Secure over-the-air firmware updates of IoT devices

Wednesday 9 October, 12h00-19h00
@ imec – Leuven

Secure over-the-air updates in a massive and distributed deployment of IoT devices can be a truly challenging task. This is especially so when we are faced with one or more of the following aspects: heterogeneous devices, unreliable wireless connections, long operating lifetimes, battery powered devices,…

In this workshop we will address recent technology innovations to achieve secure and scalable over-the-air firmware updates of low power IoT devices that are operated in challenging and dynamic environments.

Speakers from both academia and industry will zoom in on the possibilities of their innovations for applications such as smart water metering, railway systems, and many others.

The workshop includes presentations and (live) demos, and is accessible to all enthusiasts in wireless technology. Topics include a.o.

  • wireless technologies (LoRaWAN, NB-IoT) for remote updates
  • scalable approaches for massive remote updates
  • dealing with unreliable wireless connectivity
  • security aspects
  • applications in industry and beyond


12h00 Registration & sandwich lunch
13h00 Introduction
Kris Hermus, Coordinator Wireless Community & Innovation Program Manager Flanders, imec
13h20 How to implement a reliable and secure update flow for embedded IoT systems in railway with an unreliable wireless connection
Steven Lauwereins, Research Lead, Televic GSP

In a world where all software needs to be maintained for cybersecurity reasons, also software installed on devices with intermittent or even no connectivity have to be updatable in a reliable way. Moreover, in industries such as railway, many devices are kept as spare parts for years. These devices need to be made secure at first booth regardless of the years they lay in a customer warehouse. This talk will explain Televic GSPs approach to such challenging update requirements.

13h40 Secure over-the-air firmware update framework for a vast network of battery-operated smart water meters in inaccessible locations
Jan Van Cappellen, COO, Hydroko

  • short intro to Hydroko and HydroKonekt
  • how to manage a firmware update of a very large number of devices 
  • in-house developed software simulator for massive firmware updates 
  • security aspects
13h55 Managed firmware updates over NB-IoT on high lifetime battery powered IOT-devices
Steven Sanders (Founder) and Bram Baert (Development engineer electronic design), Quicksand

  • short intro to NB-IoT
  • dealing with sub-optimal coverage of devices
  • data rate, latency, duration, energy consumption
  • encryption & signature
14h10 Adaptive In-situ Power Monitoring & Profiling of Cellular IoT Devices
Brendan Mackenzie (doctoral researcher) and Danny Hughes (Professor), KU Leuven – Distrinet

This talk addresses the problem that cellular IoT network reliability continuously fluctuates throughout the lifetime of an IoT device, resulting in variable energy costs per data transmission (particularly if retransmissions are needed). This can be exacerbated by unpredictable losses of connectivity and their associated power-hungry network rejoins. Since these reliability fluctuations have massive consequences in terms of total energy consumption, it is very difficult to predict the IoT device’s battery-lifetime and uphold long lifetime guarantees (cf. talks by Quicksand and Hydroko).
The presented solution offers a tiny but accurate power monitor (miniMaP) that runs locally on the IoT device and maintains a live energy profile throughout the device’s lifetime, while adding neglectable overhead.
Such an energy profile can be exploited by the IoT operating system to schedule IoT operations with energy consumption in mind (e.g. collect sensor data, transmit data, download large firmware images), adapt wake-up strategies, or tailor communication settings.

14h25 Strategies for managed over-the-air firmware updates
Nico Janssens, CTO, Rombit

Abstract will follow

  • Demo 1 – Televic GSP:
    reliable and secure update flow for embedded IoT systems in railway
  • Demo 2 – Hydroko & Quicksand:
    remote firmware update over NB-IoT of smart water meters
  • Demo 3 – KU Leuven – Distrinet: TBD
  • Demo 4 – KU Leuven – Distrinet:
    a Nordic Semiconductor nRF9160 using the miniMaP scheme to provide in-situ power/energy consumption statistics for each thread running on the device along with the asynchronous activity of the cellular modem. These statistics will be streamed over UART to a connected laptop for viewing
  • Demo 5 – VUB – ETRO: TBD
  • Demo 6 – N.N.: TBD
15h55 LoRaWAN Firmware Updates Over-The-Air
Lode Van Halewyck, Senior technical consultant, Actility

An introduction to secure Firmware Updates Over-The-Air (FUOTA) over LoRaWAN, covering the following topics:

  • An update on LoRaWAN and the evolution of the specifications
  • FUOTA over LoRaWAN:
    • Challenges and corresponding standardized solution
    • FUOTA implementation incl. campaign management
    • Reference solutions in different vertical markets
16h10 Benchmarking and comparison of security analysis tools
KU Leuven – Distrinet Gent

Abstract will follow

16h25 Secure localisation based device commissioning
N.N., KU Leuven – COSIC

Initialising new IoT devices into the network is a tedious process – most of these devices run on small embedded platforms and lack the usual I/O interfaces present, and often rely on external hardware and equipment for configuration. This makes it a manual process, and incurs significant costs when scaled up. And more often than not, to account for scalability or cheap initialisation, security gets neglected. In our work, we have designed a solution for this commissioning problem for indoor environments which does not require significant human involvement. We show that it is possible to effortlessly and securely commission new devices into an existing network, using the signal strengths of the devices already present inside. We will show a short demonstrator of our solution in which we simulate an indoor environment, and demonstrate how we can securely initialise a legitimate device into the network. We do this, all without using any additional sophisticated devices, and thus only relying on commercially available devices.

16u35 Hardware security aspects in IoT devices
An Braeken, Professor, VUB-ETRO

Abstract will follow

16h50 Plenary Q&A session
17h10 Networking reception
19h00 End of the workshop



  • Imec employees and residents: free of charge
  • Employees of Wireless Community members: free of charge
  • Others:
    • 100 EUR (excl VAT) early bird until October 2
    • 120 EUR (excl VAT) late registration from October 3

Please fill in your details in this Event Registration Form below and you will be automatically registered.
A few days prior to the event you will receive a confirmation email with all practical details.

Please contact us at