RADIS: Remote Attestation of Distributed IoT Services

Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trustworthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an interoperable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trustworthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table

Trick or Heat? Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks

Temperature sensing and control systems are widely used in the closed-loop control of critical processes such as maintaining the thermal stability of patients, or in alarm systems for detecting temperature-related hazards. However, the security of these systems has yet to be completely explored, leaving potential attack surfaces that can be exploited to take control over critical systems. In this paper we investigate the reliability of temperature-based control systems from a security and safety perspective. We show how unexpected consequences and safety risks can be induced by physical-level attacks on analog temperature sensing components. For instance, we demonstrate that an adversary could remotely manipulate the temperature sensor measurements of an infant incubator to cause potential safety issues, without tampering with the victim system or triggering automatic temperature alarms. This attack exploits the unintended rectification effect that can be induced in operational and instrumentation amplifiers to control the sensor output, tricking the internal control loop of the victim system to heat up or cool down. Furthermore, we show how the exploit of this hardware-level vulnerability could affect different classes of analog sensors that share similar signal conditioning processes. Our experimental results indicate that conventional defenses commonly deployed in these systems are not sufficient to mitigate the threat, so we propose a prototype design of a low-cost anomaly detector for critical applications to ensure the integrity of temperature sensor signals.Comment: Accepted at the ACM Conference on Computer and Communications Security (CCS), 201

C-FLAT: Control-FLow ATtestation for Embedded Systems Software

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to run-time attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive run-time remote attestation, we present the design and implementation of Control- FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the 23rd ACM Conference on Computer and Communications Securit

Wireless sensors and IoT platform for intelligent HVAC control

Energy consumption of buildings (residential and non-residential) represents approximately 40% of total world electricity consumption, with half of this energy consumed by HVAC systems. Model-Based Predictive Control (MBPC) is perhaps the technique most often proposed for HVAC control, since it offers an enormous potential for energy savings. Despite the large number of papers on this topic during the last few years, there are only a few reported applications of the use of MBPC for existing buildings, under normal occupancy conditions and, to the best of our knowledge, no commercial solution yet. A marketable solution has been recently presented by the authors, coined the IMBPC HVAC system. This paper describes the design, prototyping and validation of two components of this integrated system, the Self-Powered Wireless Sensors and the IOT platform developed. Results for the use of IMBPC in a real building under normal occupation demonstrate savings in the electricity bill while maintaining thermal comfort during the whole occupation schedule.QREN SIDT [38798]; Portuguese Foundation for Science & Technology, through IDMEC, under LAETA [ID/EMS/50022/2013

Development of a Network of Accurate Ozone Sensing Nodes for Parallel Monitoring in a Site Relocation Study

Recent technological advances in both air sensing technology and Internet of Things (IoT) connectivity have enabled the development and deployment of remote monitoring networks of air quality sensors. The compact size and low power requirements of both sensors and IoT data loggers allow for the development of remote sensing nodes with power and connectivity versatility. With these technological advancements, sensor networks can be developed and deployed for various ambient air monitoring applications. This paper describes the development and deployment of a monitoring network of accurate ozone (O3) sensor nodes to provide parallel monitoring in an air monitoring site relocation study. The reference O3 analyzer at the station along with a network of three O3 sensing nodes was used to evaluate the spatial and temporal variability of O3 across four Southern California communities in the San Bernardino Mountains which are currently represented by a single reference station in Crestline, CA. The motivation for developing and deploying the sensor network in the region was that the single reference station potentially needed to be relocated due to uncertainty that the lease agreement would be renewed. With the implication of siting a new reference station that is also a high O3 site, the project required the development of an accurate and precise sensing node for establishing a parallel monitoring network at potential relocation sites. The deployment methodology included a pre-deployment co-location calibration to the reference analyzer at the air monitoring station with post-deployment co-location results indicating a mean absolute error (MAE) < 2 ppb for 1-h mean O3 concentrations. Ordinary least squares regression statistics between reference and sensor nodes during post-deployment co-location testing indicate that the nodes are accurate and highly correlated to reference instrumentation with R2 values > 0.98, slope offsets < 0.02, and intercept offsets < 0.6 for hourly O3 concentrations with a mean concentration value of 39.7 ± 16.5 ppb and a maximum 1-h value of 94 ppb. Spatial variability for diurnal O3 trends was found between locations within 5 km of each other with spatial variability between sites more pronounced during nighttime hours. The parallel monitoring was successful in providing the data to develop a relocation strategy with only one relocation site providing a 95% confidence that concentrations would be higher there than at the current site

High precision hybrid RF and ultrasonic chirp-based ranging for low-power IoT nodes

Hybrid acoustic-RF systems offer excellent ranging accuracy, yet they typically come at a power consumption that is too high to meet the energy constraints of mobile IoT nodes. We combine pulse compression and synchronized wake-ups to achieve a ranging solution that limits the active time of the nodes to 1 ms. Hence, an ultra low-power consumption of 9.015 µW for a single measurement is achieved. The operation time is estimated on 8.5 years on a CR2032 coin cell battery at a 1 Hz update rate, which is over 250 times larger than state-of-the-art RF-based positioning systems. Measurements based on a proof-of-concept hardware platform show median distance error values below 10 cm. Both simulations and measurements demonstrate that the accuracy is reduced at low signal-to-noise ratios and when reflections occur. We introduce three methods that enhance the distance measurements at a low extra processing power cost. Hence, we validate in realistic environments that the centimeter accuracy can be obtained within the energy budget of mobile devices and IoT nodes. The proposed hybrid signal ranging system can be extended to perform accurate, low-power indoor positioning