IoT Device security through dynamic hardware isolation with cloud-Based update

Abstract This work proposes a novel approach to provide comprehensive security to IoT devices. Our approach is based on a reconfigurable hardware-based isolation and protection mechanism (IPM) that operates as a dynamic separation unit between devices and network, far from potential software manipulation. The IPM analyses communications for malicious activities and prevents damage to the IoT device. The IPM leverages a central cloud-based authority to broaden the scope of traffic analysis beyond that of a singular IoT device. The central server evaluates logs from all IPM-protected IoT devices to improve their defense mechanisms and periodically upgrade device IPMs through a remote secure provisioning mechanism. The IPM achieves a 98.68% detection rate when evaluated against a Neptune DoS attack.

[1]  Hessam Kooti,et al.  Hardware-Assisted Detection of Malicious Software in Embedded Systems , 2012, IEEE Embedded Systems Letters.

[2]  Paul H. J. Kelly,et al.  Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.

[3]  Miguel Castro,et al.  Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors , 2009, USENIX Security Symposium.

[4]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[6]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[7]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[8]  Alessandro Orso,et al.  Effective and Efficient Memory Protection Using Dynamic Tainting , 2012, IEEE Transactions on Computers.

[9]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[10]  Yue Wu,et al.  A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network , 2014, J. Electr. Comput. Eng..

[11]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[12]  Abbas Javed,et al.  Intelligent Intrusion Detection in Low-Power IoTs , 2016, ACM Trans. Internet Techn..

[13]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[14]  Ferhat Özgür Çatak,et al.  Distributed denial of service attack detection using autoencoder and deep neural networks , 2019, J. Intell. Fuzzy Syst..

[15]  Christophe Bobda,et al.  Efficient Building of Word Recongnizer in FPGAs for Term-Document Matrices Construction , 2000, FPL.

[16]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[17]  Milo M. K. Martin,et al.  SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.

[18]  Deepak Gupta,et al.  Binary rewriting and call interception for efficient runtime protection against buffer overflows , 2006, Softw. Pract. Exp..

[19]  Derek Bruening,et al.  AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[20]  Syed Obaid Amin,et al.  RIDES: Robust Intrusion Detection System for IP-Based Ubiquitous Sensor Networks , 2009, Sensors.

[21]  Niranjan Hasabnis,et al.  Light-weight bounds checking , 2012, CGO '12.

[22]  Christophe Bobda,et al.  Hardware/Software Isolation and Protection Architecture for Transparent Security Enforcement in Networked Devices , 2016, 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[23]  Antonio Pescapè,et al.  On the Integration of Cloud Computing and Internet of Things , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[24]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[25]  George Kornaros,et al.  A survey and taxonomy of on-chip monitoring of multicore systems-on-chip , 2013, TODE.

[26]  Luca Calderoni,et al.  IoT Manager: An open-source IoT framework for smart cities , 2019, J. Syst. Archit..

[27]  Sung-Bae Cho,et al.  Evolutionary neural networks for anomaly detection based on the behavior of a program , 2005, IEEE Trans. Syst. Man Cybern. Part B.

[28]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[29]  Bernardo A. Huberman,et al.  Ensuring Trust and Security in the Industrial IoT , 2016, Ubiquity.

[30]  Nael B. Abu-Ghazaleh,et al.  Malware-aware processors: A framework for efficient online malware detection , 2015, 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA).

[31]  Hyo-Chan Bang,et al.  An in-depth analysis on traffic flooding attacks detection and system using data mining techniques , 2013, J. Syst. Archit..

[32]  Christian Callegari,et al.  Neural network based anomaly detection , 2014, 2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD).

[33]  Deepak Gupta,et al.  TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection , 2004, USENIX Security Symposium.

[34]  Shufu Mao,et al.  Hardware Support for Secure Processing in Embedded Systems , 2010, IEEE Trans. Computers.

[35]  Dinakar Dhurjati,et al.  SAFECode: enforcing alias analysis for weakly typed languages , 2005, PLDI '06.

[36]  Wouter Joosen,et al.  PAriCheck: an efficient pointer arithmetic checker for C programs , 2010, ASIACCS '10.

[37]  Lui Sha,et al.  SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[38]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[39]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[40]  Giancarlo Succi,et al.  Authentication in cloud-driven IoT-based big data environment: Survey and outlook , 2019, J. Syst. Archit..