Abstract
Wireless mobile networks frequently need remote software updates to add or adjust the tasks of mobile nodes. Software update traffic, particularly in the Internet of Things (IoT), should be carefully handled since attackers can easily compromise a number of unattended devices by modifying a piece of code in the software update routine. These attacks are quite realistic and harmful as seen in the real world. To protect lower-powered mobile devices, an in-network detection mechanism is preferred. However, due to the mobility of devices, it is difficult to set a network monitor with complete context of software updates. Moreover, even the conventional integrity checks can be fooled by a replaced binary code or minimized modification. In this paper, we tackle this problem and propose CodeDog, a new approach to check the integrity of software updates in mobile environments. CodeDog generates a binary code with semantics markers. A validation of those markers proves the control flow semantics was unchanged. It can be performed on program fragments for in-network monitoring to protect incapable devices. Our evaluation result shows that CodeDog can prevent attacks in the supply chain with 4.2 % storage overhead.
Highlights
The Internet of Things (IoT) environments consist of heterogeneous devices and wireless, mobile networks
Due to the complexity of IoT environments, software updates are being delivered by a deployment chain, which is operated by outsourced authorities or network providers
We can sum up the requirements to effectively check the integrity of software updates in mobile networks as follows: (1) the semantics changes of malformed software updates should be checked in the binary code and (2) the changes should be able to be detected by network monitors, i.e., watchdogs, as well as recipient devices to support all ranges of devices
Summary
The Internet of Things (IoT) environments consist of heterogeneous devices and wireless, mobile networks. To effectively protect deployment chain in IoT environments, the network itself should verify the integrity of software updates on behalf of. We can sum up the requirements to effectively check the integrity of software updates in mobile networks as follows: (1) the semantics changes of malformed software updates should be checked in the binary code and (2) the changes should be able to be detected by network monitors, i.e., watchdogs, as well as recipient devices to support all ranges of devices. The proposed method transforms the binary code of program text into a verifiable form with semantics markers It can prove the developers’ intention is unchanged in software update with respect to control flows. The watchdogs in mobile networks investigate the binary code of software updates from packets, and the recipient devices validate the received software updates and a whole program code for later software attestation
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call