Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things

: Huber, M.; Hristozov, S.; Ott, S.; Sarafov, V.; Peinado, M.


Sun, H.-M. ; Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Security, Audit and Control -SIGSAC-:
AsiaCCS 2020, 15th ACM Asia Conference on Computer and Communications Security. Proceedings : October 5-9, 2020, Taipei, Taiwan, postponed
New York: ACM, 2020
ISBN: 978-1-4503-6750-9
ASIA Conference on Computer and Communications Security (ASIACCS) <15, 2020, Taipei/cancelled>
Fraunhofer AISEC ()

We live in a time when billions of IoT devices are being deployed and increasingly relied upon. This makes ensuring their availability and recoverability in case of a compromise a paramount goal. The large and rapidly growing number of deployed IoT devices make manual recovery impractical, especially if the devices are dispersed over a large area. Thus, there is a need for a reliable and scalable remote recovery mechanism that works even after attackers have taken full control over devices, possibly misusing them or trying to render them useless. To tackle this problem, we present Lazarus, a system that enables the remote recovery of compromised IoT devices. With Lazarus, an IoT administrator can remotely control the code running on IoT devices unconditionally and within a guaranteed time bound. This makes recovery possible even in case of severe corruption of the devices' software stack. We impose only minimal hardware requirements, making Lazarus applicable even for l ow-end constrained off-the-shelf IoT devices. We isolate Lazarus's minimal recovery trusted computing base from untrusted software both in time and by using a trusted execution environment. The temporal isolation prevents secrets from being leaked through side-channels to untrusted software. Inside the trusted execution environment, we place minimal functionality that constrains untrusted software at runtime. We implement Lazarus on an ARM Cortex-M33-based microcontroller in a full setup with an IoT hub, device provisioning and secure update functionality. Our prototype can recover compromised embedded OSs and bare-metal applications and prevents attackers from bricking devices, for example, through flash wear out. We show this at the example of FreeRTOS, which requires no modifications but only a single additional task. Our evaluation shows negligible runtime performance impact and moderate memory requirements.