On-chip system call tracing: A feasibility study and open prototype

Several tools for program tracing and introspection exist. These tools can be used to analyze potentially malicious or untrusted programs. In this setting, it is important to prevent that the target program determines whether it is being traced or not. This is typically achieved by minimizing the code of the introspection routines and any artifact or side-effect that the program can leverage. Indeed, the most recent approaches consist of lightly instrumented operating systems or thin hypervisors running directly on bare metal. Following this research trend, we investigate the feasibility of transparently tracing a Linux/ARM program without modifying the software stack, while keeping the analysis cost and flexibility compatible with state of the art emulation- or baremetal- based approaches. As for the typical program tracing task, our goal is to reconstruct the stream of system call invocations along with the respective un-marshalled arguments. We propose to leverage the availability of on-chip debugging interfaces of modern ARM systems, which are accessible via JTAG. More precisely, we developed OpenST, an open-source prototype tracer that allowed us to analyze the performance overhead and to assess the transparency with respect to evasive, real-world malicious programs. OpenST has two tracing modes: In-kernel dynamic tracing and external tracing. The in-kernel dynamic tracing mode uses the JTAG interface to \u201chot-patch\u201d the system calls at runtime, injecting introspection code. This mode is more transparent than emulator based approaches, but assumes that the traced program does not have access to the kernel memory\u2014where the introspection code is loaded. The external tracing mode removes this assumption by using the JTAG interface to manage hardware breakpoints. Our tests show that OpenST\u2019s greater transparency comes at the price of a steep performance penalty. However, with a cost model, we show that OpenST scales better than the state of the art, bare-metal-based approach, while remaining equally stealthy to evasive malware

Intrusion Detection and Prevention in CoAP Wireless Sensor Networks Using Anomaly Detection

It is well recognized that security will play a major role in enabling most of the applications envisioned for the Internet of Things (IoT). We must also note that most of such applications will employ sensing and actuating devices integrated with the Internet communications infrastructure and, from the minute such devices start to support end-to-end communications with external (Internet) hosts, they will be exposed to all kinds of threats and attacks. With this in mind, we propose an IDS framework for the detection and prevention of attacks in the context of Internet-integrated CoAP communication environments and, in the context of this framework, we implement and experimentally evaluate the effectiveness of anomaly-based intrusion detection, with the goal of detecting Denial of Service (DoS) attacks and attacks against the 6LoWPAN and CoAP communication protocols. From the results obtained in our experimental evaluation we observe that the proposed approach may viably protect devices against the considered attacks. We are able to achieve an accuracy of 93% considering the multi-class problem, thus when the pattern of specific intrusions is known. Considering the binary class problem, which allows us to recognize compromised devices, and though a lower accuracy of 92% is observed, a recall and an F_Measure of 98% were achieved. As far as our knowledge goes, ours is the first proposal targeting the usage of anomaly detection and prevention approaches to deal with application-layer and DoS attacks in 6LoWPAN and CoAP communication environments

Energy-Aware Security Adaptation for Low-Power IoT Applications

The constant evolution in communication infrastructures will enable new Internet of Things (IoT) applications, particularly in areas that, up to today, have been mostly enabled by closed or proprietary technologies. Such applications will be enabled by a myriad of wireless communication technologies designed for all types of IoT devices, among which are the Long-Range Wide-Area Network (LoRaWAN) or other Low-power and Wide-Area Networks (LPWAN) communication technologies. This applies to many critical environments, such as industrial control and healthcare, where wireless communications are yet to be broadly adopted. Two fundamental requirements to effectively support upcoming critical IoT applications are those of energy management and security. We may note that those are, in fact, contradictory goals. On the one hand, many IoT devices depend on the usage of batteries while, on the other hand, adequate security mechanisms need to be in place to protect devices and communications from threats against their stability and security. With thismotivation in mind, we propose a solution to address the management, in tandem, of security and energy in LoRaWAN IoT communication environments. We propose and evaluate an architecture in the context of which adaptation logic is used to manage security and energy dynamically, with the goal of guaranteeing appropriate security, while promoting the lifetime of constrained sensing devices. The proposed solution was implemented and experimentally evaluated and was observed to successfully manage security and energy. Security and energy are managed in line with the requirements of the application at hand, the characteristics of the constrained sensing devices employed and the detection, as well as the threat, of particular types of attacks

An Intrusion Detection and Prevention Framework for Internet-Integrated CoAP WSN

End-to-end communications between Internet devices and Internet-integrated constrained wireless sensing platforms will provide an important contribution to the enabling of many of the envisioned IoT applications and, in this context, security must be addressed when employing communication technologies such as 6LoWPAN and CoAP. Considering the constraints typically found on sensing devices in terms of energy, memory, and computational capability, the integration of Wireless Sensor Networks (WSN) with the Internet using such technologies will open new threats and attacks that must be dealt with, particularly those originated at devices without the constraints of WSN sensors (e.g., Internet hosts). Existing encryption strategies for communications in IoT environments are unable to protect Internet-integrated WSN environments from Denial of Service (DoS) attacks, as well as from other forms of attacks at the network and application layers using CoAP. We may thus fairly consider that anomaly and intrusion detection will play a major role in the materialization of most of the envisioned IoT applications. In this article, we propose a framework to support intrusion detection and reaction in Internet-integrated CoAP WSN, and in the context of this framework we design and implement various approaches to support security against various classes of attacks. We have implemented and evaluated experimentally the proposed framework and mechanisms, considering various attack scenarios, and our approach was found to be viable, from the point of view of its impact on critical resources of sensing devices and of its efficiency in dealing with the considered attacks

Energy-Aware Security Adaptation for Low-Power IoT Applications

The constant evolution in communication infrastructures will enable new Internet of Things (IoT) applications, particularly in areas that, up to today, have been mostly enabled by closed or proprietary technologies. Such applications will be enabled by a myriad of wireless communication technologies designed for all types of IoT devices, among which are the Long-Range Wide-Area Network (LoRaWAN) or other Low-power and Wide-Area Networks (LPWAN) communication technologies. This applies to many critical environments, such as industrial control and healthcare, where wireless communications are yet to be broadly adopted. Two fundamental requirements to effectively support upcoming critical IoT applications are those of energy management and security. We may note that those are, in fact, contradictory goals. On the one hand, many IoT devices depend on the usage of batteries while, on the other hand, adequate security mechanisms need to be in place to protect devices and communications from threats against their stability and security. With thismotivation in mind, we propose a solution to address the management, in tandem, of security and energy in LoRaWAN IoT communication environments. We propose and evaluate an architecture in the context of which adaptation logic is used to manage security and energy dynamically, with the goal of guaranteeing appropriate security, while promoting the lifetime of constrained sensing devices. The proposed solution was implemented and experimentally evaluated and was observed to successfully manage security and energy. Security and energy are managed in line with the requirements of the application at hand, the characteristics of the constrained sensing devices employed and the detection, as well as the threat, of particular types of attacks

Security and Privacy for Mobile IoT Applications Using Blockchain

Internet of Things (IoT) applications are becoming more integrated into our society and daily lives, although many of them can expose the user to threats against their privacy. Therefore, we find that it is crucial to address the privacy requirements of most of such applications and develop solutions that implement, as far as possible, privacy by design in order to mitigate relevant threats. While in the literature we may find innovative proposals to enhance the privacy of IoT applications, many of those only focus on the edge layer. On the other hand, privacy by design approaches are required throughout the whole system (e.g., at the cloud layer), in order to guarantee robust solutions to privacy in IoT. With this in mind, we propose an architecture that leverages the properties of blockchain, integrated with other technologies, to address security and privacy in the context of IoT applications. The main focus of our proposal is to enhance the privacy of the users and their data, using the anonymisation properties of blockchain to implement user-controlled privacy. We consider an IoT application with mobility for smart vehicles as our usage case, which allows us to implement and experimentally evaluate the proposed architecture and mechanisms as a proof of concept. In this application, data related to the user’s identity and location needs to be shared with security and privacy. Our proposal was implemented and experimentally validated in light of fundamental privacy and security requirements, as well as its performance. We found it to be a viable approach to security and privacy in IoT environments

An Intrusion Detection and Prevention Framework for Internet-Integrated CoAP WSN

End-to-end communications between Internet devices and Internet-integrated constrained wireless sensing platforms will provide an important contribution to the enabling of many of the envisioned IoT applications and, in this context, security must be addressed when employing communication technologies such as 6LoWPAN and CoAP. Considering the constraints typically found on sensing devices in terms of energy, memory, and computational capability, the integration of Wireless Sensor Networks (WSN) with the Internet using such technologies will open new threats and attacks that must be dealt with, particularly those originated at devices without the constraints of WSN sensors (e.g., Internet hosts). Existing encryption strategies for communications in IoT environments are unable to protect Internet-integrated WSN environments from Denial of Service (DoS) attacks, as well as from other forms of attacks at the network and application layers using CoAP. We may thus fairly consider that anomaly and intrusion detection will play a major role in the materialization of most of the envisioned IoT applications. In this article, we propose a framework to support intrusion detection and reaction in Internet-integrated CoAP WSN, and in the context of this framework we design and implement various approaches to support security against various classes of attacks. We have implemented and evaluated experimentally the proposed framework and mechanisms, considering various attack scenarios, and our approach was found to be viable, from the point of view of its impact on critical resources of sensing devices and of its efficiency in dealing with the considered attacks

A Survey of Key Bootstrapping Protocols Based on Public Key Cryptography in the Internet of Things

The Internet of Things envisages connecting all physical objects or things to the Internet, using devices as diverse as smartphones, coffee makers, washing machines, automobiles, lamps, and wearable devices, among many others. The explosive growth of Internet-connected sensing and actuating devices has bridged the gap between the physical and the digital world, with new solutions bringing bene ts to people, processes, and businesses. However, security will be a major challenge in enabling most of such applications. The lack of secure links exposes data exchanged by devices to theft and attacks, with hackers already showing a keen interest in this area. Secure communication in the IoT will require a multifaceted approach, in particular, targeting aspects as relevant as the communications' protocols and data that need to be secured. One of the major aspects among these is how keys are bootstrapped in devices, for the purpose of supporting secure communications. In this paper, we survey the state of the art in key bootstrapping protocols based on public-key cryptography in the Internet of Things. Due to its inherent scalability, such protocols are particularly relevant for the implementation of distributed identity and trust management mechanisms on the IoT, in the context of which devices may be authenticated and trusted. The reviewed proposals are analyzed and classi ed on the basis of the key delivery method, the underlying cryptographic primitive, and the authentication mechanism supported.We also identify and discuss the main challenges of implementing such methods in the context of IoT applications and devices, together with the main avenues for conducting further research in the area