The capability to securely (re)program embedded devices over-the-air is a fundamental functionality for the emerging
Internet of Things (IoT). Current approaches work efficiently by exploiting the homogeneity within sensing devices, where all nodes
require the update and participate in the process. Due to the heterogeneity of IoT deployments, where the type of devices and program
images vary, existing solutions suffer from severe performance degradation. We address this shortcoming with our system SEDA,
which leverages a secure multicast approach. SEDA outperforms existing systems since the program image is securely delivered and
processed on targeted nodes only, hence reducing the overhead for not involved nodes. In order to enable the multicast approach, we
introduce an asymmetric broadcast encryption primitive, which we have optimized towards constrained nodes to reduce the
communication/computation overhead as compared to existing approaches. With an extensive experimental study on a public testbed
in several practical settings, we show SEDA’s efficient performance compared to state-of-the-art approaches. Finally, our theoretical
security analysis shows SEDA’s security against identified adversary models.