|
|
\section{Requirements}\label{req} \makeatletter \renewcommand{\@IEEEsectpunct}{\,}% Modified from {:\ \,}
\makeatother For the implementation of an OTA update mechanism, the following requirements were defined.
\subsubsection{}\label{req1} The systems must be able to perform updates on the release of new software without manual interaction. If a new firmware version is published for a type of devices, the target devices must fetch and install the new software version automatically, and start using it subsequently if no errors have occurred during the update.
\subsubsection{}\label{req2} To ensure minimal maintenance effort, the update process should be insusceptible to errors as much as possible. Even if the installation of an update fails in the middle of reprogramming the device, the system should continue to work fully functional immediately and after reboot.
\subsubsection{}\label{req3} Firmware downloads must be possible over the same WiFi connection as used during normal operation. Fetching the firmware should be done side-by-side with operational traffic.
\subsubsection{}\label{req4} The update process must be possible over any untrusted wireless network or Internet connection. To prevent possible attackers from injecting malicious software into the embedded devices, a cryptographic signature mechanism must be implemented. New firmware only gets accepted by the device, if the cryptographic signature of the downloaded firmware image can be verified.
\subsubsection{}\label{req5} To reduce network load and aim for the maximum possible uptime of the device, the update process should only be done if a new firmware version is available. In contrast, on the release of new firmware, the roll-out to all devices should be performed as fast as possible. While checking for available updates and downloading such an update, the device should continue to work as usual.
\subsubsection{}\label{req6} For easy maintenance and monitoring, each device must provide information about the currently installed firmware version and other details relevant for the update process.
\subsubsection{}\label{req7} Devices are categorized by types. Each type runs the same software and therefore provides the same functionality. As the device type is hardly coupled to the hardware and the software interacts with it on a specific way, the update process must ensure that the correct firmware is used while reprogramming.
\makeatletter \renewcommand{\@IEEEsectpunct}{:\ \,} \makeatother
|