One of the main challenges in IoT security is to assure the integrity of the firmware running on a constrained low-cost device. A solution to this challenge could be provided by security service called attestation, where the device generates an evidence about its firmware which is attested by a remote verifier. How attestation evidence can be generated at boot time on a tiny microcontroller was investigated in earlier work and also specified by the TCG's DICE specification. It is, however, challenging to generate such attestation evidence during runtime, where the device usually is prone to powerful attacks. Previous contributions have attempted to solve this by using custom hardware extensions of the CPU architecture. We, however, present a method based on DICE to securely generate attestation evidence at runtime using only standard CPU features like MPU, privileged/unprivileged levels of execution and the required by DICE boot ROM and lock mechanism. Precisely, we use the MPU and privilege levels to effectively isolate the attestation firmware and secrets from the remaining application. As a result, our method can immediately be applied to a broad range of popular microcontrollers. We provide a proof of concept implementation for the Cortex-M4-based STM32L476 microcontroller.
Many IoT use cases involve constrained batterypowered devices offering services in a RESTful manner to their communication partners. Such services may involve, e.g., costly computations or actuator/sensor usage, which may have significant influence on the power consumption of the service Providers. Remote attackers may excessively use those services in order to exhaust the Providers' batteries, which is a form of a Denial of Service (DoS) attack. Previous work proposed solutions based on lightweight symmetric authentication. These solutions scale poorly due to requiring pre-shared keys and do not provide protection against compromised service Requesters. In contrast, we consider more powerful attackers even capable of compromising legit Requesters. We propose a method that combines attacker detection and throttling, conducted by a third trusted Backend, with a lightweight authentication protocol. For attacker detection and throttling, we propose a novel approach using rate limitation algorithms. In addition, we propose and formally verify two authentication protocols suitable for different, widely used IoT network topologies. Our protocols ensure service availability for benign Requesters even if Providers are under a battery exhaustion attack. The protocols do neither require pre-shared keys between Requesters and Providers, nor the usage of asymmetric cryptography and public key infrastructures on the Provider. This makes our protocols suitable for a variety of IoT deployments involving constrained devices and constrained networks. We demonstrate the feasibility of our method through a simulation and a proof of concept implementation.
We live in a time when billions of IoT devices are being deployed and increasingly relied upon. This makes ensuring their availability and recoverability in case of a compromise a paramount goal. The large and rapidly growing number of deployed IoT devices make manual recovery impractical, especially if the devices are dispersed over a large area. Thus, there is a need for a reliable and scalable remote recovery mechanism that works even after attackers have taken full control over devices, possibly misusing them or trying to render them useless. To tackle this problem, we present Lazarus, a system that enables the remote recovery of compromised IoT devices. With Lazarus, an IoT administrator can remotely control the code running on IoT devices unconditionally and within a guaranteed time bound. This makes recovery possible even in case of severe corruption of the devices' software stack. We impose only minimal hardware requirements, making Lazarus applicable even for low-end constrained off-the-shelf IoT devices. We isolate Lazarus's minimal recovery trusted computing base from untrusted software both in time and by using a trusted execution environment. The temporal isolation prevents secrets from being leaked through side-channels to untrusted software. Inside the trusted execution environment, we place minimal functionality that constrains untrusted software at runtime. We implement Lazarus on an ARM Cortex-M33-based microcontroller in a full setup with an IoT hub, device provisioning and secure update functionality. Our prototype can recover compromised embedded OSs and bare-metal applications and prevents attackers from bricking devices, for example, through flash wear out. We show this at the example of FreeRTOS, which requires no modifications but only a single additional task. Our evaluation shows negligible runtime performance impact and moderate memory requirements.
<p><strong>Abstract.</strong> Drones come in huge variety of shapes, sizes and flight characteristics. They can fly in places where no manned aircraft flies or where a person is not desirable to be. Their ability to perform “3D” &ndash; here standing for dirty, dull and dangerous. All these properties turn them into a valuable asset into disaster responders’ toolkit. In the very first moments of disaster it becomes confusing for non-experienced person to decide, which drone to be deployed first or to what task to be assigned to.<br> In order to perform their mission in safest and most successful way in this paper we discuss a decision-making model to aid first responders in the early stage of reaction. In particular, a performance mapping model is design as a hierarchical structure with several inputs and more than one output. Several limitations are considered as inputs. On one hand there are “external” factors briefly known a prior – disaster type (wildfire, CBRNE, flood etc.) and weather conditions (wind speed, fog, cloud cover, etc.). On other hand there is certain correlation with some “internal” characteristics such as drone type, flight performance (stall speed, turn radius, flight endurance etc.) and payload capabilities: resolution, accuracy, weight (sensor resolution, size, weight, etc.). Given this and mission type as an output from the model a specific drone and equipment is advised to the first responders.<br> This model can be later on introduced in disaster responders training and documentation helping them to properly utilize their drone fleet, raising preparedness and by so increasing disaster management capabilities and reaction effectiveness.</p>
<p><strong>Abstract.</strong> The paper proposes a fuzzy logic approach for drone capability analysis on disaster risk assessment. In particular, a fuzzy logic model is designed as a hierarchical system with several inputs and one output. The system inputs corresponds to the linguistic variables, describing the of levels of the external and internal input factors, which determine the capability levels of analysed drone in respect to disaster risk assessment. As external input factors are used, for example: disaster type (flood, landslide, wildfire); weather conditions (wind speed, fog, cloud cover); operational area (urban, mountain, plain), etc. As internal input factors are considered the drone characteristics such as drone type, flight performance (stall speed, turn radius, flight endurance), payload capabilities (camera resolution, accuracy, weight, sensors), etc. The fuzzy logic system output gives the level of the drone capability on disaster risk assessment in defined conditions. The model is designed in <i>Matlab</i> computer environment using Fuzzy Logic Toolbox. Several computer simulations are carried out to validate the proposed model. The designed fuzzy logic model is part of an information system for disaster risk management using drones, which is under development.</p>
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.