Malware for IoT Devices
Internet of Things (IoT) can be defined as a network of physical objects embedded with sensors, software and network connectivity. IoT devices have changed our lives in various fields like health, vehicles, industry etc. According to Cisco and Ericsson, we will have upwards of 50 billion connected devices by 2020 2. Due to their presence everywhere, they have evaded our privacy and their presence is beneficial in many areas and applications however this also provides easy entry points for malwares, intrusions, viruses and attacks.
The popularity of IoT makes it imperative to securing these devices and securing software that runs on it and scan it for vulnerabilities and detect any unwanted or unexpected behaviour can be outcome of malware infection.
To understand Malware, we need to understand malware and its analysis in general. Malware can be defined as a software that can harm a computer system or causes unwanted behaviour on the system. Malware analysis can be defined as the art of dissecting malware to understand and detect its behaviour 1.
IoT devices may be remotely located away from a strong and steady source of electric supply. This hugely limits the processing power of these devices. This makes it difficult for malware analysis tools to run on the devices itself as they will be restricted by computational power and memory.
While working with IoT devices, we not only need to secure the devices, however also need to secure the transmission medium, as the data being transferred by the sensors is susceptible to interception. At the same time, it may also be noted that complete end to end and complex encryption may not be always possible due to the energy and processing power needed by them. 3
Thus, in this white paper I have listed down the IoT security challenges and malware issues as well as numerous methodologies to their analysis and a general taxonomy for each and their costs.
IoT Security Challenges
As discussed earlier, IoT devices have computational and memory restrictions. While at the same time, problems can arise due to the complex and heterogeneous model of these devices. By this it means that IoT devices has hardware components which are vulnerable to hardware attacks and side channel attacks whereas software components which will be vulnerable to viruses, Trojan horses and communication components which are prone to DOS and MiM.
We can classify the attacks as various levels like: –
a) Physical attacks – related to hardware components and difficult to implement.
b) Side channel attacks – retrieve information from encryption device and these include timing analysis, power analysis and fault analysis attacks to extract the key for encryption – decryption process.
c) Crypt-analysis which can be defined as trying to find plaintext if the cipher text were to be available.
d) Software Attacks – these can be typically viruses, worms, trojan horse
e) Network Attacks – these include eavesdropping, denial of service, reply attacks, routing attacks.
And we can classify the major security issues: –
a) End to End Security – As discussed earlier IoT devices do not have good processing power and memory and thus can’t run TLS or IPSec.
b) Data Security – This means securing data from external attacks.
c) Identity and access management – deals with identity theft.
d) Physical Security – securing against DDoS attacks.
e) Compliance – usage of IoT devices should comply with data protection and privacy laws.
f) Government and Privacy – As discussed earlier, due to the extensive presence of these devices, privacy is a huge challenge, as these become more vulnerable to attackers.
g) Authorization, Authentication and access control – as RBAC can turn out to be expensive and complex for IoT, ABAC model can be used wherein access will be given to user based on the attributes he possesses.
The primary security requirement is that IoT devices need to follow the security principle of CIA (confidentiality, integrity, availability) 3.
Now that I have discussed the issues and problems in IoT malware, following are the methods that can be used to analyse malware: –
a) Static analysis – analysing the specimen without executing it. This can be done by looking at the source code or the binary executable. We can further categorize this analysis based on the following: –
a. Basic analysis would include examining the executable without diving in to the instructions.
b. Advanced analysis includes disassembling the code and discovering what the program does.
Static analysis can be done based on many techniques like file fingerprinting, analysing hard coded strings, signature-based techniques and last but not the least heuristic based techniques. While most methods mentioned earlier are straight forward, heuristic checks signs for the malware with a list of known malware behaviours. This methodology also learns the patterns in which program executes for future analysis.
The advantage of static analysis is that its safe because we actually do not execute the malware and it can detect all execution paths however this is at the cost of time. Static analysis can be very time consuming.
b) Dynamic analysis – ?
1) Taxonomy of Malware Analysis in the IoT.
2) Popular Internet of Things Forecast of 50 Billion Devices by 2020 Is Outdated(https://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated)
3) Sachin D Babar. “Security framework and jamming detection for internet of things”. In: Videnbasen for Aalborg UniversitetVBN, Aalborg UniversitetAalborg University, Det Teknisk-Naturvidenskabelige FakultetThe Faculty of Engineering and Science (2015).
Malware understand and detect its behaviour 1.
Malware for IoT Devices