Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
The Journal of Supercomputing

18.05.2024

Analysis of crypto module in RIOT OS using Frama-C

verfasst von: Nirnai Rai, Jyoti Grover

Erschienen in: The Journal of Supercomputing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

With the growing advances in Internet of Things (IoT) technology, it has become an indispensable part of many areas like home automation, industries, medical equipment, etc. Thus, the security of the IoT hardware and software is of utmost importance. The availability of secure IoT software components allows for better confidence in the use of IoT devices for consumers. IoT operating systems are core software components of the IoT ecosystem. There are a lot of IoT operating systems (OSes) available, but Real-time Operating System for IoT (RIOT) is one of the most commonly used open-source OS used by universities and businesses. As the RIOT source code is written in C, it inherently has some security vulnerabilities. With IoT devices having the characteristic of limited battery and computational capability, it is very challenging to detect cyber-attacks online. This would necessitate more rigorous security checks being performed on the device prior to deployment. For the security of the RIOT OS, the analysis techniques used in highly critical domains can also be applied to IoT software. Thus, the purpose of this work is to apply techniques such as formal verification to the crypto module of RIOT using a software analysis platform for C code, namely Frama-C in order to analyze the security aspects of the module.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
1.
Keerthi K, Indrani R, Aritra H, Chester R (2019) Formal verification for security in IoT devices. In: Chakraborty RS, Mathew J, Vasilakos AV (eds) Security and fault tolerance in internet of things. Springer, Berlin, pp 179–200CrossRef
2.
Mike D (2022) Formally verifying industry cryptography. IEEE Secur Priv 20(3):65–70CrossRef
3.
Hasan O, Tahar S (2015) Formal verification methods. In: Khosrow-Pour DBA (ed) Encyclopedia of information science and technology. Igi Global, Pennsylvania
4.
Blanchard A, Kosmatov N, Loulergue F (2018) A lesson on verification of IoT software with Frama-C. In: 2018 International Conference on High Performance Computing & Simulation (HPCS), pp 21–30
5.
Baccelli E, Hahm O, Günes M, Wählisch M, Schmidt TC (2013) RIOT OS: towards an os for the internet of things. In: 2013 IEEE Conference on Computer Communications Eorkshops (INFOCOM WKSHPS), pp 79–80
6.
Cuoq P, Kirchner F, Kosmatov N, Prevosto V, Signoles J, Yakobowski B (2012) Frama-C: a software analysis perspective. Springer, Berlin, pp 233–247
7.
Abdullah A-B, Khaled W, Mohammad E-R (2021) The presence, trends, and causes of security vulnerabilities in operating systems of IoT’s low-end devices. MDPI Sens 21(7):2329CrossRef
8.
McBride J, Arief B, Hernandez-Castro JC (2018) Security analysis of Contiki IoT operating system. ACM Digital Library Junction Publishing, pp 278–283
9.
Mullen G (2019) Liam meany assessment of buffer overflow based attacks on an IoT operating system. Global IoT Summit (GIoTS)
10.
Liang H, Zhao Q, Wang Y, Liu H (2016) Understanding and detecting performance and security bugs in IoT oses. In: 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), IEEE, pp 413–418
11.
Li D, Zhang Z, Liao W, Xu Z (2018) KLRA: a kernel level resource auditing tool for IoT operating system security. In: 2018 IEEE/ACM Symposium on Edge Computing (SEC), IEEE, pp 427–432
12.
Koivunen L, Rauti S, Leppänen V (2016) Ville applying internal interface diversification to IoT operating systems. In: 2016 International Conference on Software Security and Assurance (ICSSA), IEEE, pp 1–5
13.
Mäki P, Rauti S, Hosseinzadeh S, Koivunen L, Leppänen V (2016) Ville interface diversification in iot operating systems. In: Proceedings of the 9th International Conference on Utility and Cloud Computing, pp 304–309
14.
Calatayud BM, Meany L (2022) A comparative analysis of Buffer Overflow vulnerabilities in High-End IoT devices. In: 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), IEEE, pp 0694–0701.
15.
16.
Yuan S, Talpin JP (2021) Verified functional programming of an IoT operating system’s bootloader. In: Proceedings of the 19th ACM-IEEE International Conference on Formal Methods and Models for System Design, pp 89–97
17.
Peyrard A, Kosmatov N, Duquennoy S, Raza S (2018) Towards formal verification of Contiki: analysis of the AES–CCM* modules with Frama-C. In: RED-IOT 2018-Workshop on Recent advances in secure management of data and resources in the IoT
18.
Mangano F, Duquennoy S, Kosmatov N (2016) Formal verification of a memory allocation module of Contiki with Frama-C: a case study. In: International Conference on Risks and Security of Internet and Systems, Springer, pp 114–120
19.
Blanchard A, Kosmatov N, Loulergue F (2018) Ghosts for lists: a critical module of Contiki verified in Frama-C. In: NASA formal methods: 10th international symposium, NFM 2018, Newport News, VA, USA, April 17-19, 2018, Proceedings, vol. 10. Springer, pp 37–53
20.
AAlnaeli SM, Sarnowski M, Aman MS, Abdelgawad A, Yelamarthi K (2016) Vulnerable C/C++ code usage in IoT software systems. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), IEEE, pp 348–352
21.
Alnaeli SM, Sarnowski M, Aman M, Abdelgawad A, Yelamarthi K (2017) Source code vulnerabilities in IoT software systems. Adv Sci Technol Eng Syst J 2:1502–1507CrossRef
22.
Karaduman B, Challenger M, Eslampanah R, Denil J, Vangheluwe H (2020) Platform-specific modeling for riot based iot systems. In: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, pp 639–646
23.
Boeckmann L, Kietzmann P, Lanzieri L, Schmidt T, Wählisch M (2022) Usable Security for an IoT OS: integrating the zoo of embedded crypto components below a common API. arXiv:​2208.​09281
24.
Blanchard A (2020) Introduction to C program proof with Frama-C and its WP plugin In: Zeste de Savoir, júl
25.
Garion C, Hattenberger G, Pollien B, Roux P, Thirioux X (2022) A gentle introduction to C code verification using the Frama-C platform. In: ISAE-SUPAERO; ONERA—The French Aerospace Lab; ENAC
26.
Burghardt J, Gerlach J, Hartig K, Pohl H, Soto J (2010) Juan ACSL by example. In: DEVICE-SOFT project publication, Fraunhofer FIRST Institute
27.
Todorov V, Boulanger F, Taha S (2018) Formal verification of automotive embedded software In: Proceedings of the 6th Conference on Formal Methods in Software Engineering
28.
Krichen M (2023) A survey on formal verification and validation techniques for internet of things. Appl Sci 13(14):8122CrossRef
Metadaten
Titel
Analysis of crypto module in RIOT OS using Frama-C
verfasst von
Nirnai Rai
Jyoti Grover
Publikationsdatum
18.05.2024
Verlag
Springer US
Erschienen in
The Journal of Supercomputing
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI
https://doi.org/10.1007/s11227-024-06171-0

Premium Partner

    Bildnachweise