805 research outputs found
Security Analysis of Contiki IoT Operating System
The Internet of Things (IoT) has introduced a myriad of ways in which devices can interact with each other. The IoT concept provides opportunities for novel and useful applications but at the same time, concerns have been raised over potential security issues caused by buggy IoT software. It is therefore imperative to detect and fix these bugs in order to minimise the risk of IoT devices becoming the target or source of attacks. In this paper, we focus our investigation on the underlying IoT operating system (OS), which is critical for the overall security of IoT devices. We picked Contiki as our case study since it is a very popular IoT OS and we have access to part of the development team, allowing us to discuss potential vulnerabilities with them so that fixes can be implemented quickly. Using static program analysis tools and techniques, we are able to scan the source code of the Contiki OS systematically in order to identify, analyse and patch vulnerabilities. Our main contribution is a holistic and systematic analysis of Contiki, starting with an exploration of its metrics, fundamental architecture, and finally some of its vulnerabilities. Our analysis produced relevant data on the number of unsafe functions in use, as well as the bug density; both of which provide an indication of the overall security of the inspected system. Our effort led to the finding of two major issues, described in two Common Vulnerabilities and Exposures (CVE) reports
Formal Verification of a Memory Allocation Module of Contiki with Frama-C: a Case Study
International audienceFormal verification is still rarely applied to the IoT (InternetofThings)software, whereas IoT applications tend to become increasingly popular and critical.This short paper promotes the usage of formal verification to ensure safetyand security of software in this domain. We present a successful case study ondeductive verification of a memory allocation module of Contiki, a popular open-source operating system for IoT. We present the target module, describe how thecode has been specified and proven using Frama-C, a software analysis platformfor C code, and discuss lessons learned
Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services
Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing
efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings
Design Considerations for Low Power Internet Protocols
Over the past 10 years, low-power wireless networks have transitioned to
supporting IPv6 connectivity through 6LoWPAN, a set of standards which specify
how to aggressively compress IPv6 packets over low-power wireless links such as
802.15.4.
We find that different low-power IPv6 stacks are unable to communicate using
6LoWPAN, and therefore IP, due to design tradeoffs between code size and energy
efficiency. We argue that applying traditional protocol design principles to
low-power networks is responsible for these failures, in part because receivers
must accommodate a wide range of senders.
Based on these findings, we propose three design principles for Internet
protocols on low-power networks. These principles are based around the
importance of providing flexible tradeoffs between code size and energy
efficiency. We apply these principles to 6LoWPAN and show that the resulting
design of the protocol provides developers a wide range of tradeoff points
while allowing implementations with different choices to seamlessly
communicate
DTLS Performance in Duty-Cycled Networks
The Datagram Transport Layer Security (DTLS) protocol is the IETF standard
for securing the Internet of Things. The Constrained Application Protocol,
ZigBee IP, and Lightweight Machine-to-Machine (LWM2M) mandate its use for
securing application traffic. There has been much debate in both the
standardization and research communities on the applicability of DTLS to
constrained environments. The main concerns are the communication overhead and
latency of the DTLS handshake, and the memory footprint of a DTLS
implementation. This paper provides a thorough performance evaluation of DTLS
in different duty-cycled networks through real-world experimentation, emulation
and analysis. In particular, we measure the duration of the DTLS handshake when
using three duty cycling link-layer protocols: preamble-sampling, the IEEE
802.15.4 beacon-enabled mode and the IEEE 802.15.4e Time Slotted Channel
Hopping mode. The reported results demonstrate surprisingly poor performance of
DTLS in radio duty-cycled networks. Because a DTLS client and a server exchange
more than 10 signaling packets, the DTLS handshake takes between a handful of
seconds and several tens of seconds, with similar results for different duty
cycling protocols. Moreover, because of their limited memory, typical
constrained nodes can only maintain 3-5 simultaneous DTLS sessions, which
highlights the need for using DTLS parsimoniously.Comment: International Symposium on Personal, Indoor and Mobile Radio
Communications (PIMRC - 2015), IEEE, IEEE, 2015,
http://pimrc2015.eee.hku.hk/index.htm
PADRÕES DE SEGURANÇA PARA DISPOSITIVOS IOT LOW-END: UMA REVISÃO COMPARATIVA
A Internet das coisas permite que pessoas e objetos estejam conectados a qualquer momento, em qualquer lugar, com qualquer objeto a qualquer pessoa, usando qualquer caminho/rede e qualquer serviço. Assim, leva a uma heterogeneidade desafiadora de componentes e redes. Diferentes sistemas operacionais foram desenvolvidos para dispositivos IoT de baixo custo com requisitos rigorosos impostos principalmente pela baixa capacidade de processar e armazenar informações em comparação com uma máquina convencional. Assim, o sistema operacional deve ser capaz de executar tarefas da forma mais eficiente possível. Em redes heterogêneas, como no caso da IoT, é mais complexo garantir a segurança e a privacidade dos sistemas que fazem parte desse ecossistema. A funcionalidade principal da IoT é baseada na troca de informações entre centenas ou até milhões de objetos com a Internet. Este trabalho realiza uma revisão comparativa dos principais recursos de segurança disponíveis em sistemas operacionais de baixo custo orientados para IoT, incluindo Contiki, RIOT-OS, TinyOS e FreeRTOS.El Internet de las cosas permite que las personas y los objetos se conecten en cualquier momento, en cualquier lugar, con cualquier objeto a cualquier persona, utilizando cualquier ruta / red y cualquier servicio. Por lo tanto, conduce a una heterogeneidad desafiante de componentes y redes. Se desarrollaron diferentes sistemas operativos para dispositivos IoT de gama baja con requisitos estrictos impuestos principalmente por la baja capacidad de procesar y almacenar información en comparación con una máquina convencional. Por lo tanto, el sistema operativo debe ser capaz de realizar tareas de la manera más eficiente posible. En redes heterogéneas, como en el caso de IoT, es más complejo garantizar la seguridad y privacidad de los sistemas que forman parte de este ecosistema. La funcionalidad principal de IoT se basa en el intercambio de información entre cientos o incluso millones de objetos con Internet. Este trabajo realiza una revisión comparativa de las principales características de seguridad disponibles en sistemas operativos orientados a IoT de gama baja, incluidos Contiki, RIOT-OS, TinyOS y FreeRTOS.The Internet of things allows people and objects to be connected anytime, anywhere, with any object to anyone, using any path/network and any service. Thus, it leads to a challenging heterogeneity of components and networks. Different operating systems were developed for low-end IoT devices with stringent requirements mainly imposed by the low ability to process and store information compared to a conventional machine. Thus, the OS should be able to perform tasks as efficiently as possible. In heterogeneous networks, as in the case of IoT, it is more complex to guarantee the security and privacy of systems that are part of this ecosystem. The core functionality of IoT is based on exchanging information between hundreds or even millions of objects with the Internet. This work performs a comparative review of the leading security features available in low-end IoT-oriented OS, including Contiki, RIOT-OS, TinyOS, and FreeRTOS.A Internet das coisas permite que pessoas e objetos estejam conectados a qualquer momento, em qualquer lugar, com qualquer objeto a qualquer pessoa, usando qualquer caminho/rede e qualquer serviço. Assim, leva a uma heterogeneidade desafiadora de componentes e redes. Diferentes sistemas operacionais foram desenvolvidos para dispositivos IoT de baixo custo com requisitos rigorosos impostos principalmente pela baixa capacidade de processar e armazenar informações em comparação com uma máquina convencional. Assim, o sistema operacional deve ser capaz de executar tarefas da forma mais eficiente possível. Em redes heterogêneas, como no caso da IoT, é mais complexo garantir a segurança e a privacidade dos sistemas que fazem parte desse ecossistema. A funcionalidade principal da IoT é baseada na troca de informações entre centenas ou até milhões de objetos com a Internet. Este trabalho realiza uma revisão comparativa dos principais recursos de segurança disponíveis em sistemas operacionais de baixo custo orientados para IoT, incluindo Contiki, RIOT-OS, TinyOS e FreeRTOS
- …