Live forensics framework for wireless sensor nodes using sandboxing

Typical sensor nodes are resource constrained devices containing user level applications, operating system components, and device drivers in a single address space, with no form of memory protection. A malicious user could easily capture a node and tamper the applications running, in order to perform different types of attacks. In this paper, we propose a remote live forensics protection architecture that prevents the execution of tampered software while alarming the owners of the sensors network. Using sandboxing to restrict application memory accesses within the address space and forensic techniques to validate the authenticity of the running applications we prevent malicious code from being executed while specifying the intrusion.

[1]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[2]  Mikhail J. Atallah,et al.  Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[3]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[4]  Panayiotis Kotzanikolaou,et al.  Secure Transactions with Mobile Agents in Hostile Environments , 2000, ACISP.

[5]  Jack W. Davidson,et al.  Protection of software-based survivability mechanisms , 2001, 2001 International Conference on Dependable Systems and Networks.

[6]  Jan Vitek,et al.  Secure Internet Programming: Security Issues for Mobile and Distributed Objects , 1999 .

[7]  Gregory Wroblewski,et al.  General Method of Program Code Obfuscation , 2002 .

[8]  Christian F. Tschudin,et al.  Towards mobile cryptography , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[9]  Manuel Blum,et al.  Designing programs that check their work , 1989, STOC '89.

[10]  Levente Buttyán,et al.  Introducing Trusted Third Parties to the Mobile Agent Paradigm , 2001, Secure Internet Programming.

[11]  Manuel Blum,et al.  Software reliability via run-time result-checking , 1997, JACM.

[12]  Robert E. Tarjan,et al.  Dynamic Self-Checking Techniques for Improved Tamper Resistance , 2001, Digital Rights Management Workshop.

[13]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[14]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[15]  Giovanni Vigna,et al.  Cryptographic Traces for Mobile Agents , 1998, Mobile Agents and Security.

[16]  Jens Palsberg,et al.  Avrora: scalable sensor network simulation with precise timing , 2005, IPSN 2005. Fourth International Symposium on Information Processing in Sensor Networks, 2005..

[17]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[18]  Peter Kruus,et al.  CONSTRAINTS AND APPROACHES FOR DISTRIBUTED SENSOR NETWORK SECURITY , 2000 .

[19]  Jack W. Davidson,et al.  Software Tamper Resistance: Obstructing Static Analysis of Programs , 2000 .

[20]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[21]  Yongdae Kim,et al.  Remote Software-Based Attestation for Wireless Sensors , 2005, ESAS.

[22]  SahaiAmit,et al.  On the (im)possibility of obfuscating programs , 2012 .

[23]  Ronitt Rubinfeld,et al.  Spot-checkers , 1998, STOC '98.

[24]  Christian S. Collberg,et al.  Breaking abstractions and unstructuring data structures , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[25]  K. Wehrle,et al.  Accurate prediction of power consumption in sensor networks , 2005, The Second IEEE Workshop on Embedded Networked Sensors, 2005. EmNetS-II..

[26]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[27]  Sencun Zhu,et al.  Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[28]  Beatrice Fraboni,et al.  Layout reconstruction of complex silicon chips , 1993 .

[29]  Kang G. Shin,et al.  Soft tamper-proofing via program integrity verification in wireless sensor networks , 2005, IEEE Transactions on Mobile Computing.

[30]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[31]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).