skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Low-Cost and Secure Firmware Obfuscation Method for Protecting Electronic Systems from Cloning
The continuous growth of the cloning of electronic devices poses a severe threat to our critical infrastructure that uses the Internet, as cloned devices can transmit secret information and cause security concerns. Cloned devices can also be unreliable as they may be manufactured with inferior quality materials, and they may have many defects as they may not be tested properly. It is thus extremely important to protect these electronic devices from cloning. An efficient way to prevent a device being cloned is to prevent the firmware from being copied because, without the proper firmware, the device will not function like the original. In this paper, we present a novel firmware obfuscation method without encrypting the entire memory. The firmware is obfuscated by swapping a subset of instructions. The instructions to be swapped are specifically chosen so that an attacker cannot discover their location. During operation, the hardware reconstructs the original program using a PUF-generated identifier (ID) and a small memory that stores the swapped instructions. An adversary cannot make a program work completely without knowing which instructions have been swapped, as the program will execute in the wrong sequence and produce the incorrect result. Our proposed solution requires only a small overhead to reconstruct the firmware, making it practical for devices with strict resource constraints. This solution also allows remote updates of new obfuscated firmware without any modification and is practical for the rising trend of ubiquitous computing.  more » « less
Award ID(s):
1755733
PAR ID:
10088997
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
IEEE Internet of Things Journal
ISSN:
2372-2541
Page Range / eLocation ID:
1 to 1
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. (, 2023 IEEE Symposium on Security and Privacy (SP))
    Today’s software programs are bloating and have become extremely complex. As there is typically no internal isolation among modules in a program, a vulnerability can be exploited to corrupt the memory and take control of the whole program. Program modularization is thus a promising security mechanism that splits a complex program into smaller modules, so that memory-access instructions can be constrained from corrupting irrelevant modules. A general approach to realizing program modularization is dependence analysis which determines if an instruction is independent of specific code or data; and if so, it can be modularized. Unfortunately, dependence analysis in complex programs is generally considered infeasible, due to problems in data-flow analysis, such as unknown indirect-call targets, pointer aliasing, and path explosion. As a result, we have not seen practical automated program modularization built on dependence analysis. This paper presents a breakthrough---Type-based dependence analysis for Program Modularization (TyPM). Its goal is to determine which modules in a program can never pass a type of object (including references) to a memory-access instruction; therefore, objects of this type that are created by these modules can never be valid targets of the instruction. The idea is to employ a type-based analysis to first determine which types of data flows can take place between two modules, and then transitively resolve all dependent modules of a memory-access instruction, with respect to the specific type. Such an approach avoids the data-flow analysis and can be practical. We develop two important security applications based on TyPM: refining indirect-call targets and protecting critical data structures. We extensively evaluate TyPM with various system software, including an OS kernel, a hypervisor, UEFI firmware, and a browser. Results show that on average TyPM additionally refines indirect-call targets produced by the state of the art by 31%-91%. TyPM can also remove 99.9% of modules for memory-write instructions to prevent them from corrupting critical data structures in the Linux kernel. 
    more » « less
  2. ; ; (, 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN))
    In the recent past, there has been a rapid increase in attacks on consumer Internet-of-Things (IoT) devices. Several attacks currently focus on easy targets for exploitation, such as weak configurations (weak default passwords). However, with governments, industries, and organizations proposing new laws and regulations to reduce and prevent such easy targets in the IoT space, attackers will move to more subtle exploits in these devices. Memory corruption vulnerabilities are a significant class of vulnerabilities in software security through which attackers can gain control of the entire system. Numerous memory corruption vulnerabilities have been found in IoT firmware already deployed in the consumer market. This paper presents an approach for exploiting stack-based buffer-overflow attacks in IoT firmware, to hijack the device remotely. To show the feasibility of this approach, we demonstrate exploiting a common network software application, Connman, used widely in IoT firmware such as Samsung smart TVs. A series of experiments are reported on, including: crashing and executing arbitrary code in the targeted software application in a controlled environment, adopting the attacks in uncontrolled environments (with standard software defenses such as W⊕X and ASLR enabled), and installing publicly available IoT firmware that uses this software application on a Raspberry Pi. The presented exploits demonstrate the ease in which an adversary can control IoT devices. 
    more » « less
  3. ; ; (, ACM Transactions on Embedded Computing Systems)
    null (Ed.)
    Electronic device fingerprints, unique bit vectors extracted from device's physical properties, are used to differentiate between instances of functionally identical devices. This article introduces a new technique that extracts fingerprints from unique properties of partially erased NOR flash memory cells in modern microcontrollers. NOR flash memories integrated in modern systems-on-a-chip typically hold firmware and read-only data, but they are increasingly in-system-programmable, allowing designers to erase and program them during normal operation. The proposed technique leverages partial erase operations of flash memory segments that bring them into the state that exposes physical properties of the flash memory cells through a digital interface. These properties reflect semiconductor process variations and defects that are unique to each microcontroller or a flash memory segment within a microcontroller. The article explores threshold voltage variation in NOR flash memory cells for generating fingerprints and describes an algorithm for extracting fingerprints. The experimental evaluation utilizing a family of commercial microcontrollers demonstrates that the proposed technique is cost-effective, robust, and resilient to changes in voltage and temperature as well as to aging effects. 
    more » « less
  4. (, 2022 IEEE International Conference on Digital Health (ICDH))
    In modern healthcare, smart medical devices are used to ensure better and informed patient care. Such devices have the capability to connect to and communicate with the hospital's network or a mobile application over wi-fi or Bluetooth, allowing doctors to remotely configure them, exchange data, or update the firmware. For example, Cardiovascular Implantable Electronic Devices (CIED), more commonly known as Pacemakers, are increasingly becoming smarter, connected to the cloud or healthcare information systems, and capable of being programmed remotely. Healthcare providers can upload new configurations to such devices to change the treatment. Such configurations are often exchanged, reused, and/or modified to match the patient's specific health scenario. Such capabilities, unfortunately, come at a price. Malicious entities can provide a faulty configuration to such devices, leading to the patient's death. Any update to the state or configuration of such devices must be thoroughly vetted before applying them to the device. In case of any adverse events, we must also be able to trace the lineage and propagation of the faulty configuration to determine the cause and liability issues. In a highly distributed environment such as today's hospitals, ensuring the integrity of configurations and security policies is difficult and often requires a complex setup. As configurations propagate, traditional access control and authentication of the healthcare provider applying the configuration is not enough to prevent installation of malicious configurations. In this paper, we argue that a provenance-based approach can provide an effective solution towards hardening the security of such medical devices. In this approach, devices would maintain a verifiable provenance chain that would allow assessing not just the current state, but also the past history of the configuration of the device. Also, any configuration update would be accompanied by its own secure provenance chain, allowing verification of the origin and lineage of the configuration. The ability to protect and verify the provenance of devices and configurations would lead to better patient care, prevent malfunction of the device due to malicious configurations, and allow after-the-fact investigation of device configuration issues. In this paper, we advocate the benefits of such an approach and sketch the requirements, implementation challenges, and deployment strategies for such a provenance-based system. 
    more » « less
  5. ; (, Zenodo)
    This is the artifact abstract for the ICSE 2024 paper, *Semantic Analysis of Macro Usage for Portability*. This artifact provides the source code of Maki, the tool described in the paper, and instructions on how to run Maki to replicate the results originally reported in the paper. The paper's original results are also included so that one may cross-reference them against the results they obtain while attempting to replicate them. We claim the **available** and **reusable** badges. We believe this artifact deserves the available badge because it is publicly available on Zenodo at https://doi.org/10.5281/zenodo.7783131 (DOI 10.5281/zenodo.7783131). We believe this artifact deserves the reusable badge because it includes instructions for reproducing all the paper's major results, along with a dataset one may verify them against. This artifact also utilizes Docker to facilitate reuse, as recommended in the ICSE 2024 Call for Artifact Submissions. A reviewer who wishes to evaluate this artifact must be familiar with Docker and the Linux command line. Clang and Python experience is advised, but not essential. A reviewer will need Docker to run the artifact, and should have a device with at least 8 threads and 8GB of RAM. "Kicking the tires" and replicating a portion of the paper's original results should take about 20 minutes of time and 2GB of storage memory. Replicating the paper's full results would require over two weeks of time and 620GB of storage memory. The artifact does not require any specific operating system or environment to run. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email