Mecanismo de Verificação de Integridade de Software Baseado em BIOS UEFI

Marciel de Liz Santos; Cesar A. Zeferino; Michelle S. Wangham

doi:10.5753/sbrc.2018.2496

Marciel de Liz Santos UNIVALI
Cesar A. Zeferino UNIVALI
Michelle S. Wangham UNIVALI

DOI: https://doi.org/10.5753/sbrc.2018.2496

Abstract

This paper aims to introduce a verification mechanism that takes advantage of UEFI BIOS resources to attest the integrity of embedded systems used in the Internet of Things. The proposed solution is composed of an application, called AVIS UEFI, which is executed in the Pre-Boot Applications phase and uses digital signature and keys stored in a cryptographic device to verify the software integrity. According to the result of the verification, the system is initialized or shut down. As a proof of concept, a prototype was developed and evaluated considering a real case study. The obtained results demonstrate the technical feasibility of the proposed mechanism.

References

Abomhara, Mohamed; Koien, Geir M. Cyber “Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks”. Journal of Cyber Security, River Publishers, v. 4, p. 65-88, 2015.

Ara, Tabassum; Gajkumar Shah, Pritam; Prabhakar, M. Internet of Things Architecture and Applications: A Survey. Indian Journal of Science and Technology, [S.l.], dez. 2016. ISSN 0974 -5645. Basile, Cataldo; Di Carlo, Stefano; Scionti, Alberto. FPGA based remote code integrity verification of programs in distributed embedded systems Proceedings of. IEEE Transactions on Systems, Man, And Cybernetics Part C 1, 2012.

Carmo, Luiz Fernando Rust da Costa; Machado, Raphael Carlos Santos. Verificação de integridade de software embarcado através de análise de tempo de resposta. Anais do IX Simpósio Brasileiro em Segurança da Informação. Campinas, v.1, 2009.

Carmo, Luiz Fernando Rust da Costa; Machado, Raphael Carlos Santos. Metrologia Temporal na Verificação de Integridade de Software em Instrumentos de Medição. Produto & Produção, vol. 11, n. 1, p. 80 88, fev. 2010 Edição Metrologia.

Castro, Cristiano G. de; Moraes, Flávio P; Boccardo, Davidson R; Machado, Raphael C. S; Brandão, Paulo C; Carmo, Luiz F. R. C. FVIS: Uma Ferramenta de Verificação de Integridade de Software. Conference: X International Congress on Electrical Metrology, Buenos Aires, Argentina, v. 1, setembro, 2013.

Fink, Glenn A.; Zarzhitsky, Dimitri V; Carrol, Thomas E; Farquhar, Ethan D. Security and privacy grand challenges for the Internet of Things. National Security Directorate. Pacific Northwest National Laboratory: Washington, USA, 2015.

Liu, Hong; Li, Hongmin; Vasserman, Eugene Y. “Practicality of Using Side-Channel Analysis for Software Integrity Checking of Embedded Systems”. In: 11th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015.

MeiHong, Li; JiQiang, Liu. USB Key-Based Approach for Software Protection. Proceedings of International Conference on Industrial Mechatronics and Automation (ICIMA), 2009, IEEE.

Miritz, Luiz Alfredo Dittgen. Programação de Sistemas Embarcados usando Microcontroladores: um estudo de caso. Anais do EATI Encontro Anual de Tecnologia da Informação e STIN – Simpósio de Tecnologia da Informação da Região Noroeste do RS. Ano 6 n. 1 p. 85-92 Nov/2016.

Seshadri, Arvind; Perrig, Adrian; Doorn, Leendert van; Khosla, Pradeep. Using Software-based Attestation for Verifying Embedded Systems in Cars. Proceedings of IEEE Symposium on Security and Privacy, 2016.

Zheng, Shi-yuan; Liu, Jun. An USB-Key-Based Approach for Software Tamper Resistance. Proceedings of 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), 2010, IEEE.