Security Analysis of Contiki IoT Operating System

The Internet of Things (IoT) has introduced a myriad of ways in which devices can interact with each other. The IoT concept provides opportunities for novel and useful applications but at the same time, concerns have been raised over potential security issues caused by buggy IoT software. It is therefore imperative to detect and fix these bugs in order to minimise the risk of IoT devices becoming the target or source of attacks. In this paper, we focus our investigation on the underlying IoT operating system (OS), which is critical for the overall security of IoT devices. We picked Contiki as our case study since it is a very popular IoT OS and we have access to part of the development team, allowing us to discuss potential vulnerabilities with them so that fixes can be implemented quickly. Using static program analysis tools and techniques, we are able to scan the source code of the Contiki OS systematically in order to identify, analyse and patch vulnerabilities. Our main contribution is a holistic and systematic analysis of Contiki, starting with an exploration of its metrics, fundamental architecture, and finally some of its vulnerabilities. Our analysis produced relevant data on the number of unsafe functions in use, as well as the bug density; both of which provide an indication of the overall security of the inspected system. Our effort led to the finding of two major issues, described in two Common Vulnerabilities and Exposures (CVE) reports

Formal Verification of a Memory Allocation Module of Contiki with Frama-C: a Case Study

International audienceFormal verification is still rarely applied to the IoT (InternetofThings)software, whereas IoT applications tend to become increasingly popular and critical.This short paper promotes the usage of formal verification to ensure safetyand security of software in this domain. We present a successful case study ondeductive verification of a memory allocation module of Contiki, a popular open-source operating system for IoT. We present the target module, describe how thecode has been specified and proven using Frama-C, a software analysis platformfor C code, and discuss lessons learned

Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services

Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings

Design Considerations for Low Power Internet Protocols

Over the past 10 years, low-power wireless networks have transitioned to supporting IPv6 connectivity through 6LoWPAN, a set of standards which specify how to aggressively compress IPv6 packets over low-power wireless links such as 802.15.4. We find that different low-power IPv6 stacks are unable to communicate using 6LoWPAN, and therefore IP, due to design tradeoffs between code size and energy efficiency. We argue that applying traditional protocol design principles to low-power networks is responsible for these failures, in part because receivers must accommodate a wide range of senders. Based on these findings, we propose three design principles for Internet protocols on low-power networks. These principles are based around the importance of providing flexible tradeoffs between code size and energy efficiency. We apply these principles to 6LoWPAN and show that the resulting design of the protocol provides developers a wide range of tradeoff points while allowing implementations with different choices to seamlessly communicate

DTLS Performance in Duty-Cycled Networks

The Datagram Transport Layer Security (DTLS) protocol is the IETF standard for securing the Internet of Things. The Constrained Application Protocol, ZigBee IP, and Lightweight Machine-to-Machine (LWM2M) mandate its use for securing application traffic. There has been much debate in both the standardization and research communities on the applicability of DTLS to constrained environments. The main concerns are the communication overhead and latency of the DTLS handshake, and the memory footprint of a DTLS implementation. This paper provides a thorough performance evaluation of DTLS in different duty-cycled networks through real-world experimentation, emulation and analysis. In particular, we measure the duration of the DTLS handshake when using three duty cycling link-layer protocols: preamble-sampling, the IEEE 802.15.4 beacon-enabled mode and the IEEE 802.15.4e Time Slotted Channel Hopping mode. The reported results demonstrate surprisingly poor performance of DTLS in radio duty-cycled networks. Because a DTLS client and a server exchange more than 10 signaling packets, the DTLS handshake takes between a handful of seconds and several tens of seconds, with similar results for different duty cycling protocols. Moreover, because of their limited memory, typical constrained nodes can only maintain 3-5 simultaneous DTLS sessions, which highlights the need for using DTLS parsimoniously.Comment: International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC - 2015), IEEE, IEEE, 2015, http://pimrc2015.eee.hku.hk/index.htm

PADRÕES DE SEGURANÇA PARA DISPOSITIVOS IOT LOW-END: UMA REVISÃO COMPARATIVA

A Internet das coisas permite que pessoas e objetos estejam conectados a qualquer momento, em qualquer lugar, com qualquer objeto a qualquer pessoa, usando qualquer caminho/rede e qualquer serviço. Assim, leva a uma heterogeneidade desafiadora de componentes e redes. Diferentes sistemas operacionais foram desenvolvidos para dispositivos IoT de baixo custo com requisitos rigorosos impostos principalmente pela baixa capacidade de processar e armazenar informações em comparação com uma máquina convencional. Assim, o sistema operacional deve ser capaz de executar tarefas da forma mais eficiente possível. Em redes heterogêneas, como no caso da IoT, é mais complexo garantir a segurança e a privacidade dos sistemas que fazem parte desse ecossistema. A funcionalidade principal da IoT é baseada na troca de informações entre centenas ou até milhões de objetos com a Internet. Este trabalho realiza uma revisão comparativa dos principais recursos de segurança disponíveis em sistemas operacionais de baixo custo orientados para IoT, incluindo Contiki, RIOT-OS, TinyOS e FreeRTOS.El Internet de las cosas permite que las personas y los objetos se conecten en cualquier momento, en cualquier lugar, con cualquier objeto a cualquier persona, utilizando cualquier ruta / red y cualquier servicio. Por lo tanto, conduce a una heterogeneidad desafiante de componentes y redes. Se desarrollaron diferentes sistemas operativos para dispositivos IoT de gama baja con requisitos estrictos impuestos principalmente por la baja capacidad de procesar y almacenar información en comparación con una máquina convencional. Por lo tanto, el sistema operativo debe ser capaz de realizar tareas de la manera más eficiente posible. En redes heterogéneas, como en el caso de IoT, es más complejo garantizar la seguridad y privacidad de los sistemas que forman parte de este ecosistema. La funcionalidad principal de IoT se basa en el intercambio de información entre cientos o incluso millones de objetos con Internet. Este trabajo realiza una revisión comparativa de las principales características de seguridad disponibles en sistemas operativos orientados a IoT de gama baja, incluidos Contiki, RIOT-OS, TinyOS y FreeRTOS.The Internet of things allows people and objects to be connected anytime, anywhere, with any object to anyone, using any path/network and any service. Thus, it leads to a challenging heterogeneity of components and networks. Different operating systems were developed for low-end IoT devices with stringent requirements mainly imposed by the low ability to process and store information compared to a conventional machine. Thus, the OS should be able to perform tasks as efficiently as possible. In heterogeneous networks, as in the case of IoT, it is more complex to guarantee the security and privacy of systems that are part of this ecosystem. The core functionality of IoT is based on exchanging information between hundreds or even millions of objects with the Internet. This work performs a comparative review of the leading security features available in low-end IoT-oriented OS, including Contiki, RIOT-OS, TinyOS, and FreeRTOS.A Internet das coisas permite que pessoas e objetos estejam conectados a qualquer momento, em qualquer lugar, com qualquer objeto a qualquer pessoa, usando qualquer caminho/rede e qualquer serviço. Assim, leva a uma heterogeneidade desafiadora de componentes e redes. Diferentes sistemas operacionais foram desenvolvidos para dispositivos IoT de baixo custo com requisitos rigorosos impostos principalmente pela baixa capacidade de processar e armazenar informações em comparação com uma máquina convencional. Assim, o sistema operacional deve ser capaz de executar tarefas da forma mais eficiente possível. Em redes heterogêneas, como no caso da IoT, é mais complexo garantir a segurança e a privacidade dos sistemas que fazem parte desse ecossistema. A funcionalidade principal da IoT é baseada na troca de informações entre centenas ou até milhões de objetos com a Internet. Este trabalho realiza uma revisão comparativa dos principais recursos de segurança disponíveis em sistemas operacionais de baixo custo orientados para IoT, incluindo Contiki, RIOT-OS, TinyOS e FreeRTOS