iMRC: Integrated Monitoring &
Recovery Component, Pierre-Henri Thevenon1+, Sébastien Riou2, Duc-Minh
Tran3, Maxime Puys1, Nikolaos Foivos Polychronou1, Mustapha El Majihi1, and Camille Sivelle1
1Univ. Grenoble Alpes,
CEA, LETI, DSYS, F-38000, Grenoble, France 2Tiempo Secure, Montbonnot-Saint-Martin,
F-38330, France 3Universite Paris-Saclay,
CEA, LIST, Palaiseau, F-91120,
France Abstract In recent years, the security of
connected objects has become a real challenge. Indeed, more and more IoT
devices are being built for increasingly critical applications and as shown
by multiple famous botnet attacks such as Mirai, IoT devices are often poorly
protected. In this paper, we introduce a new solution called iMRC (integrated
Monitoring & Recovery Component) to improve the resilience of embedded
systems in case of proven attacks. This innovative solution integrates a
hardware component whose main function is to extract the hardware performance
counters of the processor in order to be analyzed by the artificial
intelligence of the control server. This one is able to remotely restore the
devices to a known secure state upon detection of malwares or other abnormal
behaviors. We define a use case based on a home automation network in which
the iMRC component is added to a gateway. We implement a set of scripts
reproducing malicious behaviors in order to test our detection capabilities
and show that all malwares are detected within less than 20 seconds after the
launch of a malware execution. Keywords: IoT, IIoT, cybersecurity,
resilience, AI, detection, secure element. +: Corresponding author: Pierre-Henri Thevenon Journal of Internet Services and
Information Security (JISIS), 12(2): 70-94, May 2022 |