Toward Profiling IoT Processes for Remote Service Attestation

William A. Johnson, John Housley, Sheikh Ghafoor, Stacy Prowell

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The Internet of Things (IoT) is ubiquitous in modern life and is being used very widely in industrial control systems, smart grids, home appliances and many more. IoT devices are used to get information from sensors, process information, and send signals to actuators and controllers. In general these devices form a distributed computing network while in operation. Malware in IoT or any embedded devices is a potential security threat. Detecting malware in such a setting while in operation is non-Trivial, because these low power devices may not have the computational ability to perform traditional security operations. Additionally, an infected device may cause other machines to misbehave by interfering with the data they receive. Remote Attestation is a security service designed to detect an infection in a device well before the malware detonates. Recent works have turned their attention to service attestation, or attesting the service that a network provides, rather than the individual devices themselves. Traditional remote attestation schemes use cryptographic hashing algorithms as evidence, but this approach generates exponentially more hashes as heterogeneous IoT devices are added to the network and their jobs' complexity increases. In this work, we propose an approach to collect the contents of executable virtual memory from an IoT device. We develop a protocol based on our approach that can build a profile of a process running on an IoT device, such evidence can be analyzed automatically with high granularity. We validate our protocol by testing on both a personal computer, and a real-world Industrial IoT device under process injection attacks. Our results show that our protocol will be able to detect small changes to process memory over time, and that an injection as small as one word can be detected and read.

Original languageEnglish
Title of host publication2024 23rd International Symposium on Parallel and Distributed Computing, ISPDC 2024
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798350369199
DOIs
StatePublished - 2024
Event23rd International Symposium on Parallel and Distributed Computing, ISPDC 2024 - Chur, Switzerland
Duration: Jul 8 2024Jul 10 2024

Publication series

Name2024 23rd International Symposium on Parallel and Distributed Computing, ISPDC 2024

Conference

Conference23rd International Symposium on Parallel and Distributed Computing, ISPDC 2024
Country/TerritorySwitzerland
CityChur
Period07/8/2407/10/24

Funding

This manuscript has been authored by UT-Battelle, LLC, under Contract No. DE-AC0500OR22725 with the U.S. Department of Energy. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a nonexclusive, paid-up, irrevocable, worldwide license to publish or reproduce the published form of this manuscript, or allow others to do so, for the United States Government purposes. The Department of Energy will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-Accessplan). The authors are with the Oak Ridge National Laboratory, Oak Ridge, TN 37831 USA. We would also like to thank the Cybercorps Scholarship for Service as well as the Tennessee Tech Cybersecurity Education Research and Outreach Center (CEROC).

FundersFunder number
United States Government
DOE Public Access Plan
U.S. Department of Energy
Tennessee Tech Cybersecurity Education Research and Outreach Center
Cybersecurity Education Research and Outreach Center, Tennessee Technological University

    Keywords

    • IoT Security
    • Malware Detection
    • Remote Attesation
    • Service Attestation

    Fingerprint

    Dive into the research topics of 'Toward Profiling IoT Processes for Remote Service Attestation'. Together they form a unique fingerprint.

    Cite this