An Improved Device Identifier Composition Engine Architecture to Enhance Internet of Things Security

Abstract

The number of Internet-of-Things (IoT) devices has been increasing rapidly every year. Most of these devices have access to important personal data such as health, daily activities, location, and finance. However, these devices have security problems since they have limited processing power and memory to implement complex security measures. Therefore, they possess weak authentication mechanisms and a lack of encryption. Additionally, there are no widely accepted standards for IoT security. The Device Identifier Composition Engine (DICE) was proposed as a standard that enables adding a security layer to low-cost microcontrollers with minimal silicon overhead. However, DICE-based attestation is vulnerable to some remote attacks such as Time-Of- Check Time-Of-Use (TOCTOU) attacks as shown by previous studies. In this study, we present a novel method to address the security problems of DICE. In order to detect real-time firmware attacks, our design adds an additional security component to DICE that utilizes a hash engine performing periodic memory forensics (PMF). We implemented the enhanced DICE architecture using the open-source RISC-V platform Ibex and the Mbed TLS library for cryptographic operations. We performed the hash operations required by DICE in a hardware-based manner on a commercial Field Programmable Gate Array (FPGA) platform rather than firmware, which is more vulnerable to attacks. Our test results demonstrate that with minimal cost using the proposed method, a standard microcontroller can detect attacks. This thesis addresses the urgent need for enhanced security in the rapidly proliferating domain of Internet of Things (IoT) devices, by investigating vulnerabilities associated with the Device Identifier Composition Engine (DICE) and proposing a novel method to mitigate these risks. Through the design and implementation of a hardware-based hash engine that utilizes periodic memory forensics, the thesis offers an innovative solution to the firmware security flaws in DICE. This novel method significantly contributes to the existing body of literature by demonstrating a practical, implementable approach to detect and counteract potential attacks on IoT devices, thereby advancing the understanding of IoT security.