IoT-Proctor: A Secure and Lightweight Device Patching Framework for Mitigating Malware Spread in IoT Networks

Abstract

Traditional malware propagation control schemes do not prevent device-to-device (D2D) malware spread, have high time cost, and may result in low probability of detecting compromised devices. Moreover, the unprecedented scale and heterogeneity of Internet of Things (IoT) devices make these schemes inapplicable to IoT networks. Therefore, to rectify these issues, this article presents a secure patching framework for IoT with different network isolation levels to efficiently mitigate and control malware propagation. It uses remote attestation to detect compromised devices with a high probability and identify the origin of malicious activities. It also proposes virtual patching of devices via physical unclonable functions (PUFs) to contain the malware spread. The isolation levels are based on the susceptible, exposed, infected, and resistant (SEIR) model that act as an access control list to quantify device operation and mitigate D2D malware spread. We present a security analysis based on the access control logic model. A performance evaluation with a comparative analysis is also discussed using the SEIR model. These analyses confirm the reduction in patching time and superior performance of our framework, i.e., with 10% of initially infected devices, IoT-Proctor had a reduction rate of malware five times faster than the existing techniques.