DICEguard: enhancing DICE security for IoT devices with periodic memory forensics

Abstract

AbstractThe number of Internet-of-Things (IoT) devices has been increasing rapidly every year. Most of these devices have access to important personal data such as health, daily activities, location, and finance. However, these devices have security problems since they have limited processing power and memory to implement complex security measures. Therefore, they possess weak authentication mechanisms and a lack of encryption. Additionally, there are no widely accepted standards for IoT security. Device Identifier Composition Engine (DICE) was proposed as a standard that enables adding a security layer to low-cost microcontrollers with minimal silicon overhead. However, previous studies show that DICE-based attestation is vulnerable to some remote attacks. In this study, we present a novel method called DICEguard to address the security problems of DICE. One of the key innovations of DICEguard is its incorporation of periodic memory forensics (PMF) technique, leveraging a hardware-based hash engine to detect and mitigate potential security breaches resulting from firmware vulnerabilities. DICEguard enhances the overall resilience of IoT devices against attacks by swiftly detecting alterations indicative of malicious activity through periodic calculation and comparison of firmware digests. Furthermore, DICEguard introduces a one-time programmable (OTP) memory component to safeguard critical security parameters, such as public keys used for signature verification, against tampering by adversaries. This ensures the integrity of essential security measures even in the face of sophisticated attacks. We implemented the enhanced DICE architecture using the open-source RISC-V platform Ibex and the mbedTLS library for cryptographic operations. We performed the hash operations required by DICE in a hardware-based manner on a commercial Field Programmable Gate Array (FPGA) platform rather than firmware, which is more vulnerable to attacks. Our test results show that with negligible area overhead to a standard microcontroller system, the proposed method can detect the simulated attacks.