Reverse Engineering IoT Devices: Effective Techniques and Methods

Shwartz, Omer; Mathov, Yael; Bohadana, Michael; Elovici, Yuval; Oren, Yossi

doi:10.1109/jiot.2018.2875240

Cited by 31 publications

(15 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… Physical damage: an attacker can prevent a mist node from working properly or can neutralize it completely by totally or partially destroying it. Malicious code injection: by physically accessing the mist node an attacker could change the code controlling the node and achieve total access to the mist layer [ 51 ]. Sleep deprivation attack: an attacker tries to maximize the energy consumption of a node, which can have a massive effect on the overall energy consumption of the mist layer and thus reduce the life of battery-operated nodes [ 52 ].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Practical Evaluation on RSA and ECC-Based Cipher Suites for IoT High-Security Energy-Efficient Fog and Mist Computing Devices

Suárez-Albela

Fraga‐Lamas

Fernández‐Caramés

2018

Sensors

View full text Add to dashboard Cite

The latest Internet of Things (IoT) edge-centric architectures allow for unburdening higher layers from part of their computational and data processing requirements. In the specific case of fog computing systems, they reduce greatly the requirements of cloud-centric systems by processing in fog gateways part of the data generated by end devices, thus providing services that were previously offered by a remote cloud. Thanks to recent advances in System-on-Chip (SoC) energy efficiency, it is currently possible to create IoT end devices with enough computational power to process the data generated by their sensors and actuators while providing complex services, which in recent years derived into the development of the mist computing paradigm. To allow mist computing nodes to provide the previously mentioned benefits and guarantee the same level of security as in other architectures, end-to-end standard security mechanisms need to be implemented. In this paper, a high-security energy-efficient fog and mist computing architecture and a testbed are presented and evaluated. The testbed makes use of Transport Layer Security (TLS) 1.2 Elliptic Curve Cryptography (ECC) and Rivest-Shamir-Adleman (RSA) cipher suites (that comply with the yet to come TLS 1.3 standard requirements), which are evaluated and compared in terms of energy consumption and data throughput for a fog gateway and two mist end devices. The obtained results allow a conclusion that ECC outperforms RSA in both energy consumption and data throughput for all the tested security levels. Moreover, the importance of selecting a proper ECC curve is demonstrated, showing that, for the tested devices, some curves present worse energy consumption and data throughput than other curves that provide a higher security level. As a result, this article not only presents a novel mist computing testbed, but also provides guidelines for future researchers to find out efficient and secure implementations for advanced IoT devices.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Malicious code injection: by physically accessing the mist node an attacker could change the code controlling the node and achieve total access to the mist layer [ 51 ].…”

Section: Related Workmentioning

confidence: 99%

A Practical Evaluation on RSA and ECC-Based Cipher Suites for IoT High-Security Energy-Efficient Fog and Mist Computing Devices

Suárez-Albela

Fraga‐Lamas

Fernández‐Caramés

2018

Sensors

View full text Add to dashboard Cite

show abstract

“…The attacker will need physical access to the device in order to exploit the vulnerability. This existing firmware is used for further analysis as well as reverse-engineering [11]. The attacker can be able to craft the custom firmware and update the flash memory directly by bypassing into any software level checks if any, during normal firmware update process [12].…”

Section: Universal Serial Bus (Usb)mentioning

confidence: 99%

Chip off IoT Devices: Attacks and Mitigations

2019

ijrte

View full text Add to dashboard Cite

Internet of Things (IoT) is the most emerging field in Information Technology. IoT will make real-world objects into virtual objects and allows them to be sensed remotely. The IoT biological community is changing and getting to be appealing over a more extensive scope of controls, consequently their development in prevalent innovation. Security and protection are the key issues for IoT applications and still face some huge difficulties. Pervasive IoT gadgets have genuine security suggestions as they happen in extensive numbers, are topographically dispersed and can be hard to physically verify. These gadgets may contain touchy or economically profitable information making them appealing to different types of assault. It is discovered that a large portion of the gadgets is defenseless against assaults on hardware, firmware as well as web interface level. In this paper, vulnerabilities due to Insufficient Security Configurability, Insecure Firmware, Security Misconfiguration of IoT devices, recommendations for those vulnerabilities and an approach to reproduce those attacks is explained so as to provide better security to IoT Devices.

show abstract

“…Another important aspect of IoT security is that IoT nodes must be robust against the use of reverse engineering [15,16] and/or malware such as the Mirai botnet [17]. Thus, it is necessary to ensure the integrity and authenticity of user data in addition to its confidentiality.…”

Section: Introductionmentioning

confidence: 99%

Embedded LUKS (E-LUKS): A Hardware Solution to IoT Security

Cano-Quiveu

Ruiz-de-Clavijo-Vazquez

Bellido

et al. 2021

Electronics

View full text Add to dashboard Cite

The Internet of Things (IoT) security is one of the most important issues developers have to face. Data tampering must be prevented in IoT devices and some or all of the confidentiality, integrity, and authenticity of sensible data files must be assured in most practical IoT applications, especially when data are stored in removable devices such as microSD cards, which is very common. Software solutions are usually applied, but their effectiveness is limited due to the reduced resources available in IoT systems. This paper introduces a hardware-based security framework for IoT devices (Embedded LUKS) similar to the Linux Unified Key Setup (LUKS) solution used in Linux systems to encrypt data partitions. Embedded LUKS (E-LUKS) extends the LUKS capabilities by adding integrity and authentication methods, in addition to the confidentiality already provided by LUKS. E-LUKS uses state-of-the-art encryption and hash algorithms such as PRESENT and SPONGENT. Both are recognized as adequate solutions for IoT devices being PRESENT incorporated in the ISO/IEC 29192-2:2019 for lightweight block ciphers. E-LUKS has been implemented in modern XC7Z020 FPGA chips, resulting in a smaller hardware footprint compared to previous LUKS hardware implementations, a footprint of about a 10% of these LUKS implementations, making E-LUKS a great alternative to provide Full Disk Encryption (FDE) alongside authentication to a wide range of IoT devices.

show abstract

Reverse Engineering IoT Devices: Effective Techniques and Methods

Cited by 31 publications

References 17 publications

A Practical Evaluation on RSA and ECC-Based Cipher Suites for IoT High-Security Energy-Efficient Fog and Mist Computing Devices

A Practical Evaluation on RSA and ECC-Based Cipher Suites for IoT High-Security Energy-Efficient Fog and Mist Computing Devices

Chip off IoT Devices: Attacks and Mitigations

Embedded LUKS (E-LUKS): A Hardware Solution to IoT Security

Contact Info

Product

Resources

About