Abstract
The Internet of Things (IoT) is a latest concept of machine-to-machine communication, that also gave birth to several information security problems. Many traditional software solutions fail to address these security issues such as trustworthiness of remote entities. Remote attestation is a technique given by Trusted Computing Group (TCG) to monitor and verify this trustworthiness. In this regard, various remote validation methods have been proposed. However, static techniques cannot provide resistance to recent attacks e.g. the latest Heartbleed bug, and the recent high profile glibc attack on Linux operating system. In this research, we have designed and implemented a lightweight Linux kernel security module for IoT devices that is scalable enough to monitor multiple applications in the kernel space. The newly built technique can measure and report multiple application’s static and dynamic behavior simultaneously. Verification of behavior of applications is performed via machine learning techniques. The result shows that deviating behavior can be detected successfully by the verifier.
Similar content being viewed by others
References
Internet of Things. http://www.gartner.com/newsroom/id/3165317
Embedded linux keeps growing. https://www.linux.com/news/embedded-linux-keeps-growing-amid-iot-disruption-says-study (2016). Accessed 08 April 2016
Zhao, B., Zhang, H., Guo, H., Qi, Y.: White list security management mechanism based on trusted computing technology. System 1, 6 (2015)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: SSYM’04: Proceedings of the 13th Conference on USENIX Security Symposium (2004)
Li, X., Xuan, Z., Wen, L.: Research on the architecture of trusted security system based on the internet of things. In: Intelligent Computation Technology and Automation (ICICTA), 2011 International Conference on, vol. 2, pp. 1172–1175 (2011). doi:10.1109/ICICTA.2011.578
Tcg. trusted computing group, http://www.trustedcomputinggroup.org/
Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., O’Hanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. Int J Inf Secur 10(2), 63–81 (2011). doi:10.1007/s10207-011-0124-7
Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. InUSENIX Security Symposium, vol. 13, pp. 223–238.(2004)
Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on program execution. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC ’08, pp. 11–20. ACM, New York (2008). doi:10.1145/1456455.1456458
Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In: Dependable Systems & Networks, 2009. DSN’09. IEEE/IFIP International Conference on, pp. 115–124. IEEE (2009)
Trusting Computing Group. http://www.trustedcomputinggroup.org/ (2014). Accessed 17 Dec 2015
Glibc. http://www.infosecurity-magazine.com/news/glibc-flaw-affects-linux-machines (2016). Accessed 05 April 2016
Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014)
Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux kernel integrity measurement using contextual inspection. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, STC ’07, pp. 21–29. ACM, New York (2007). doi:10.1145/1314354.1314362
Liang, G., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on function execution (2009)
Tanveer, T.A., Alam, M., Nauman, M.: Scalable remote attestation with privacy protection. In: Trusted Systems, pp. 73–87. Springer, Heidelberg (2010)
Ismail, R., Syed, T.A., Musa, S.: Design and implementation of an efficient framework for behaviour attestation using n-call slides. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, p. 36. ACM (2014)
Uppuluri, P., Sekar, R.: Experiences with specification-based intrusion detection. In: Recent Advances in Intrusion Detection, pp. 172–189. Springer, Heidelberg (2001)
Ni, L., Zheng, H.Y.: An unsupervised intrusion detection method combined clustering with chaos simulated annealing. In: Machine Learning and Cybernetics, 2007 International Conference on, vol. 6, pp. 3217–3222. IEEE (2007)
Gong, Y., Mabu, S., Chen, C., Wang, Y., Hirasawa, K.: Intrusion detection system combining misuse detection and anomaly detection using genetic network programming. In: ICCAS-SICE, 2009, pp. 3463–3467. IEEE (2009)
Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans Computers 63(4), 807–819 (2014)
Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and communications security, pp. 116–127. ACM (2007)
Canali, D., Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: A quantitative study of accuracy in system call-based malware detection. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 122–132. ACM (2012)
Ali, T., Alam, M., Nauman, M., Ali, T., Ali, M., Anwar, S.: A scalable and privacy preserving remote attestation mechanism. Inf-An Int Interdiscipl J 14(4), 1193–1203 (2011)
Ismail, R., Syed, T.A., Musa, S.: Design and implementation of an efficient framework for behaviour attestation using n-call slides. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, ICUIMC ’14, pp. 36:1–36:8. ACM, New York (2014). doi:10.1145/2557977.2558002
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009). doi:10.1145/1656274.1656278
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ali, T., Nauman, M. & Jan, S. Trust in IoT: dynamic remote attestation through efficient behavior capture. Cluster Comput 21, 409–421 (2018). https://doi.org/10.1007/s10586-017-0877-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-0877-5