Abstract
The Internet of Things (IoT) is ubiquitous in modern life and is being used very widely in industrial control systems, smart grids, home appliances and many more. IoT devices are used to get information from sensors, process information, and send signals to actuators and controllers. In general these devices form a distributed computing network while in operation. Malware in IoT or any embedded devices is a potential security threat. Detecting malware in such a setting while in operation is non-Trivial, because these low power devices may not have the computational ability to perform traditional security operations. Additionally, an infected device may cause other machines to misbehave by interfering with the data they receive. Remote Attestation is a security service designed to detect an infection in a device well before the malware detonates. Recent works have turned their attention to service attestation, or attesting the service that a network provides, rather than the individual devices themselves. Traditional remote attestation schemes use cryptographic hashing algorithms as evidence, but this approach generates exponentially more hashes as heterogeneous IoT devices are added to the network and their jobs' complexity increases. In this work, we propose an approach to collect the contents of executable virtual memory from an IoT device. We develop a protocol based on our approach that can build a profile of a process running on an IoT device, such evidence can be analyzed automatically with high granularity. We validate our protocol by testing on both a personal computer, and a real-world Industrial IoT device under process injection attacks. Our results show that our protocol will be able to detect small changes to process memory over time, and that an injection as small as one word can be detected and read.
| Original language | English |
|---|---|
| Title of host publication | 2024 23rd International Symposium on Parallel and Distributed Computing, ISPDC 2024 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| ISBN (Electronic) | 9798350369199 |
| DOIs | |
| State | Published - 2024 |
| Event | 23rd International Symposium on Parallel and Distributed Computing, ISPDC 2024 - Chur, Switzerland Duration: Jul 8 2024 → Jul 10 2024 |
Publication series
| Name | 2024 23rd International Symposium on Parallel and Distributed Computing, ISPDC 2024 |
|---|
Conference
| Conference | 23rd International Symposium on Parallel and Distributed Computing, ISPDC 2024 |
|---|---|
| Country/Territory | Switzerland |
| City | Chur |
| Period | 07/8/24 → 07/10/24 |
Funding
This manuscript has been authored by UT-Battelle, LLC, under Contract No. DE-AC0500OR22725 with the U.S. Department of Energy. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a nonexclusive, paid-up, irrevocable, worldwide license to publish or reproduce the published form of this manuscript, or allow others to do so, for the United States Government purposes. The Department of Energy will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-Accessplan). The authors are with the Oak Ridge National Laboratory, Oak Ridge, TN 37831 USA. We would also like to thank the Cybercorps Scholarship for Service as well as the Tennessee Tech Cybersecurity Education Research and Outreach Center (CEROC).
Keywords
- IoT Security
- Malware Detection
- Remote Attesation
- Service Attestation