TOCTOU Resilient Attestation for IoT Networks (Full Version)

• URL: http://arxiv.org/abs/2502.07053v2
• Date: Wed, 12 Feb 2025 07:30:44 GMT
• Title: TOCTOU Resilient Attestation for IoT Networks (Full Version)
• Authors: Pavel Frolikov, Youngil Kim, Renascence Tarafder Prapty, Gene Tsudik,
• Abstract summary: TRAIN (TOCTOU-Resilient for IoT Networks) is an efficient technique that minimizes constant-time per-device vulnerability windows. We demonstrate TRAIN's viability and evaluate its performance via a fully functional and publicly available prototype.
• Score: 10.049514211874323
• License:
• Abstract: Internet-of-Things (IoT) devices are increasingly common in both consumer and industrial settings, often performing safety-critical functions. Although securing these devices is vital, manufacturers typically neglect security issues or address them as an afterthought. This is of particular importance in IoT networks, e.g., in the industrial automation settings. To this end, network attestation -- verifying the software state of all devices in a network -- is a promising mitigation approach. However, current network attestation schemes have certain shortcomings: (1) lengthy TOCTOU (Time-Of-Check-Time-Of-Use) vulnerability windows, (2) high latency and resource overhead, and (3) susceptibility to interference from compromised devices. To address these limitations, we construct TRAIN (TOCTOU-Resilient Attestation for IoT Networks), an efficient technique that minimizes TOCTOU windows, ensures constant-time per-device attestation, and maintains resilience even with multiple compromised devices. We demonstrate TRAIN's viability and evaluate its performance via a fully functional and publicly available prototype.

Related papers

• EILID: Execution Integrity for Low-end IoT Devices [12.193184827858326]
  EILID is a hybrid architecture that ensures software execution integrity on low-end devices. It is built atop CASU, a prevention-based (i.e., active) hybrid Root-of-Trust (RoT) that guarantees software immutability.
  arXiv  Detail & Related papers  (2025-01-16T00:31:39Z)
• DB-PAISA: Discovery-Based Privacy-Agile IoT Sensing+Actuation [10.978372324294153]
  Internet of Things (IoT) devices are becoming increasingly commonplace in numerous public and semi-private settings. Currently, most such devices lack mechanisms to facilitate their discovery by casual (nearby) users who are not owners or operators. This naturally triggers privacy, security, and safety issues. In this work, we construct DB-PAISA which addresses these issues via a pull-based method, whereby devices reveal their presence and capabilities only upon explicit user request.
  arXiv  Detail & Related papers  (2024-12-16T08:57:24Z)
• Is Your Kettle Smarter Than a Hacker? A Scalable Tool for Assessing Replay Attack Vulnerabilities on Consumer IoT Devices [1.5612101323427952]
  ENISA and NIST security guidelines emphasize the importance of enabling default local communication for safety and reliability. We propose a tool, named REPLIOT, able to test whether a replay attack is successful or not, without prior knowledge of the target devices. We find that 75% of the remaining devices are vulnerable to replay attacks with REPLIOT having a detection accuracy of 0.98-1.
  arXiv  Detail & Related papers  (2024-01-22T18:24:41Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• Technical Report-IoT Devices Proximity Authentication In Ad Hoc Network Environment [0.0]
  Internet of Things (IoT) is a distributed communication technology system that offers the possibility for physical devices to connect and exchange data. authentication to the IoT devices is essential as it is the first step in preventing any negative impact of possible attackers. This paper implements an IoT devices authentication scheme based on something that is in the IoT devices environment.
  arXiv  Detail & Related papers  (2022-10-01T03:07:42Z)
• InstantNet: Automated Generation and Deployment of Instantaneously Switchable-Precision Networks [57.37790305246986]
  We propose InstantNet to automatically generate and deploy instantaneously switchable-precision networks which operate at variable bit-widths. In experiments, the proposed InstantNet consistently outperforms state-of-the-art designs.
  arXiv  Detail & Related papers  (2021-04-22T04:07:43Z)
• Machine Learning for Massive Industrial Internet of Things [69.52379407906017]
  Industrial Internet of Things (IIoT) revolutionizes the future manufacturing facilities by integrating the Internet of Things technologies into industrial settings. With the deployment of massive IIoT devices, it is difficult for the wireless network to support the ubiquitous connections with diverse quality-of-service (QoS) requirements. We first summarize the requirements of the typical massive non-critical and critical IIoT use cases. We then identify unique characteristics in the massive IIoT scenario, and the corresponding machine learning solutions with its limitations and potential research directions.
  arXiv  Detail & Related papers  (2021-03-10T20:10:53Z)
• Autonomous Maintenance in IoT Networks via AoI-driven Deep Reinforcement Learning [73.85267769520715]
  Internet of Things (IoT) with its growing number of deployed devices and applications raises significant challenges for network maintenance procedures. We formulate a problem of autonomous maintenance in IoT networks as a Partially Observable Markov Decision Process. We utilize Deep Reinforcement Learning algorithms (DRL) to train agents that decide if a maintenance procedure is in order or not and, in the former case, the proper type of maintenance needed.
  arXiv  Detail & Related papers  (2020-12-31T11:19:51Z)
• Lightweight IoT Malware Detection Solution Using CNN Classification [2.288885651912488]
  The security aspect of IoT devices is an infant field, which is why it is our focus in this paper. We developed a system that can recognize malicious behavior of a specific IoT node on the network. Through convolutional neural network and monitoring, we were able to provide malware detection for IoT using a central node that can be installed within the network.
  arXiv  Detail & Related papers  (2020-10-13T10:56:33Z)
• Smart Home, security concerns of IoT [91.3755431537592]
  The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
  arXiv  Detail & Related papers  (2020-07-06T10:36:11Z)
• IoT Device Identification Using Deep Learning [43.0717346071013]
  The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
  arXiv  Detail & Related papers  (2020-02-25T12:24:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.