skip to main content
research-article

Design-Level and Code-Level Security Analysis of IoT Devices

Published:07 May 2019Publication History
Skip Abstract Section

Abstract

The Internet of Things (IoT) is playing an important role in different aspects of our lives. Smart grids, smart cars, and medical devices all incorporate IoT devices as key components. The ubiquity and criticality of these devices make them an attractive target for attackers. Therefore, we need techniques to analyze their security so that we can address their potential vulnerabilities. IoT devices, unlike remote servers, are user-facing and, therefore, an attacker may interact with them more extensively, e.g., via physical access. Existing techniques for analyzing security of IoT devices either rely on a pre-defined set of attacks and, therefore, have limited effect or do not consider the specific capabilities the attackers have against IoT devices.

Security analysis techniques may operate at the design-level, leveraging abstraction to avoid state-space explosion, or at the code-level for ensuring accuracy. In this article, we introduce two techniques, one at the design-level, and the other at the code-level, to analyze security of IoT devices, and compare their effectiveness. The former technique uses model checking, while the latter uses symbolic execution, to find attacks based on the attacker’s capabilities. We evaluate our techniques on an open source smart meter. We find that our code-level analysis technique is able to find three times more attacks and complete the analysis in half the time, compared to the design-level analysis technique, with no false positives.

References

  1. 2017. In-Stat and NDP Group Company. Retrieved from http://www.instat.com/press.asp?ID=33528sku=IN1104731WH.Google ScholarGoogle Scholar
  2. 2017. Smart Energy Groups Home Page. Retrieved from http://smartenergygroups.com.Google ScholarGoogle Scholar
  3. 2017. Acunetix Web Application Security Scanner. Retrieved from http://www.acunetix.com/.Google ScholarGoogle Scholar
  4. 2017. Clang: A C Language Family Frontend for LLVM. Retrieved from https://clang.llvm.org/.Google ScholarGoogle Scholar
  5. 2017. FBI: Smart Meter Hacks Likely to Spread. Retrieved from http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/.Google ScholarGoogle Scholar
  6. 2017. Hacking Humans. Retrieved from http://blog.kaspersky.com/hacking-humans/.Google ScholarGoogle Scholar
  7. 2017. Hacking Medical Devices for Fun and Insulin: Breaking the Human. Retrieved from https://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf.Google ScholarGoogle Scholar
  8. 2017. HP WebInspect. Retrieved from http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/index.html.Google ScholarGoogle Scholar
  9. 2017. IBM Security AppScan. Retrieved from http://www-03.ibm.com/software/products/en/appscan.Google ScholarGoogle Scholar
  10. 2017. Arduino home page. Retrieved July 31, 2017 from http://www.arduino.cc.Google ScholarGoogle Scholar
  11. 2017. UK Department of Energy, Smart Meter Design Document. Retrieved July 31, 2017 from https://www.ofgem.gov.uk/ofgem-publications/63541/smart-metering-prospectus.pdf.Google ScholarGoogle Scholar
  12. 2017. National Vulnerability Database. Retrieved from https://nvd.nist.gov/.Google ScholarGoogle Scholar
  13. 2017. SymbolicLua. Retrieved from https://github.com/kohyatoh/symboliclua.Google ScholarGoogle Scholar
  14. Martín Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security. ACM, 340--353.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Barry Boehm and Victor R. Basili. 2005. Software defect reduction top 10 list. Foundations of Empirical Software Engineering: The Legacy of Victor R. Basili 426 (2005), 37.Google ScholarGoogle Scholar
  16. Barry W. Boehm. 1988. Understanding and controlling software costs. J. Parametrics 8, 1 (1988), 32--68.Google ScholarGoogle ScholarCross RefCross Ref
  17. S. Brinkhaus, D. Carluccio, U. Greveler, D. B. Justus, and C. Wegener. 2011. Smart Hacking for Privacy. In 28th Chaos Communication Congress. Berlin, Germany.Google ScholarGoogle Scholar
  18. Eric J. Byres, Matthew Franz, and Darrin Miller. 2004. The use of attack trees in assessing vulnerabilities in SCADA systems. In Proceedings of the International Infrastructure Survivability Workshop. Citeseer.Google ScholarGoogle Scholar
  19. Cristian Cadar, Daniel Dunbar, Dawson R. Engler, et al. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, Vol. 8. 209--224. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Shuo Chen, Jun Xu, Nithin Nakka, Zbigniew Kalbarczyk, and Ravishankar K. Iyer. 2005. Defeating memory corruption attacks via pointer taintedness detection. In DSN 2005. IEEE, 378--387. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Manuel Clavel, Francisco Durán, Steven Eker, Patrick Lincoln, Narciso Martí-Oliet, José Meseguer, and Carolyn Talcott. 2007. All About Maude-a High-performance Logical Framework: How to Specify, Program and Verify Systems in Rewriting Logic. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. 2013. FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution. In USENIX Security Symposium. 463--478. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337--340. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Stéphanie Delaune, Steve Kremer, and Graham Steel. 2010. Formal security analysis of PKCS# 11 and proprietary extensions. J. Comput. Secur. 18, 6 (2010), 1211--1245. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. K. Fehrenbacher. 2010. Smart Meter Worm Could Spread Like a Virus. Retrieved from http://earth2tech.com/2009/07/31/smart-meter-worm-could-spread-like-a-virus/.Google ScholarGoogle Scholar
  26. Eduardo Fernandez, Juan Pelaez, and Maria Larrondo-Petrie. 2007. Attack patterns: A new forensic and design tool. In Advances in Digital Forensics III. Springer, 345--357.Google ScholarGoogle Scholar
  27. Michael Gegick and Laurie Williams. 2005. Matching attack patterns to security vulnerabilities in software-intensive system designs. ACM SIGSOFT Software Eng. Notes 30, 4 (2005), 1--7. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. David Gries. 2012. The Science of Programming. Springer Science 8 Business Media.Google ScholarGoogle Scholar
  29. itron. 2018. Retrieved from https://www.itron.com/.Google ScholarGoogle Scholar
  30. Somesh Jha, Oleg Sheyner, and Jeannette Wing. 2002. Two formal analyses of attack graphs. In Proceedings of the 15th IEEE Computer Security Foundations Workshop. IEEE, 49--63. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Department of Energy and Climate Change and the Office of Gas and Electricity Markets. 2011. Smart Metering Implementation Programm. Retrieved July 31, 2017 from http://www.ofgem.gov.uk/e-serve/sm/Documentation/Documents1/Design20Requirements.pdf.Google ScholarGoogle Scholar
  32. Himanshu Khurana, Mark Hadley, Ning Lu, and Deborah A. Frincke. 2010. Smart-grid security issues. IEEE Secur. Privacy (2010), 81--85. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Christoph Klemenjak, Dominik Egarter, and Wilfried Elmenreich. 2015. YoMo: The Arduino-based smart metering board. Comput. Sci. Res. Dev. (2015), 1--7. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. 2010. Experimental security analysis of a modern automobile. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP’10). IEEE Computer Society, Washington, DC, 447--462. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. landis. 2018. Retrieved from https://www.landisgyr.com/.Google ScholarGoogle Scholar
  36. N. Lewson. 2010. Smart Meter Crypto Flaw Worse Than Thought. Retrieved July 31, 2017 from http://rdist.root.org/2010/01/11/smart-meter-crypto-flaw-worse-than-thought.Google ScholarGoogle Scholar
  37. Lanchao Liu, Mohammad Esmalifalak, Qifeng Ding, Valentine A Emesih, and Zhu Han. 2014. Detecting false data injection attacks on power grid by sparse optimization. IEEE Trans. Smart Grid 5, 2 (2014), 612--621.Google ScholarGoogle ScholarCross RefCross Ref
  38. Narciso Martí-Oliet and José Meseguer. 1996. Rewriting logic as a logical and semantic framework. Electronic Notes in Theoretical Computer Science 4 (1996), 190--225.Google ScholarGoogle ScholarCross RefCross Ref
  39. Petr Matousek, Jaroslav Ráb, Ondrej Rysavy, and Miroslav Svéda. 2008. A formal model for network-wide security analysis. In ECBS 2008. IEEE, 171--181. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Sjouke Mauw and Martijn Oostdijk. 2006. Foundations of attack trees. In Information Security and Cryptology-ICISC 2005. Springer, 186--198. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. P. McDaniel and S. McLaughlin. 2009. Security and privacy challenges in the smart grid. IEEE S&P (2009), 75--77. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel. 2010. Energy theft in the advanced metering infrastructure. In Critical Information Infrastructures Security. Springer, 176--187. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Stephen McLaughlin, Dmitry Podkuiko, Sergei Miadzvezhanka, Adam Delozier, and Patrick McDaniel. 2010. Multi-vendor penetration testing in the advanced metering infrastructure. In Proceedings of ACSAC’10. ACM, 107--116. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Marino Miculan and Caterina Urban. 2011. Formal analysis of Facebook connect single sign-on authentication protocol. In SOFSEM, Vol. 11. Citeseer, 22--28.Google ScholarGoogle Scholar
  45. Barton P. Miller, Louis Fredriksen, and Bryan So. 1990. An empirical study of the reliability of UNIX utilities. Commun. ACM 33, 12 (1990), 32--44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Farid Molazem and Karthik Pattabiraman. 2012. A model for security analysis of smart meters. In WRAITS, Dependable Systems and Networks Workshops (DSN-W).Google ScholarGoogle Scholar
  47. Farid Molazem and Karthik Pattabiraman. 2016. Formal security analysis of smart embedded systems. In Proceedings of the 2016 Annual Computer Security Applications Conference (ACSAC’16). IEEE Computer Society.Google ScholarGoogle Scholar
  48. Anderson Morais, Eliane Martins, Ana Cavalli, and Willy Jimenez. 2009. Security protocol testing using attack trees. In 2009 International Conference on Computational Science and Engineering, CSE’09. Vol. 2. IEEE, 690--697. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Nuno Neves, Joao Antunes, Miguel Correia, Paulo Verissimo, and Rui Neves. 2006. Using attack injection to discover new vulnerabilities. In 2006 International Conference on Dependable Systems and Networks (DSN). IEEE, 457--466. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. James Newsome and Dawn Song. 2005. Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software. In Proceedings of the 12th Network and Distributed Systems Security Symposium. 3--4.Google ScholarGoogle Scholar
  51. Ivan Pustogarov, Thomas Ristenpart, and Vitaly Shmatikov. {n.d.}. Using program analysis to synthesize sensor spoofing attacks. In Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. 757--770. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Md Ashfaqur Rahman and Hamed Mohsenian-Rad. 2013. False data injection attacks against nonlinear state estimation in smart power grids. In 2013 IEEE Power and Energy Society General Meeting (PES). IEEE, 1--5.Google ScholarGoogle ScholarCross RefCross Ref
  53. Indrajit Ray and Nayot Poolsapassit. 2005. Using attack trees to identify malicious attacks from authorized insiders. In Computer Security--ESORICS 2005. Springer, 231--246. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Partha Datta Ray, Rajgopal Harnoor, and Mariana Hentea. 2010. Smart power grid security: A unified risk management approach. In 2010 IEEE International Carnahan Conference on Security Technology (ICCST). IEEE, 276--285.Google ScholarGoogle Scholar
  55. Bruce Schneier. 1999. Attack trees. Dr. Dobb’s Journal 24, 12 (1999), 21--29.Google ScholarGoogle Scholar
  56. Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002. Automated generation and analysis of attack graphs. In Proceeding of the 2002 IEEE Symposium on Security and Privacy. IEEE, 273--284. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Siddharth Sridhar, Adam Hahn, and Manimaran Govindarasu. 2012. Cyber--physical system security for the electric power grid. Proc. IEEE 100, 1 (2012), 210--224.Google ScholarGoogle ScholarCross RefCross Ref
  58. Smart meter testing framework Termineter. 2017. Retrieved from https://code.google.com/p/termineter/.Google ScholarGoogle Scholar
  59. Olivier Thonnard and Marc Dacier. 2008. A framework for attack patterns’ discovery in Honeynet data. Digital Invest. 5 (2008), S128--S139. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. K. Zetter. 2010. Security pros question deployment of smart meters. Threat Level: Privacy, Crime and Security Online (March 2010).Google ScholarGoogle Scholar
  61. Berthier R. Zonouz, S. and P. Haghani. 2012. A fuzzy Markov model for scalable reliability analysis of advanced metering infrastructure. In ISGT’12. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Design-Level and Code-Level Security Analysis of IoT Devices

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Embedded Computing Systems
      ACM Transactions on Embedded Computing Systems  Volume 18, Issue 3
      Special Issue on Cryptographic Engineering for IoT: Security Foundations, Lightweight Solutions, and Attacks and Regular Papers
      May 2019
      214 pages
      ISSN:1539-9087
      EISSN:1558-3465
      DOI:10.1145/3323876
      Issue’s Table of Contents

      Copyright © 2019 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 7 May 2019
      • Accepted: 1 January 2019
      • Revised: 1 October 2018
      • Received: 1 October 2017
      Published in tecs Volume 18, Issue 3

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
      • Research
      • Refereed

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!