Dynamic Obfuscation Technique for Firmware Protection of Internet-Embedded Systems

Enhances the Security of Internet-of-Things Devices Against Firmware Attacks

This obfuscation technique enhances the firmware security of internet-embedded systems in security-critical applications. The number of embedded systems is increasing exponentially globally with the advent of technology and the ever-growing demands for automation. However, the expanding deployment of embedded systems into many security-critical applications, such as medical devices, smart grids, and aerospace vehicles, makes the security of these embedded systems critical. With firmware being the “brain” of embedded systems and the difficulty of its implementation from scratch, it is the center of attention in adversarial attack scenarios, including tampering with the firmware to cause a denial of service (DOS), injection of malware, and authentication bypass. Encryption and obfuscation are the primary approaches for protecting firmware from adversarial attacks. While encryption protects firmware from cloning and reverse engineering, this approach leaks the control flow and firmware algorithm. Additionally, full-blown encryption requires more computational power along with maximum memory overhead. A hardware-assisted, dynamic obfuscation technique is necessary to achieve consistent performance without compromising the security of the firmware.

 

Researchers at the University of Florida have developed a dynamic obfuscation technique for mitigating adversarial attacks on the firmware of embedded systems. This technique eliminates the need for expensive encryptions and ensures the firmware cannot run correctly on illegitimate hardware. It also does not store any obfuscation key in the non-volatile memory (NVM), making it robust to memory probing attacks.

 

Application

Hardware-assisted program execution-level dynamic obfuscation technique for internet-embedded systems in security-critical applications, ensuring firmware cannot run correctly on illegitimate hardware

 

Advantages

  • It does not store the obfuscation key in non-volatile memory (NVM) necessary for decryption, making the embedded systems robust against memory probing attacks
  • All memory blocks are re-obfuscated with a new key when leaving the cache, ensuring constant security
  • Leverages device-intrinsic signatures of embedded systems, ensuring the firmware cannot run in the correct execution order of instructions on any illegitimate hardware
  • Performs instruction execution-level dynamic obfuscation/de-obfuscation, ensuring consistent obscurity to attackers

 

Technology

This obfuscation technique has three stages of obfuscation to enhance firmware security. It runs in three stages, requiring some keys derived run-time securely from a Pseudo-Random Number Generator (PRNG), which has the device-intrinsic ID as the seed. The obfuscation technique does not involve computationally heavy encryptions, just simple XOR operations. In the first stage, this technique obfuscates opcodes only. Instructions remain in the program memory as block-wise, which then undergo obfuscation using block-wise obfuscation keys. In the third and final stage, the system randomly shuffles the memory blocks to conceal their layout. While the program is running, one block is de-obfuscated at a time in the cache. It is then obfuscated with a new key when it leaves the cache and another memory block to be brought in.

Patent Information: