Chapman & Hall/CRC Internet of Things SECURITY OF INTERNET OF THINGS NODES CHALLENGES, ATTACKS, AND COUNTERMEASURES Edited by Chinmay Chakraborty, Sree Ranjani Rajendran and Muhammad Habibur Rehman A Chapman & Hall Book Security of Internet of Things Nodes Chapman & Hall/CRC Internet of Things: Data-Centric Intelligent Computing, Informatics, and Communication The role of adaptation, machine learning, computational Intelligence, and data analytics in the field of IoT Systems is becoming increasingly essential and intertwined. The capability of an intelligent system is growing depending upon various self-decision-making algorithms in IoT Devices. IoT based smart systems generate a large amount of data that cannot be processed by traditional data processing algorithms and applications. Hence, this book series involves different computational methods incorporated within the system with the help of Analytics Reasoning, learning methods, Artificial intelligence, and Sense-making in Big Data, which is most concerned in IoT-enabled environment. This series focuses to attract researchers and practitioners who are working in Information Technology and Computer Science in the field of intelligent computing paradigm, Big Data, machine learning, Sensor data, Internet of Things, and data sciences. The main aim of the series is to make available a range of books on all aspects of learning, analytics and advanced intelligent systems and related technologies. This series will cover the theory, research, de- velopment, and applications of learning, computational analytics, data processing, machine learning algorithms, as embedded in the fields of engineering, computer science, and Information Technology. Series Editors Dac-Nhuong Le, Souvik Pal Security of Internet of Things Nodes: Challenges, Attacks, and Countermeasures Chinmay Chakraborty, Sree Ranjani Rajendran and Muhammad Habibur Rehman Security of Internet of Things Nodes Challenges, Attacks, and Countermeasures Edited by Chinmay Chakraborty, Sree Ranjani Rajendran, and Muhammad Habibur Rehman First edition published 2021 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 2 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN © 2022 selection and editorial matter, Chinmay Chakraborty, Sree Ranjani Rajendran, Rajat Subhra Chakraborty; individual chapters, the contributors CRC Press is an imprint of Taylor & Francis Group, LLC Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologise to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilised in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www. copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact [email protected] Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging-in-Publication Data Names: Chakraborty, Chinmay, 1984- editor. | Rajendran, Sree Ranjani, editor. | Rehman, Muhammad Habibur, editor. Title: Security of internet of things nodes : challenges, attacks, and countermeasures / edited by Dr. Chinmay Chakraborty, Dr. Sree Ranjani Rajendran ’ Dr. Muhammad Habibur Rehman. Description: Boca Raton, FL : CRC Press, 2021. | Series: Chapman ’ Hall CRC internet of things | Includes bibliographical references and index. | Summary: “The book Security of Internet of Things Nodes: Challenges, Attacks, and Countermeasures covers a wide range of research topics on the security of the Internet of Things nodes along with the latest research development in the domain of Internet of Things. It also covers various algorithms, techniques, and schemes in the field of computer science with state-of-the-art tools and technologies. This book mainly focuses on the security challenges of the Internet of Things devices and the countermeasures to overcome security vulnerabilities. Also, it highlights trust management issues on the Internet of Things nodes to build secured Internet of Things systems. The book also covers the necessity of a system model for the Internet of Things devices to ensure security at the hardware level”‐‐ Provided by publisher. Identifiers: LCCN 2021010097 (print) | LCCN 2021010098 (ebook) | ISBN 9780367650490 (hbk) | ISBN 9780367650513 (pbk) | ISBN 9781003127598 (ebk) Subjects: LCSH: Internet of things‐‐Security measures. Classification: LCC TK5105.8857 .S45 2021 (print) | LCC TK5105.8857 (ebook) | DDC 005.8‐‐dc23 LC record available at https://lccn.loc.gov/2021010097 LC ebook record available at https://lccn.loc.gov/2021010098 ISBN: 978-0-367-65049-0 (hbk) ISBN: 978-0-367-65051-3 (pbk) ISBN: 978-1-003-12759-8 (ebk) Typeset in Palatino by MPS Limited, Dehradun Contents Preface............................................................................................................................................vii About the Editors..........................................................................................................................xi 1 Securing Dedicated DSP Co-processors (Hardware IP) using Structural Obfuscation for IoT-oriented Platforms............................................................................1 2 Multi-bit True Random Number Generator for IoT Devices using Memristor...............................................................................................................................35 3 Secured Testing of AES Cryptographic ICs for IoT Devices.....................................55 4 Biometric-based Secure Authentication for IoT-Enabled Devices and Applications...................................................................................................................81 5 An Improved Verification Scheme based on User Biometrics.................................107 6 Obfuscation to Mitigate Hardware Attacks in Edge Nodes of IoT System............................................................................................................................125 7 Lightweight Security Solutions for IoT using Physical-Layer-Key Generation............................................................................................................................169 8 Threat and Attack Models in IoT Devices...................................................................185 9 Review on Hardware Attacks and Security Challenges in IoT Edge Nodes..........................................................................................................................211 10 Study of Hardware Attacks on Smart System Design Lab......................................233 11 A Novel Threat Modeling and Attack Analysis for IoT Applications..................263 12 Trust Management in Internet-of-Things Devices.....................................................281 Index.............................................................................................................................................303 v Preface This book covers a wide range of research topics on the security of Internet-of-Things (IoT) nodes. It also covers challenges and countermeasures to mitigate relevant security issues in multiple perspectives. The wide-range coverage of security issues differentiates this book from other relevant publications. The book aims systematically to collect and present quality research and give a wide benefit to a huge community of researchers, educators, practitioners, and industries. IoT is the interconnection of a large number of resource-constrained devices such as sensors, actuators, and nodes that generate large volumes of data. This is then processed into useful actions in areas such as home and building automation, intelligent transportation and connected vehicles, industrial automation, smart healthcare, smart cities, and others. Connected devices are data collectors and data processors. Personal information collected and stored by these devices, such as name, age, health data, location, and more, can help criminals committ identity theft. At the same time, IoT is a growing trend, with a stream of new products hitting the market. Here’s the problem: when one is connected to everything, there are more ways to steal information. That makes users attractive targets for people who want to profit from stolen data. Important challenges remain to fulfil the IoT vision, including data provenance and integrity, trust management, identity management, and privacy. This book aims to describe how software, embedded and hardware security approaches address these security challenges. The devices connected to IoT should be secured from vulnerabilities, like software threats and hardware threats, which can cause the loss of several billions of dollars to semiconductor industries. This book focuses on the security challenges of IoT devices and countermeasures to overcome those vulnerabilities. Also, it highlights the issue of managing trust on IoT nodes to build secured IoT systems. IoT devices should authenticate and identify the correct users; otherwise, unauthorised users may attack the devices. Thus there is a necessity of a system model for the IoT devices to ensure security at the hardware level. The book content is structured into 12 chapters. Chapter 1 discusses robust hologram- based obfuscation technique to enable hardware-level security in IoT nodes. In this approach, two Digital Signal Processing (DSP) designs are merged, such that the functionality of one design is camouflaged in another. This camouflaging is analogous to a security-image hologram, which is the reason this obfuscation technique has been called “hologram-based obfuscation”. The hologram-based obfuscation methodology accepts the scheduled CDFG of two DSP kernel applications as primary inputs and generates an obfuscated common data-path of both DSP kernels. Hologram-based obfuscation affects a larger number of gates compared to other structural obfuscation techniques. Moreover, it achieves a higher area efficiency. However, hologram-based obfuscation is only applicable if two applications have partial similarity in their structure. Chapter 2 focuses on a random number generator that could be useful everywhere, especially in the IoT environment. The authors design a simple but effective CMOS-Memristor- based random number generator, which shows good statistical results in simulations and has low hardware and energy requirements. The proposed architecture harvested the randomness of memristor along with the traditional randomness caused due to manufacturing process variations. In their design, the authors use two identical ring oscillators and compare the delay between them to generate random bits. Such design is more useful where space and energy both are primary concerns. The primary advantage of their design is that they may produce vii viii Preface multiple bits in a single cycle, which significantly enhances the throughput of the random number generator. This can be done easily by tapping numerous nodes of both ring oscillators instead of tapping the nodes at last, as in the case of a single-bit ring oscillator. The authors also modified their architecture and simulated the same design after the removal of the memristor components from the architecture to evidence the difference in statistical randomness in both designs. Chapter 3 discusses cryptographic algorithms used for security purposes in IoT devices. Various side-channel attacks on AES cryptographic ICs are reported from the literature. The chapter also discusses existing countermeasures for securing the scan chain which is typically inserted in the AES cryptographic ICs. It presents design and simulation results of the scan-inserted AES crypto-module. Also, the chapter discusses proposed methods used to enhance the security of the scan chain of the AES crypto- module. It then presents the results and analysis of the implemented crypto-module. The chapter concludes with highlights of the application of security towards the testing architecture of crypto-chips. Chapter 4 discusses biometric-based secure authentication approaches for IoT-enabled devices and applications. The chapter considers the IoT system from the perspectives of a consumer, vendor, and researcher to figure out the present scenario and give future direction to the authentication-related security issues in IoT subsystems. Chapter 5 presents an improved verification scheme based on user biometrics. The purpose of this study is to introduce a novel and well-structured threat-modeling approach which is specifically tailored for IoT devices. Chapter 6 presents countermeasures for hardware security vulnerabilities in IoT devices. The authors discuss the origin of hardware security and highlight the types of security attacks on IoT devices. Also, the authors elaborate on the consequences and challenges of security attacks on IoT nodes. Moreover, the authors present the discussion of various artificial intelligence and machine-learning techniques to countermeasure hardware attacks in IoT devices. Finally, the chapter deals with the implementation of hardware obfuscation for DSP through suitable signal- processing transformations like folding, parallel processing, pipelining, and retiming, to mitigate vulnerability in the computing nodes of IoT systems. Chapter 7 presents lightweight security solutions for IoT using physical-layer-key- generation methods. In this chapter, a secure key- generation scheme from physical layer characteristics is introduced as a possible lightweight security alternative to traditional upper-layer security approaches. The proposed scheme is based on the wiretap channel model; security is achieved by generating keys at both the communicating ends independently based on inherent common channel characteristics like randomness. It is based on the principle of spatial decorrelation and channel reciprocity for identical carrier frequency. Chapter 8 presents threats and attack models in IoT devices. The authors discuss the need for security in IoT devices and present a detailed discussion on IoT architecture. Further, a taxonomy of security threats and attack models is presented for different layers, such as physical layer, data link layer, network layer, transport layer, application layer, and multilayer attacks. Also, various malware attacks and their impact on security objectives is presented. Chapter 9 presents a review of hardware attacks and security challenges in IoT edge nodes. The authors discuss hardware attacks, protection algorithms, secure hardware levels, attacks during the manufacturing process, attacks during design, and sophisticated attacks. Counterfeiting and debug security in IoT edge nodes are mostly Preface ix interlinked with the perception layer in IoT. Challenges in hardware-based IoT designs need a new security architecture, especially in the edge nodes in IoT. The next-generation system-on-chip devices’ security features have the solution for intrinsic hardware security. The open problems such as trade-off between security and power are also discussed broadly. These problems affect the design of secured devices in IoT hardware. Chapter 10 presents a study of hardware attacks on the smart system design lab. This chapter focuses on the simulation of the smart system design lab using an IoT builder, and studies recent attacks related to the physical structure with a future direction towards countermeasures. Chapter 11 presents a novel threat-modeling and analysis approach for IoT applications. The proposed approach consists of a seven-step threat- modeling process. This methodology also addresses the aspects of IoT devices which directly affect the user, which are Privacy threats, Safety threats, and Malfunction threats (PSM). This method increases the performance and effectiveness of threat-modeling, which leads to increased mitigation of the identified threats. The final part of the study presents practical mitigation techniques to eliminate threats in IoT devices. Chapter 12 discusses security-related trust management issues in IoT devices. First, the authors discuss trust management issues to understand the properties of trust and the goals of IoT trust management. The goal of this chapter is also to review various confidence models in the wireless sensor networks (WSN) and other network domains, along with the impact and need for IoT confidence management, trust computing, and IoT management issues. We are sincerely thankful to all the contributors including editors, authors, reviewers, and the CRC staff for supporting and actively contributing to this project. We are also very grateful to the series editors for their feedback on this book.