Browse Source

added reviews

master icsnc_2017
Sebastian Rieger 4 years ago
  1. 79


@ -0,0 +1,79 @@
--------- Comment 2:
In this article, the authors present an implementation of a durable and stable system for building and publishing cryptographically secure firmware updates for embedded devices based on ESP8266 microcontrollers. This includes mechanisms to build the updates from source and automatically sign, distribute and install them on the target devices. A proof of concept implementation has been developed, which is now an essential part of the home-automation development and deployment in the Magrathea Laboratories e.V. hackerspace. This includes a major network configuration change and an important stability fix for the network communication stack. All devices applied the update successfully and started to work without any manual interaction required afterwards.
--------- Comment 3:
In my opinion, the paper is technically sound and relevant. I particularly like the introductory section. Well written, well presented.
This paper focuses on an implementation of a durable and stable system for building and publishing cryptographically secure firmware updates for embedded devices based on ESP8266 microcontrollers.
--------- Comment 4:
In this paper, the authors describe the concept of Over the Air (OTA) update mechanisms based on ESP8266 microcontrollers. Architecture and components of Firmware Over the Air (FOTA) are being presented for a Continuous Integration (CI) system which is driven by an open source continuous delivery system ( that triggers the updates automatically. Real-life use cases are implemented using sensors and actuators from ITEAD wireless smart switches for smart home applications and system communication is provided by MQTT. Home automation controllers are controlling sensors and actuators with open source home automation platform.
In the Introduction section, authors should describe their contribution to the OTA updates and their focus. There are no follow up sentences/paragraphs before the description part of the section.
In the Related Work section, authors wrote only related papers' titles. Authors should include the related works with their proposed system. Even though the paper focuses on OTA update mechanisms, authors referred more to use-case specific papers than OTA update mechanism/security issues.
The paper is missing a section which discusses the major differences of the proposed OTA update mechanism from related projects. This section should also include the novelties of the proposed work.
Authors mentioned open source library for ESP8266 which is named Sming and already in Github repository ( However, the paper should refer to this source. In addition, authors should explain their contribution to rBoot OTA firmware updating which is already referenced in [23].
In the Reference section, reference [8] should be completed as International Journal of Engineering Science and Computing, December 2016, pp. 3951-3953.
This paper should be more specific about the concept and analyze the performance of the proposed proof of concept implementation in detail. The authors should revise the paper and emphasize the novel features in order to make this paper stronger.
--------- Comment 5:
The paper formatting needs some adjustments:
!! Reduce the spacing between text paragraphs, all across the paper
!! Insert listings 1-5 as numbered figures with captions; also, correct all notations in text
!! correct the format for all the References (see template):
- provide 'pp. x-y' for ALL conference/journal references-> correct: [1], [7], [8], etc.
- list all the authors, if less than 6 [otherwise, use 'et al.' after the first author name] -> correct: [6].
- some are incomplete; see the required format; for example, add the publisher information in [8], etc.
- provide the last access date for ALL on-line references in the form [retrieved: month, year] (close to the camera-ready deadline) -> correct: [9], [10], [17], etc.
!! Correct the format / grammar / punctuation errors. Some examples:
!! expand all the acronyms, even trivial, when firstly used (even in the abstract); examples: IoT, etc.
-- In [2] a
Must be:
--> In [2], a low-cost
-- described in section V-B.
--> described in Section V-B.
-- and therefor would not
--> and therefore, they would not
-- into a CI system which is also
--> into a CI system, which is also
!! across the entire paper, watch the rule of 'which', sometimes needing a ',' before
-- flash chip which contains the
--> flash chip, which contains the
-- Therefore
the cryptographically
--> Therefore, the cryptographically
!! etc., etc.
--------- Comment 6:
This paper provides a conceptual work on an automated process to update large-scale firmware of embedded smart devices in the Internet-of-Things (IoT) environment. This mechanism would be a system that builds and publishes cryptographically secure updates based on ESP8266 microcontrollers. The updates would be built from source - automatically signed, distributed and installed on the devices. The motivation for the work is based on the assumption that while the requirements for those systems do not change, the environment in which they operate does change (e.g., security-related issues). I agree with that! One of the requirements for this proposed over-the-air update mechanism is that it would help reduce the cost of the updating operation.
I suggest that the authors provide, as an addendum, a chart / schematic depicting the overall of their mechanism so the readers can have a general yet complete idea of their work.