A taxonomy of IoT firmware security and principal firmware analysis techniques
Sep 01, 2022
DOI: 10.1016/j.ijcip.2022.100552
Published in: International Journal of Critical Infrastructure Protection
Publisher: Elsevier
Internet of Things (IoT) has come a long way since its inception. However, the standardization process in IoT systems for a secure IoT solution is still in its early days. Numerous quality review articles have been contributed by researchers on existing frameworks, architectures, as well as the threats to IoT on different layers. However, most of the existing work neglects the security aspects of firmware in the IoT ecosystem. As such, there is a lack of comprehensive survey on IoT firmware security that highlights critical reasons for firmware insecurity in IoT, lists vulnerabilities, and perform an in-depth review of the principal analysis techniques. This article aims to fill that gap by delivering, to the best of our knowledge, the first comprehensive review article of the firmware (in)security of IoT devices. Starting by highlighting the importance of firmware security, this research work recognizes critical reasons behind the insecurity of firmware by discussing technical, commercial, standardization, and researching aspects. In particular, the scope, evolution, and internals of IoT firmware along with their security implications are discussed. Furthermore, a taxonomic classification of IoT firmware vulnerabilities has been presented. We also discuss complications that hinder the detection of firmware vulnerabilities before doing a detailed analysis of existing vulnerability assessment tools and techniques. A comparative analysis of the principal analysis techniques is provided in terms of the vulnerabilities they discover, the methodology they employ, and the platform and/or architectures they support. Towards the end, some key research issues have been identified to encourage and facilitate research in the firmware security domain of IoT. Finally, some recommendations have been provided for the IoT device vendors, developers, and integrators.
Other Researches
Federated Generative Models in Medical Imaging: Current Advances, Challenges, and Future Directions
The fusion of Federated Learning (FL) and deep generative models is transforming medical imaging by enabling privacy-preserving and data-efficient machine learning. Training large-scale deep models on radiological imaging data remains challenging du...
There has been a gradual decline in the number of children reading storybooks, as many now favor electronic gadgets for entertainment. This shift is reflected in the performance of school-going children such as their English composition and comprehe...
Advancing text summarization with specialized datasets: computer science and geography domains
Automatic text summarization (ATS) has seen considerable development, but state-of-the-art models depend on vast training data, limiting their applicability in scholarly communication and digital knowledge management for technical and domain-specifi...
Optimizing Fetal Health Diagnosis: An Active Learning Framework with LightGBM
Fetal health classification is crucial for the timely identification of abnormalities and the improvement of neonatal care. Early prediction of fetal health is necessary to ensure a healthy pregnancy and lower rates of maternal and newborn mortality...
Diabetic Retinopathy (DR) is a serious diabetes-related complication that can lead to significant retinal damage and irreversible vision loss if not detected and treated early. While numerous deep learning algorithms have recently been developed for...
The proliferation of Quranic content on digital platforms, including websites and social media, has brought about significant challenges in verifying the authenticity of Quranic verses. The inherent complexity of the Arabic language, with its rich m...
Tuberculosis (TB) is an infectious disease primarily impacting the lungs. It spreads through the air when an infected person coughs, sneezes, or talks. Diagnosing TB involves clinical examinations and specialized tests performed by medical professio...
Optimized Coverage of Urban Territory for Traffic Surveillance using Multiple UAVs
With ever increasing vehicles on the roads, traffic congestion is one of the major concerns of the modern world. Cities frequently experience heavy traffic, especially in developing countries due to lack of technology and automatic control systems. ...
Comparative study of IoT forensic frameworks
Internet of Things (IoT) systems often consist of heterogeneous, resource-constrained devices that generate massive amounts of data. This data is important for assessments, behaviour analysis, and decision-making. However, IoT devices are also susce...
Internet of Things (IoT) market is growing exponentially and automated smart solutions are revolutionizing a diverse range of areas with innovative technologies. The most critical and vital part of an IoT system that cannot be overlooked at any cost...
An efficient fault-prediction mechanism for improving yield in industry 5.0
Industrial sectors are constantly under pressure to produce higher-quality goods while maximizing yield. Machine maintenance is a critical component of manufacturing, accounting for a significant portion of total production costs. Corrective, preven...
Mobility modelling for urban traffic surveillance by a team of unmanned aerial vehicles
Use of unmanned aerial vehicles (UAVs) for road traffic surveillance is an exciting idea for improving surveillance quality, as a component of intelligent transportation systems and smart cities. Calibrated mobility models help study and analyse sev...
Identifying mirai-exploitable vulnerabilities in iot firmware through static analysis
The prevalent use of IoT has raised numerous security concerns in recent times. One particular vulnerability in IoT ecosystem is weak authentication credentials. A large number of IoT attacks exploit such vulnerabilities. Emerged in 2016, the famous...
An Auditing Framework for Vulnerability Analysis of IoT System
Introduction of IoT is a big step towards the convergence of physical and virtual world as everyday objects are connected to the internet nowadays. But due to its diversity and resource constraint nature, the security of these devices in the real wo...
Accurate elucidation of genome wide protein–protein interactions is crucial for understanding the regulatory processes of the cell. High-throughput techniques, such as the yeast-2-hybrid (Y2H) assay, co-immunoprecipitation (co-IP), mass spectrometri...
Cache aging reduction with improved performance using dynamically re-sizable cache
Aging of transistors is a limiting factor for long term reliability of devices in sub-100nm technologies. It's a worst-case metric where the lifetime of a device is determined by the earliest failing component. Impact is more serious on memory array...
Energy/lifetime cooptimization by cache partitioning with graceful performance degradation
Aging of transistors can adversely impact the long-term reliability of devices in subnanometric technologies. Without any countermeasure, the first component that becomes unreliable will determine the life span of an entire device. The effect is mor...
Aging-aware caches with graceful degradation of performance
Aging of transistors can substantially shorten the lifetime of devices in sub-nanometric technologies. Without any countermeasure, the first component which becomes unreliable will determine the life span of an entire device. This problem is even mo...
Energy-optimal caches with guaranteed lifetime
This work addresses the aging of the memory sub-system due to NBTI (Negative Bias Temperature Instability) in systems that have to provide a guaranteed level of service, and specifically, a guaranteed lifetime. Our approach leverages a novel cache ...
Application-specific memory partitioning for joint energy and lifetime optimization
Power management of caches based on turning idle cache lines into a low-energy state is also beneficial for the aging effects caused by Negative Bias Temperature Instability (NBTI), provided that idleness is correctly exploited; unlike energy, aging...