IOT 公司软件的反重新包装 (PATRIOT: Anti-Repackaging for IoT Firmware)

IoT repackaging refers to an attack devoted to tampering with a legitimate firmware package by modifying its content (e.g., injecting some malicious code) and re-distributing it in the wild. In such a scenario, the firmware delivery and update processes play a central role in ensuring firmware integrity. Unfortunately, most of the existing solutions lack proper integrity verification, leaving firmware exposed to repackaging attacks, such as the one reported in [1]. If this is not the case, they still require an external trust anchor (e.g., a signing certificate), which could limit their adoption in resource-constrained environments. To mitigate such a problem, in this paper, we introduce PATRIOT, a novel self-protecting scheme for IoT that allows the injection of integrity checks, called anti-tampering (AT) controls, directly into the firmware. The AT controls enable the runtime detection of repackaging attempts without the need for external trust anchors or computationally expensive systems. Also, we have implemented this scheme into PATRIOTIC, a prototype to automatically protect C/C++ IoT firmware. The evaluation phase of 33 real-world firmware samples demonstrated the feasibility of the proposed methodology and its robustness against practical repackaging attacks without altering the firmware behavior or severe performance issues.

翻译：IT重新包装是指专门通过修改其内容(例如注射一些恶意代码)和在野外重新散布来篡改一个合法的固态软件包的攻击,在这种情况下,固态软件的交付和更新过程在确保固态软件完整性方面发挥着核心作用。不幸的是,大多数现有解决方案缺乏适当的完整性核查,使固态软件暴露于再包装攻击,如[1]中所报告的袭击。如果不是这种情况,它们仍然需要一个外部托管锚(例如签名证书),这可能会限制其在资源紧张环境中的采用。为了缓解这一问题,我们在本文件中引入了STRIOT,这是一个新的IOT自我保护计划,允许对完整性进行注入检查,称为反振荡(AT)控制,直接进入固态软件。AT控制使得能够在不需要外部托管锚或计算昂贵的系统的情况下对重新包装尝试进行运行时间检测。此外,我们已在PASTIOTIK实施了这一计划,这是自动保护C/C+IO公司固态软件的原型。我们引入了STRIOT,这是一个全新的自我保护IO软件,这是一个新的自我保护IO实际操作系统,在不考虑公司进行强性攻击时,评估第33次强效的软件中展示了对公司行为要求的系统。