A taxonomy of IoT firmware security and principal firmware analysis techniques

Nadir, Ibrahim; Mahmood, Haroon; Asadullah, Ghalib

doi:10.1016/j.ijcip.2022.100552

Cited by 25 publications

(12 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In fact, several attacks, such as the Mirai attacks, [13,14] have caused enormous revenue losses and, as a result, identifying IoT device-level vulnerabilities [64] has emerged as a serious challenge. Similarly, the quantity of literature review papers published in recent years [16,19,21,[24][25][26][27][28][29][30][31][32][33][34][35]65,89] corroborates the increasing research interest in IoT vulnerability. Figure 7 shows the trends in research publication by type.…”

Section: Analysis Of Research Trends In Iot Vulnerability Assessmentmentioning

confidence: 58%

Analysis of Consumer IoT Device Vulnerability Quantification Frameworks

Baho

Abawajy

2023

Electronics

View full text Add to dashboard Cite

The increasing deployment of Internet of Things (IoT) devices in mission-critical systems has made them more appealing to attackers. Cyberattacks on IoT devices have the potential to expose sensitive data, disrupt operations, and even endanger lives. As a result, IoT security has recently gained traction in both industry and academia. However, no research has examined existing IoT vulnerability assessment frameworks in a systematic and comprehensive manner. To address this gap, this paper systematically reviews and analyses the research challenges and state-of-the-art IoT vulnerability assessment frameworks while taking into account both breadth and depth. The study provides insight into current IoT vulnerability assessment approaches, which is useful for ongoing efforts to characterise cybersecurity risks and manage IoT vulnerabilities. It will be of interest to a spectrum of readers, including those in the IoT research community, researchers in cybersecurity, risk and vulnerability management professionals, and others. By offering the latest perspective on the present IoT vulnerability assessment techniques, this study will raise IoT security awareness and facilitate research into IoT vulnerability assessment methodologies. The knowledge provided by this study will also be beneficial to future academics who are interested in the issues and solutions surrounding IoT security. The report also assists in understanding the research direction in IoT vulnerability assessment approaches, making it beneficial for those looking to create new methods for determining IoT vulnerabilities.

show abstract

Section: Analysis Of Research Trends In Iot Vulnerability Assessmentmentioning

confidence: 58%

Analysis of Consumer IoT Device Vulnerability Quantification Frameworks

Baho

Abawajy

2023

Electronics

View full text Add to dashboard Cite

show abstract

“…The authentication process identifies the device, whereas authorization grants permissions and both of these must exist in IoT devices to perform their roles. The result of these types of attacks could be unauthorized access and access to the network boundaries that connect within the device [27][28][29].…”

Section: Insecure Interfacesmentioning

confidence: 99%

“…Consists of unconfigured firmware, unencrypted delivery, no anti-rollback mechanisms, and no notifications of security updates, which leads to exploit the threat on the IoT software. For instance, the software updates can be replaced with malicious code by an attacker if there is an unsecured update mechanism [27,30,31].…”

Section: Lack Of Update Mechanismmentioning

confidence: 99%

Machine-Learning-Based Vulnerability Detection and Classification in Internet of Things Device Security

Hulayyil,

Li,

2023

Electronics

View full text Add to dashboard Cite

Detecting cyber security vulnerabilities in the Internet of Things (IoT) devices before they are exploited is increasingly challenging and is one of the key technologies to protect IoT devices from cyber attacks. This work conducts a comprehensive survey to investigate the methods and tools used in vulnerability detection in IoT environments utilizing machine learning techniques on various datasets, i.e., IoT23. During this study, the common potential vulnerabilities of IoT architectures are analyzed on each layer and the machine learning workflow is described for detecting IoT vulnerabilities. A vulnerability detection and mitigation framework was proposed for machine learning-based vulnerability detection in IoT environments, and a review of recent research trends is presented.

show abstract

“…With the exponential increase of connected devices and data volume, security has become an escalating challenge in IoT. Specifically, introduction of new security updates to IoT devices after the manufacturing stage is not only difficult but also often overlooked [6][7][8].…”

Section: Introductionmentioning

confidence: 99%

Security-enhanced firmware management scheme for smart home IoT devices using distributed ledger technologies

Wijesundara

Lee

Tith

et al. 2023

Preprint

View full text Add to dashboard Cite

With the increase of IoT devices generating large amounts of user sensitive data, improper firmware harms users' security and privacy. Latest home appliances are integrated with features to assure compatibility with smart home IoT. However, applying complex security mechanisms to IoT is limited by device hardware capabilities, making them vulnerable to attacks. Such attacks have recently become frequent. To address this issue, we developed a secure verification mechanism for firmware released by the device's manufacturer. We proposed an IoT gateway for secure firmware verification and updating for smart home IoT devices utilizing the IOTA MAM (Masked Authenticated Messaging) protocol and a distributed file system with IPFS (Inter-Planetary File System) protocol. These two communication protocols ensure decentralized communication and firmware file distribution between the IoT device vendor and the IoT end device. The proposed scheme securely shares latest firmware content over IOTA and IPFS networks, performs a secure firmware update on IoT end devices and ensures authenticity and integrity of the firmware. Two types of validation methods were proposed for firmware updating and validation. We implemented the proposed scheme using three entities, Vendor, IoT gateway, and IoT end device. Our system yielded promising results in performing secure automated firmware updates on IoT end devices with very low computational power. The system's functionality was implemented using IOTA's MAM run on Raspberry-Pi as an IoT gateway along with an ESP8266 Wi-Fi microcontroller, demonstrating the effectiveness of our approach. Our proposed methodology can be used for secure firmware distribution on home IoT applications.

show abstract

A taxonomy of IoT firmware security and principal firmware analysis techniques

Cited by 25 publications

References 48 publications

Analysis of Consumer IoT Device Vulnerability Quantification Frameworks

Analysis of Consumer IoT Device Vulnerability Quantification Frameworks

Machine-Learning-Based Vulnerability Detection and Classification in Internet of Things Device Security

Security-enhanced firmware management scheme for smart home IoT devices using distributed ledger technologies

Contact Info

Product

Resources

About