No Arabic abstract
Given the ubiquity of memory in commodity electronic devices, fingerprinting memory is a compelling proposition, especially for low-end Internet of Things (IoT) devices where cryptographic modules are often unavailable. However, the use of fingerprints in security functions is challenged by the inexact reproductions of fingerprints from the same device at different time instances due to various noise sources causing, small, but unpredictable variations in fingerprint measurements. Our study formulates a novel and textit{pragmatic} approach to achieve the elusive goal of affording highly reliable fingerprints from device memories. We investigate the transformation of raw fingerprints into a noise-tolerant space where the generation of fingerprints from memory biometrics is intrinsically highly reliable. Further, we derive formal performance bounds to support practitioners to adopt our methods for practical applications. Subsequently, we demonstrate the expressive power of our formalization by using it to investigate the practicability of extracting noise-tolerant fingerprints from commodity devices. We have employed a set of 38 memory chips including SRAM (69,206,016 cells), Flash (3,902,976 cells) and EEPROM (32,768 cells) ubiquitously embedded in low-end commodity devices from 6 different manufacturers for extensive experimental validations. Our results demonstrate that noise-tolerant fingerprints -- achieving a key failure rate less than $10^{-6}$ -- can always be efficiently afforded from tested memories with a solely fingerprint snap-shot enrollment. Further, we employ a low-cost wearable Bluetooth inertial sensor and demonstrate a practical, end-to-end implementation of a remote attestation security function built upon a root key from noise-tolerant SRAM fingerprints generated on demand and at run-time.
Internet of Things is revolutionizing the current era with its vast usage in number of fields such as medicine, automation, home security, smart cities, etc. As these IoT devices uses are increasing, the threat to its security and to its application protocols are also increasing. Traffic passing over these protocol if intercepted, could reveal sensitive information and result in taking control of the entire IoT network. Scope of this paper is limited to MQTT protocol. MQTT (MQ Telemetry Transport) is a light weight protocol used for communication between IoT devices. There are multiple brokers as well as clients available for publishing and subscribing to services. For security purpose, it is essential to secure the traffic, broker and end client application. This paper demonstrates extraction of sensitive data from the devices which are running broker and client application.
As the Internet of Things (IoT) rolls out today to devices whose lifetime may well exceed a decade, conservative threat models should consider attackers with access to quantum computing power. The SUIT standard (specified by the IETF) defines a security architecture for IoT software updates, standardizing the metadata and the cryptographic tools-namely, digital signatures and hash functions-that guarantee the legitimacy of software updates. While the performance of SUIT has previously been evaluated in the pre-quantum context, it has not yet been studied in a post-quantum context. Taking the open-source implementation of SUIT available in RIOT as a case study, we overview post-quantum considerations, and quantum-resistant digital signatures in particular, focusing on lowpower, microcontroller-based IoT devices which have stringent resource constraints in terms of memory, CPU, and energy consumption. We benchmark a selection of proposed post-quantum signature schemes (LMS, Falcon, and Dilithium) and compare them with current pre-quantum signature schemes (Ed25519 and ECDSA). Our benchmarks are carried out on a variety of IoT hardware including ARM Cortex-M, RISC-V, and Espressif (ESP32), which form the bulk of modern 32-bit microcontroller architectures. We interpret our benchmark results in the context of SUIT, and estimate the real-world impact of post-quantum alternatives for a range of typical software update categories. CCS CONCEPTS $bullet$ Computer systems organization $rightarrow$ Embedded systems.
Internet of Things (IoT) devices have been increasingly integrated into our daily life. However, such smart devices suffer a broad attack surface. Particularly, attacks targeting the device software at runtime are challenging to defend against if IoT devices use resource-constrained microcontrollers (MCUs). TrustZone-M, a TrustZone extension for MCUs, is an emerging security technique fortifying MCU based IoT devices. This paper presents the first security analysis of potential software security issues in TrustZone-M enabled MCUs. We explore the stack-based buffer overflow (BOF) attack for code injection, return-oriented programming (ROP) attack, heap-based BOF attack, format string attack, and attacks against Non-secure Callable (NSC) functions in the context of TrustZone-M. We validate these attacks using the TrustZone-M enabled SAM L11 MCU. Strategies to mitigate these software attacks are also discussed.
Internet of Things (IoT) devices and applications can have significant vulnerabilities, which may be exploited by adversaries to cause considerable harm. An important approach for mitigating this threat is remote attestation, which enables the defender to remotely verify the integrity of devices and their software. There are a number of approaches for remote attestation, and each has its unique advantages and disadvantages in terms of detection accuracy and computational cost. Further, an attestation method may be applied in multiple ways, such as various levels of software coverage. Therefore, to minimize both security risks and computational overhead, defenders need to decide strategically which attestation methods to apply and how to apply them, depending on the characteristic of the devices and the potential losses. To answer these questions, we first develop a testbed for remote attestation of IoT devices, which enables us to measure the detection accuracy and performance overhead of various attestation methods. Our testbed integrates two example IoT applications, memory-checksum based attestation, and a variety of software vulnerabilities that allow adversaries to inject arbitrary code into running applications. Second, we model the problem of finding an optimal strategy for applying remote attestation as a Stackelberg security game between a defender and an adversary. We characterize the defenders optimal attestation strategy in a variety of special cases. Finally, building on experimental results from our testbed, we evaluate our model and show that optimal strategic attestation can lead to significantly lower losses than naive baseline strategies.
In this paper, we specify a class of mathematical problems, which we refer to as Function Density Problems (FDPs, in short), and point out novel connections of FDPs to the following two cryptographic topics; theoretical security evaluations of keyless hash functions (such as SHA-1), and constructions of provably secure pseudorandom generators (PRGs) with some enhanced security property introduced by Dubrov and Ishai [STOC 2006]. Our argument aims at proposing new theoretical frameworks for these topics (especially for the former) based on FDPs, rather than providing some concrete and practical results on the topics. We also give some examples of mathematical discussions on FDPs, which would be of independent interest from mathematical viewpoints. Finally, we discuss possible directions of future research on other cryptographic applications of FDPs and on mathematical studies on FDPs themselves.