当前位置: X-MOL 学术Secur. Commun. Netw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
RIPTE: Runtime Integrity Protection Based on Trusted Execution for IoT Device
Security and Communication Networks Pub Date : 2020-09-23 , DOI: 10.1155/2020/8957641
Yu Qin 1 , Jingbin Liu 1 , Shijun Zhao 1 , Dengguo Feng 1 , Wei Feng 1
Affiliation  

Software attacks like worm, botnet, and DDoS are the increasingly serious problems in IoT, which had caused large-scale cyber attack and even breakdown of important information infrastructure. Software measurement and attestation are general methods to detect software integrity and their executing states in IoT. However, they cannot resist TOCTOU attack due to their static features and seldom verify correctness of control flow integrity. In this paper, we propose a novel and practical scheme for software trusted execution based on lightweight trust. Our scheme RIPTE combines dynamic measurement and control flow integrity with PUF device binding key. Through encrypting return address of program function by PUF key, RIPTE can protect software integrity at runtime on IoT device, enabling to prevent the code reuse attacks. The results of our prototype’s experiment show that it only increases a small size TCB and has a tiny overhead in IoT devices under the constraint on function calling. In sum, RIPTE is secure and efficient in IoT device protection at runtime.

中文翻译:

RIPTE:基于可信执行的物联网设备运行时完整性保护

蠕虫,僵尸网络和DDoS等软件攻击是物联网中日益严重的问题,已引起大规模的网络攻击,甚至破坏了重要的信息基础架构。软件度量和证明是检测软件完整性及其在IoT中的执行状态的常规方法。但是,由于它们的静态功能,它们无法抵抗TOCTOU攻击,并且很少验证控制流完整性的正确性。在本文中,我们提出了一种基于轻量级信任的新颖实用的软件信任执行方案。我们的方案RIPTE将动态测量和控制流完整性与PUF设备绑定密钥结合在一起。通过使用PUF密钥加密程序功能的返回地址,RIPTE可以在运行时保护IoT设备上的软件完整性,从而防止代码重用攻击。我们的原型实验结果表明,在功能调用的约束下,它只会增加一个较小的TCB,并且在IoT设备中的开销很小。总而言之,RIPTE在运行时对物联网设备的保护是安全高效的。
更新日期:2020-10-02
down
wechat
bug