
>> As observed in the paper:
>>     - the time spent on signature verification heavily depends on the
>> type of microcontroller, on the signature scheme, and on the specific
>> implementation;
>>     - crypto's footprint in Flash memory can significantly impact the
>> size of update binaries which need to be transferred over the network.
>>
>> Cheers,
>>
>> Emmanuel
>>
>> [1] https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8725488
>> [2] https://github.com/RIOT-OS/RIOT/wiki/Board:-Samr21-xpro
>>
>>
>>