3 research outputs found
The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things
We live in a time when billions of IoT devices are being deployed and
increasingly relied upon. This makes ensuring their availability and
recoverability in case of a compromise a paramount goal. The large and rapidly
growing number of deployed IoT devices make manual recovery impractical,
especially if the devices are dispersed over a large area. Thus, there is a
need for a reliable and scalable remote recovery mechanism that works even
after attackers have taken full control over devices, possibly misusing them or
trying to render them useless.
To tackle this problem, we present Lazarus, a system that enables the remote
recovery of compromised IoT devices. With Lazarus, an IoT administrator can
remotely control the code running on IoT devices unconditionally and within a
guaranteed time bound. This makes recovery possible even in case of severe
corruption of the devices' software stack. We impose only minimal hardware
requirements, making Lazarus applicable even for low-end constrained
off-the-shelf IoT devices. We isolate Lazarus's minimal recovery trusted
computing base from untrusted software both in time and by using a trusted
execution environment. The temporal isolation prevents secrets from being
leaked through side-channels to untrusted software. Inside the trusted
execution environment, we place minimal functionality that constrains untrusted
software at runtime.
We implement Lazarus on an ARM Cortex-M33-based microcontroller in a full
setup with an IoT hub, device provisioning and secure update functionality. Our
prototype can recover compromised embedded OSs and bare-metal applications and
prevents attackers from bricking devices, for example, through flash wear out.
We show this at the example of FreeRTOS, which requires no modifications but
only a single additional task. Our evaluation shows negligible runtime
performance impact and moderate memory requirements.Comment: In Proceedings of the 15th ACM Asia Conference on Computer and
Communications Security (ASIA CCS 20
Dominance as a New Trusted Computing Primitive for the Internet of Things
The Internet of Things (IoT) is rapidly emerging as one of the dominant computing paradigms of this decade. Applications range from in-home entertainment to large-scale industrial deployments such as controlling assembly lines and monitoring traffic. While IoT devices are in many respects similar to traditional computers, user expectations and deployment scenarios as well as cost and hardware constraints are sufficiently different to create new security challenges as well as new opportunities. This is especially true for large-scale IoT deployments in which a central entity deploys and controls a large number of IoT devices with minimal human interaction. Like traditional computers, IoT devices are subject to attack and compromise. Large IoT deployments consisting of many nearly identical devices are especially attractive targets. At the same time, recovery from root compromise by conventional means becomes costly and slow, even more so if the devices are dispersed over a large geographical area. In the worst case, technicians have to travel to all devices and manually recover them. Data center solutions such as the Intelligent Platform Management Interface (IPMI) which rely on separate service processors and network connections are not only not supported by existing IoT hardware, but are unlikely to be in the foreseeable future due to the cost constraints of mainstream IoT devices. This paper presents CIDER, a system that can recover IoT devices within a short amount of time, even if attackers have taken root control of every device in a large deployment. The recovery requires minimal manual intervention. After the administrator has identified the compromise and produced an updated firmware image, he/she can instruct CIDER to force the devices to reset and to install the patched firmware on the devices. We demonstrate the universality and practicality of CIDER by implementing it on three popular IoT platforms (HummingBoard Edge, Raspberry Pi Compute Module 3 and Nucleo-L476RG) spanning the range from high to low end. Our evaluation shows that the performance overhead of CIDER is generally negligible