HEXON: Protecting Firmware Using Hardware-Assisted Execution-Level Obfuscation

The prevalence of embedded systems and IoTs in critical applications raises the demand for comprehensive security and assurance of the system’s firmware and hardware. Due to the ease of access to these devices, the proprietary firmware becomes vulnerable to various attacks such as piracy, reverse engineering, and tampering. Computationally heavy encryption and obfuscations have been introduced to thwart these attacks; however, they are prohibitively expensive to deploy in resource-constrained systems. Moreover, they are unable to prevent information leakage through memory bus snooping or execution on unauthorized hardware. This paper proposes a novel solution for protecting firmware using hardware-assisted execution-level obfuscation (HEXON) leveraging device-intrinsic signatures. HEXON performs opcode and block-level obfuscations while shuffling all blocks of program memory in firmware. It in-cludes an on-chip hardware architecture for run-time obfuscation and deobfuscation of instructions. Our experiments show that HEXON requires minimal area and static power overhead (∼0.6% and ∼4.8%, respectively), incurs a small performance penalty (∼9.62%), and requires a minimum of 4 × 1052 trials to perform brute-force attack.