Abstract
The Internet of Things (IoT) is playing an important role in different aspects of our lives. Smart grids, smart cars, and medical devices all incorporate IoT devices as key components. The ubiquity and criticality of these devices make them an attractive target for attackers. Therefore, we need techniques to analyze their security so that we can address their potential vulnerabilities. IoT devices, unlike remote servers, are user-facing and, therefore, an attacker may interact with them more extensively, e.g., via physical access. Existing techniques for analyzing security of IoT devices either rely on a pre-defined set of attacks and, therefore, have limited effect or do not consider the specific capabilities the attackers have against IoT devices.
Security analysis techniques may operate at the design-level, leveraging abstraction to avoid state-space explosion, or at the code-level for ensuring accuracy. In this article, we introduce two techniques, one at the design-level, and the other at the code-level, to analyze security of IoT devices, and compare their effectiveness. The former technique uses model checking, while the latter uses symbolic execution, to find attacks based on the attacker’s capabilities. We evaluate our techniques on an open source smart meter. We find that our code-level analysis technique is able to find three times more attacks and complete the analysis in half the time, compared to the design-level analysis technique, with no false positives.
- 2017. In-Stat and NDP Group Company. Retrieved from http://www.instat.com/press.asp?ID=33528sku=IN1104731WH.Google Scholar
- 2017. Smart Energy Groups Home Page. Retrieved from http://smartenergygroups.com.Google Scholar
- 2017. Acunetix Web Application Security Scanner. Retrieved from http://www.acunetix.com/.Google Scholar
- 2017. Clang: A C Language Family Frontend for LLVM. Retrieved from https://clang.llvm.org/.Google Scholar
- 2017. FBI: Smart Meter Hacks Likely to Spread. Retrieved from http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/.Google Scholar
- 2017. Hacking Humans. Retrieved from http://blog.kaspersky.com/hacking-humans/.Google Scholar
- 2017. Hacking Medical Devices for Fun and Insulin: Breaking the Human. Retrieved from https://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf.Google Scholar
- 2017. HP WebInspect. Retrieved from http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/index.html.Google Scholar
- 2017. IBM Security AppScan. Retrieved from http://www-03.ibm.com/software/products/en/appscan.Google Scholar
- 2017. Arduino home page. Retrieved July 31, 2017 from http://www.arduino.cc.Google Scholar
- 2017. UK Department of Energy, Smart Meter Design Document. Retrieved July 31, 2017 from https://www.ofgem.gov.uk/ofgem-publications/63541/smart-metering-prospectus.pdf.Google Scholar
- 2017. National Vulnerability Database. Retrieved from https://nvd.nist.gov/.Google Scholar
- 2017. SymbolicLua. Retrieved from https://github.com/kohyatoh/symboliclua.Google Scholar
- Martín Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security. ACM, 340--353.Google Scholar
Digital Library
- Barry Boehm and Victor R. Basili. 2005. Software defect reduction top 10 list. Foundations of Empirical Software Engineering: The Legacy of Victor R. Basili 426 (2005), 37.Google Scholar
- Barry W. Boehm. 1988. Understanding and controlling software costs. J. Parametrics 8, 1 (1988), 32--68.Google Scholar
Cross Ref
- S. Brinkhaus, D. Carluccio, U. Greveler, D. B. Justus, and C. Wegener. 2011. Smart Hacking for Privacy. In 28th Chaos Communication Congress. Berlin, Germany.Google Scholar
- Eric J. Byres, Matthew Franz, and Darrin Miller. 2004. The use of attack trees in assessing vulnerabilities in SCADA systems. In Proceedings of the International Infrastructure Survivability Workshop. Citeseer.Google Scholar
- Cristian Cadar, Daniel Dunbar, Dawson R. Engler, et al. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, Vol. 8. 209--224. Google Scholar
Digital Library
- Shuo Chen, Jun Xu, Nithin Nakka, Zbigniew Kalbarczyk, and Ravishankar K. Iyer. 2005. Defeating memory corruption attacks via pointer taintedness detection. In DSN 2005. IEEE, 378--387. Google Scholar
Digital Library
- Manuel Clavel, Francisco Durán, Steven Eker, Patrick Lincoln, Narciso Martí-Oliet, José Meseguer, and Carolyn Talcott. 2007. All About Maude-a High-performance Logical Framework: How to Specify, Program and Verify Systems in Rewriting Logic. Springer-Verlag. Google Scholar
Digital Library
- Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution. In USENIX Security Symposium. 463--478. Google Scholar
Digital Library
- Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337--340. Google Scholar
Digital Library
- Stéphanie Delaune, Steve Kremer, and Graham Steel. 2010. Formal security analysis of PKCS# 11 and proprietary extensions. J. Comput. Secur. 18, 6 (2010), 1211--1245. Google Scholar
Digital Library
- K. Fehrenbacher. 2010. Smart Meter Worm Could Spread Like a Virus. Retrieved from http://earth2tech.com/2009/07/31/smart-meter-worm-could-spread-like-a-virus/.Google Scholar
- Eduardo Fernandez, Juan Pelaez, and Maria Larrondo-Petrie. 2007. Attack patterns: A new forensic and design tool. In Advances in Digital Forensics III. Springer, 345--357.Google Scholar
- Michael Gegick and Laurie Williams. 2005. Matching attack patterns to security vulnerabilities in software-intensive system designs. ACM SIGSOFT Software Eng. Notes 30, 4 (2005), 1--7. Google Scholar
Digital Library
- David Gries. 2012. The Science of Programming. Springer Science 8 Business Media.Google Scholar
- itron. 2018. Retrieved from https://www.itron.com/.Google Scholar
- Somesh Jha, Oleg Sheyner, and Jeannette Wing. 2002. Two formal analyses of attack graphs. In Proceedings of the 15th IEEE Computer Security Foundations Workshop. IEEE, 49--63. Google Scholar
Digital Library
- Department of Energy and Climate Change and the Office of Gas and Electricity Markets. 2011. Smart Metering Implementation Programm. Retrieved July 31, 2017 from http://www.ofgem.gov.uk/e-serve/sm/Documentation/Documents1/Design20Requirements.pdf.Google Scholar
- Himanshu Khurana, Mark Hadley, Ning Lu, and Deborah A. Frincke. 2010. Smart-grid security issues. IEEE Secur. Privacy (2010), 81--85. Google Scholar
Digital Library
- Christoph Klemenjak, Dominik Egarter, and Wilfried Elmenreich. 2015. YoMo: The Arduino-based smart metering board. Comput. Sci. Res. Dev. (2015), 1--7. Google Scholar
Digital Library
- Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. 2010. Experimental security analysis of a modern automobile. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP’10). IEEE Computer Society, Washington, DC, 447--462. Google Scholar
Digital Library
- landis. 2018. Retrieved from https://www.landisgyr.com/.Google Scholar
- N. Lewson. 2010. Smart Meter Crypto Flaw Worse Than Thought. Retrieved July 31, 2017 from http://rdist.root.org/2010/01/11/smart-meter-crypto-flaw-worse-than-thought.Google Scholar
- Lanchao Liu, Mohammad Esmalifalak, Qifeng Ding, Valentine A Emesih, and Zhu Han. 2014. Detecting false data injection attacks on power grid by sparse optimization. IEEE Trans. Smart Grid 5, 2 (2014), 612--621.Google Scholar
Cross Ref
- Narciso Martí-Oliet and José Meseguer. 1996. Rewriting logic as a logical and semantic framework. Electronic Notes in Theoretical Computer Science 4 (1996), 190--225.Google Scholar
Cross Ref
- Petr Matousek, Jaroslav Ráb, Ondrej Rysavy, and Miroslav Svéda. 2008. A formal model for network-wide security analysis. In ECBS 2008. IEEE, 171--181. Google Scholar
Digital Library
- Sjouke Mauw and Martijn Oostdijk. 2006. Foundations of attack trees. In Information Security and Cryptology-ICISC 2005. Springer, 186--198. Google Scholar
Digital Library
- P. McDaniel and S. McLaughlin. 2009. Security and privacy challenges in the smart grid. IEEE S&P (2009), 75--77. Google Scholar
Digital Library
- Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel. 2010. Energy theft in the advanced metering infrastructure. In Critical Information Infrastructures Security. Springer, 176--187. Google Scholar
Digital Library
- Stephen McLaughlin, Dmitry Podkuiko, Sergei Miadzvezhanka, Adam Delozier, and Patrick McDaniel. 2010. Multi-vendor penetration testing in the advanced metering infrastructure. In Proceedings of ACSAC’10. ACM, 107--116. Google Scholar
Digital Library
- Marino Miculan and Caterina Urban. 2011. Formal analysis of Facebook connect single sign-on authentication protocol. In SOFSEM, Vol. 11. Citeseer, 22--28.Google Scholar
- Barton P. Miller, Louis Fredriksen, and Bryan So. 1990. An empirical study of the reliability of UNIX utilities. Commun. ACM 33, 12 (1990), 32--44. Google Scholar
Digital Library
- Farid Molazem and Karthik Pattabiraman. 2012. A model for security analysis of smart meters. In WRAITS, Dependable Systems and Networks Workshops (DSN-W).Google Scholar
- Farid Molazem and Karthik Pattabiraman. 2016. Formal security analysis of smart embedded systems. In Proceedings of the 2016 Annual Computer Security Applications Conference (ACSAC’16). IEEE Computer Society.Google Scholar
- Anderson Morais, Eliane Martins, Ana Cavalli, and Willy Jimenez. 2009. Security protocol testing using attack trees. In 2009 International Conference on Computational Science and Engineering, CSE’09. Vol. 2. IEEE, 690--697. Google Scholar
Digital Library
- Nuno Neves, Joao Antunes, Miguel Correia, Paulo Verissimo, and Rui Neves. 2006. Using attack injection to discover new vulnerabilities. In 2006 International Conference on Dependable Systems and Networks (DSN). IEEE, 457--466. Google Scholar
Digital Library
- James Newsome and Dawn Song. 2005. Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software. In Proceedings of the 12th Network and Distributed Systems Security Symposium. 3--4.Google Scholar
- Ivan Pustogarov, Thomas Ristenpart, and Vitaly Shmatikov. {n.d.}. Using program analysis to synthesize sensor spoofing attacks. In Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. 757--770. Google Scholar
Digital Library
- Md Ashfaqur Rahman and Hamed Mohsenian-Rad. 2013. False data injection attacks against nonlinear state estimation in smart power grids. In 2013 IEEE Power and Energy Society General Meeting (PES). IEEE, 1--5.Google Scholar
Cross Ref
- Indrajit Ray and Nayot Poolsapassit. 2005. Using attack trees to identify malicious attacks from authorized insiders. In Computer Security--ESORICS 2005. Springer, 231--246. Google Scholar
Digital Library
- Partha Datta Ray, Rajgopal Harnoor, and Mariana Hentea. 2010. Smart power grid security: A unified risk management approach. In 2010 IEEE International Carnahan Conference on Security Technology (ICCST). IEEE, 276--285.Google Scholar
- Bruce Schneier. 1999. Attack trees. Dr. Dobb’s Journal 24, 12 (1999), 21--29.Google Scholar
- Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002. Automated generation and analysis of attack graphs. In Proceeding of the 2002 IEEE Symposium on Security and Privacy. IEEE, 273--284. Google Scholar
Digital Library
- Siddharth Sridhar, Adam Hahn, and Manimaran Govindarasu. 2012. Cyber--physical system security for the electric power grid. Proc. IEEE 100, 1 (2012), 210--224.Google Scholar
Cross Ref
- Smart meter testing framework Termineter. 2017. Retrieved from https://code.google.com/p/termineter/.Google Scholar
- Olivier Thonnard and Marc Dacier. 2008. A framework for attack patterns’ discovery in Honeynet data. Digital Invest. 5 (2008), S128--S139. Google Scholar
Digital Library
- K. Zetter. 2010. Security pros question deployment of smart meters. Threat Level: Privacy, Crime and Security Online (March 2010).Google Scholar
- Berthier R. Zonouz, S. and P. Haghani. 2012. A fuzzy Markov model for scalable reliability analysis of advanced metering infrastructure. In ISGT’12. Google Scholar
Digital Library
Index Terms
Design-Level and Code-Level Security Analysis of IoT Devices
Recommendations
Security Modeling and Analysis
Security modeling centers on identifying system behavior, including any security defenses; the system adversary's power; and the properties that constitute system security. Once a security model is clearly defined, security analysis evaluates whether ...
Requirements and Recommendations for IoT/IIoT Models to automate Security Assurance through Threat Modelling, Security Analysis and Penetration Testing
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and SecurityThe factories of the future require efficient interconnection of their physical machines into the cyber space to cope with the emerging need of an increased uptime of machines, higher performance rates, an improved level of productivity and a collective ...
Formal security analysis of smart embedded systems
ACSAC '16: Proceedings of the 32nd Annual Conference on Computer Security ApplicationsSmart embedded systems are core components of Internet of Things (IoT). Many vulnerabilities and attacks have been discovered against different classes of IoT devices. Therefore, developing a systematic mechanism to analyze the security of smart ...






Comments