Biblio

The IoT industry has developed rapidly in recent years, which has attracted the attention of security researchers. However, the researchers are hampered by the wide variety of IoT device operating systems and their hardware architectures. Especially for the lightweight IoT devices, many manufacturers do not provide the device firmware images, embedded firmware source code or even the develop documents. As a result, it hinders traditional static analysis and dynamic analysis techniques. In this paper, we propose a novel dynamic analysis framework, called FIoT, which aims at finding memory corruption vulnerabilities in lightweight IoT device firmware images. The key idea is dynamically run the binary code snippets through symbolic execution with carrying out a fuzzing test. Specifically, we generate code snippets through traversing the control-flow graph (CFG) in a backward manner. We improved the CFG recovery approach and backward slice approach for better performance. To reduce the influence of the binary firmware, FIoT leverages loading address determination analysis and library function identification approach. We have implemented a prototype of FIoT and conducted experiments. Our results show that FIoT can complete the Fuzzing test within 40 seconds in average. Considering 170 seconds for static analysis, FIoT can load and analyze a lightweight IoT firmware within 210 seconds in total. Furthermore, we illustrate the effectiveness of FIoT by applying it over 115 firmware images from 17 manufacturers. We have found 35 images exist memory corruptions, which are all zero-day vulnerabilities.

The Internet of Things (IoT) provides connectivity between heterogeneous devices in different applications, such as smart wildlife, supply chain and traffic management. Trust management system (TMS) assesses the trustworthiness of service with respect to its quality. Under different context information, a service provider may be trusted in one context but not in another. The existing context-aware trust models usually store trust values under different contexts and search the closest (to a given context) record to evaluate the trustworthiness of a service. However, it is not suitable for distributed resource-constrained IoT devices which have small memory and low power. Reputation systems are applied in many trust models where trustor obtains recommendations from others. In context-based trust evaluation, it requires interactive queries to find relevant information from remote devices. The communication overhead and energy consumption are issues in low power networks like 6LoWPAN. In this paper, we propose a new context-aware trust model for lightweight IoT devices. The proposed model provides a trustworthiness overview of a service provider without storing past behavior records, that is, constant size storage. The proposed model allows a trustor to decide the significance of context items. This could result in distinctive decisions under the same trustworthiness record. We also show the performance of the proposed model under different attacks.