Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images

In today’s era of the Internet of Things, we are surrounded by security- and safety-critical, network-connected devices. In parallel with the rise in attacks on such devices, we have also seen an increase in devices that are abandoned, reached the end of their support periods, or will not otherwise receive future security updates. While this issue exists for a wide array of devices, those that use monolithic firmware, where the code and data are opaquely intermixed, have traditionally been difficult to examine and protect. In this paper, we explore the challenges of retrofitting monolithic firmware images with new security measures. First, we outline the steps any analyst must take to retrofit firmware, and show that previous work is missing crucial aspects of the process, which are required for a practical solution. We then automate three of these aspects-locating attacker-controlled input, a safe retrofit injection location, and self-checks preventing modifications-through the use of novel automated program analysis techniques. We assemble these analyses into a system, Shimware, that can simplify and facilitate the process of creating a retrofitted firmware image, once the vulnerability is identified. To evaluate Shimware, we employ both a synthetic evaluation and actual retrofitting of three case study devices: a networked bench power supply, a Bluetooth-enabled cardiac implant monitor, and a high-end programmable logic controller (PLC). Not only could our system identify the correct sources of input, injection locations, and self-checks, but it injected payloads to correct serious safety and security-critical vulnerabilities in these devices.</p

Towards Artificial General Intelligence (AGI) in the Internet of Things (IoT): Opportunities and Challenges

Artificial General Intelligence (AGI), possessing the capacity to comprehend, learn, and execute tasks with human cognitive abilities, engenders significant anticipation and intrigue across scientific, commercial, and societal arenas. This fascination extends particularly to the Internet of Things (IoT), a landscape characterized by the interconnection of countless devices, sensors, and systems, collectively gathering and sharing data to enable intelligent decision-making and automation. This research embarks on an exploration of the opportunities and challenges towards achieving AGI in the context of the IoT. Specifically, it starts by outlining the fundamental principles of IoT and the critical role of Artificial Intelligence (AI) in IoT systems. Subsequently, it delves into AGI fundamentals, culminating in the formulation of a conceptual framework for AGI's seamless integration within IoT. The application spectrum for AGI-infused IoT is broad, encompassing domains ranging from smart grids, residential environments, manufacturing, and transportation to environmental monitoring, agriculture, healthcare, and education. However, adapting AGI to resource-constrained IoT settings necessitates dedicated research efforts. Furthermore, the paper addresses constraints imposed by limited computing resources, intricacies associated with large-scale IoT communication, as well as the critical concerns pertaining to security and privacy

Security Risk Management for the Internet of Things

In recent years, the rising complexity of Internet of Things (IoT) systems has increased their potential vulnerabilities and introduced new cybersecurity challenges. In this context, state of the art methods and technologies for security risk assessment have prominent limitations when it comes to large scale, cyber-physical and interconnected IoT systems. Risk assessments for modern IoT systems must be frequent, dynamic and driven by knowledge about both cyber and physical assets. Furthermore, they should be more proactive, more automated, and able to leverage information shared across IoT value chains. This book introduces a set of novel risk assessment techniques and their role in the IoT Security risk management process. Specifically, it presents architectures and platforms for end-to-end security, including their implementation based on the edge/fog computing paradigm. It also highlights machine learning techniques that boost the automation and proactiveness of IoT security risk assessments. Furthermore, blockchain solutions for open and transparent sharing of IoT security information across the supply chain are introduced. Frameworks for privacy awareness, along with technical measures that enable privacy risk assessment and boost GDPR compliance are also presented. Likewise, the book illustrates novel solutions for security certification of IoT systems, along with techniques for IoT security interoperability. In the coming years, IoT security will be a challenging, yet very exciting journey for IoT stakeholders, including security experts, consultants, security research organizations and IoT solution providers. The book provides knowledge and insights about where we stand on this journey. It also attempts to develop a vision for the future and to help readers start their IoT Security efforts on the right foot

Internet of Things (IoT) for Automated and Smart Applications

Internet of Things (IoT) is a recent technology paradigm that creates a global network of machines and devices that are capable of communicating with each other. Security cameras, sensors, vehicles, buildings, and software are examples of devices that can exchange data between each other. IoT is recognized as one of the most important areas of future technologies and is gaining vast recognition in a wide range of applications and fields related to smart homes and cities, military, education, hospitals, homeland security systems, transportation and autonomous connected cars, agriculture, intelligent shopping systems, and other modern technologies. This book explores the most important IoT automated and smart applications to help the reader understand the principle of using IoT in such applications

BotSpine - A Generic Simple Development Platform of Smartphones and Sensors or Robotics

The Internet of Things (IoT) emergence leads to an “intelligence” technology revolution in industrial, social, environmental and almost every aspect of life and objectives. Sensor and actuators are heavily employed in industrial production and, under the trend of IoT, smart sensors are in great demand. Smartphones stand out from other computing terminals as a result of their incomparable popularity, mobility and computer comparable computing capability. However, current IoT designs are developed among diverse platforms and systems and are usually specific to applications and patterns. There is no a standardized developing interface between smartphones and sensors/electronics that is facile and rapid for either developers or consumers to connect and control through smartphones. The goal of this thesis is to develop a simple and generic platform interconnecting smartphones and sensors and/or robotics, allowing users to develop, monitor and control all types of sensors, robotics or customer electronics simply over their smartphones through the developed platform. The research is in cooperation with a local company, Environmental Instruments Canada Inc. From the perspective of research and industrial interests, the proposed platform is designed for generally applicable, low cost, low energy, easily programmed, and smartphone based sensor and/or robotic development purposes. I will build a platform interfacing smartphones and sensors including hardware, firmware structures and software application. The platform is named BotSpine and it provides an energy-efficient real-time wireless communication. This thesis also implements BotSpine by redesigning a radon sniffer robot with the developed interface, demonstrated that BotSpine is able to achieve expectations. BotSpine performs a fast and secure connection with smartphones and its command/BASIC program features render controlling and developing robotics and electronics easy and simple

Low-Cost Digitalization Solution through Scalable IIoT Prototypes

Industry 4.0 is fast becoming a mainstream goal, and many companies are lining up to join the Fourth Industrial Revolution. Small and medium-sized enterprises, especially in the manufacturing industry, are the most heavily challenged in adopting new technology. One of the reasons why these enterprises are lagging behind is the motivation of the key personnel, the decision-makers. The factories in question often do not have a pressing need for advancing to Industry 4.0 and are wary of the risk in doing so. The authors present a rapid, low-cost prototyping solution for the manufacturing companies with legacy machinery intending to adopt the Industry 4.0 paradigm with a low-risk initial step. The legacy machines are retrofitted through the Industrial Internet of Things, making these machines both connectable and capable of providing data, thus enabling process monitoring. The machine chosen as the digitization target was not connectable, and the retrofit was extensive. The choice was made to present the benefits of digitization to the stakeholders quickly and effectively. Indeed, the solution provides immediate results within manufacturing industrial settings, with the ultimate goal being the digital transformation of the entire factory. This work presents an implementation cycle for digitizing an industrial broaching machine, supported by state-of-the-art literature analysis. The methodology utilized in this work is based on the well-known DMAIC strategy customized for the specifics of this case study