Framework for software tampering detection in embedded systems

Al-Wosabi, Abdo Ali A.; Shukur, Zarina; Ibrahim, Muhammad Azwan

doi:10.1109/iceei.2015.7352507

Cited by 3 publications

(1 citation statement)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, programme memory protection mechanism prevents unauthorized access to the programme memory used in today's microcontrollers. So the protection mechanism has to be defeated first to check the software plagiarism [1]. This makes testing of embedded devices from the perspective of software plagiarism very difficult, especially if it needs to be done in an automated way.…”

Section: Introductionmentioning

confidence: 99%

Implementation of security module to protect programme theft in microcontroller-based applications

Subramanian¹,

Rajeswari²

2019

Automatika

View full text Add to dashboard Cite

Source code plagiarism has become a serious threat for the development of small scale embedded industries and also the violations of intellectual property right are a threat for the development of hardware system. There are many software solutions for comparing source codes, but they are often not realistic in the present scenario. Digital watermarking scheme is one of the possible solutions for this problem. A novel watermarking technique is employed so that it can be easily and reliably detected by special techniques. In this paper, verification methods are presented to detect software plagiarism in the embedded application software without the implemented source code. All the approaches use side-channel information obtained during the execution of the suspicious code. The primary method is passive, i.e. no previous modification of the original code is required. It determines that the Hamming weights of the executed instructions of the suspicious device are used and uses string matching algorithms for comparisons with a reference implementation. The other method inserts additional code fragments as a watermark that can be identified in the power consumption of the executed source code. Proposed approaches are robust against code-transformation attacks.

show abstract

Section: Introductionmentioning

confidence: 99%

Implementation of security module to protect programme theft in microcontroller-based applications

Subramanian¹,

Rajeswari²

2019

Automatika

View full text Add to dashboard Cite

show abstract

A Secure Protocol for Remote-Code Integrity Attestation of Embedded Systems: The CSP Approach

Al-Wosabi

Shukur

2019

IEEE Access

View full text Add to dashboard Cite

No doubt, a person of modern society relying on Embedded Systems (ESs) has increased rapidly and the era of digital machines is gaining popularity among users and also systems providers. At the same time, such instruments face substantial security challenges because they usually operate in a physically unprotected environment, and thus attract the attackers to gain unauthorized access for utilizing the system functions. Accordingly, system integrity is important and hence there is a need to propose a technique/tool to verify that the original/pure systems codes have been used in those devices. In this research, our main objective is to design a system architecture with a secure communication for code integrity attestation of an ES. Indeed, the study presents the proposed system architecture for ESs integrity attestation which includes two main phases: fetching an ES code at a server site and examining the ES at a remote site (using a designed user application). Essentially, the hash function (SHA-2) with a random key to calculate a unique digest value for a targeted system have been utilized. Also, the study used timestamps and nonce values, two secure keys, and public key algorithm to design a secure protocol in-order to prevent potential attacks during data and the associated values transfer between the server and the remote user application. As many researchers state that the formal methods are very precise and accurate for presenting system specifications; this study modeled and analyzed the proposed attestation protocol using the Communicating Sequential Processes (CSP) formal method approach. Besides, the Compiler for the Analysis of Security Protocols (Casper) has been used to translate the protocol description into the corresponding process algebra CSP model. Then, the researcher used the Failures Divergences Refinement (FDR) to evaluate the proposed protocol. Those formal method tools are considered as a reliable verification measurement in-order to figure-out potential flaws and correct them. Overall, the final output of checking all the defined secrecy and authentication assertions using FDR 4.2.0, and thus all the secrecy and authentication specifications defined in the developed Casper script are passed.INDEX TERMS Embedded systems, code integrity, code integrity attestation, software tampering, tampering detection, CSP formal method approach, FDR, Casper.

show abstract