Biblio

Device attestation is a procedure to verify whether an embedded device is running the intended application code. This way, protection against both physical attacks and remote attacks on the embedded software is aimed for. With the wide adoption of Field-Programmable Gate Arrays or FPGAs, hardware also became configurable, and hence susceptible to attacks (just like software). In addition, an upcoming trend for hardware-based attestation is the use of configurable FPGA hardware. Therefore, in order to attest a whole system that makes use of FPGAs, the status of both the software and the hardware needs to be verified, without the availability of a tamper-resistant hardware module.In this paper, we propose a solution in which a prover core on the FPGA performs an attestation of the entire FPGA, including a self-attestation. This way, the FPGA can be used as a tamper-resistant hardware module to perform hardware-based attestation of a processor, resulting in a protection of the entire hardware/software system against malicious code updates.

In Diffie-Hellman Key Exchange (DHKE), two parties need to communicate to each other by sharing their secret key (cipher text) over an unsecure communication channel. An adversary or cryptanalyst can easily get their secret keys but cannot get the information (plaintext). Brute force is one the common tools used to obtain the secret key, but when the key is too large (etc. 1024 bits and 2048 bits) this tool is no longer suitable. Thus timing attacks have become more attractive in the new cryptographic era where networked embedded systems security present several vulnerabilities such as lower processing power and high deployment scale. Experiments on timing attacks are useful in helping cryptographers make security schemes more resistant. In this work, we timed the computations of the Discrete Log Hard Problem of the Diffie Hellman Key Exchange (DHKE) protocol implemented on an embedded system network and analyzed the timing patterns of 1024-bit and 2048-bit keys that was obtained during the attacks. We have chosen to implement the protocol on the Raspberry-pi board over U-BOOT Bare Metal and we used the GMP bignum library to compute numbers greater than 64 bits on the embedded system.

The Internet of Things and cloud computing (IoT Cloud) have a wide resonance in the Internet and modern communication technology, which allows laptops, phones, sensors, embedded devices, and other things to connect and exchange information via the Internet. Therefore, IoT Cloud offers several facilities, such as resources, storage, sharing, exchange, and communication. However, IoT Cloud suffers from security problems, which are a vital issue in the information technology world. All embedded devices in IoT Cloud need to be supported by strong authentication and preservation of privacy data during information exchange via the IoT Cloud environment. Malicious attacks (such as replay, man-in-the-middle [MITM], and impersonation attacks) play the negative role of obtaining important information of devices. In this study, we propose a good scheme that overcomes the mentioned issues by resisting well-known attacks, such as MITM, insider, offline password guessing, dictionary, replay, and eavesdropping. Our work achieves device anonymity, forward secrecy, confidentiality, and mutual authentication. Security and performance analyses show that our proposed scheme is more efficient, flexible, and secure with respect to several known attacks compared with related schemes.

In the production process of embedded device, due to the frequent reuse of third-party libraries or development kits, there are large number of same vulnerabilities that appear in more than one firmware. Homology analysis is often used in detecting this kind of vulnerabilities caused by code reuse or third-party reuse and in the homology analysis, the widely used methods are mainly Binary difference analysis, Normalized compression distance, String feature matching and Fuzz hash. But when we use these methods for homology analysis, we found that the detection result is not ideal and there is a high false positive rate. Focusing on this problem, we analyzed the application scenarios of these four methods and their limitations by combining different methods and different types of files and the experiments show that the combination of methods and files have a better performance in homology analysis.

Identity-Based Encryption (IBE) was introduced as an elegant concept for secure data exchange due to its simplified key management by specifically addressing the asymmetric key distribution problems in multi-user scenarios. In the context of ad-hoc network connections that are of particular importance in the emerging Internet of Things, the simple key discovery procedures as provided by IBE are very beneficial in many situations. In this work we demonstrate for the first time that IBE has become practical even for a range of embedded devices that are populated with low-cost ARM Cortex-M microcontrollers or reconfigurable hardware components. More precisely, we adopt the IBE scheme proposed by Ducas et al. at ASIACRYPT 2014 based on the RLWE problem for which we provide implementation results for two security levels on the aforementioned embedded platforms. We give evidence that the implementations of the basic scheme are efficient, as for a security level of 80 bits it requires 103 ms and 36 ms for encryption and decryption, respectively, on the smallest ARM Cortex-M0 microcontroller.