Abstract
Online detection of cyber-attacks on IoT devices is extremely difficult due to the limited battery and computational power available in these devices. An alternate approach is to shrink the attack surface in order to reduce the threat of attack. This would require that the device undergo more stringent security tests before deployment. Formal verification is a promising tool that can be used to not only detect potential vulnerabilities but also provide guarantees of security. This chapter reviews several security issues that plague IoT devices such as functional correctness of implementations, programming bugs, side-channel analysis, and hardware Trojans. In each of these cases, we discuss state-of-the-art mechanisms that use formal verification tools to detect the vulnerability much before the device is deployed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Affeldt, R.: On construction of a library of formally verified low-level arithmetic functions. In: Proceedings of the ACM Symposium on Applied Computing, SAC 2012, Riva, Trento, Italy, 26–30 March 2012. pp. 1326–1331 (2012)
Amla, N., Kurshan, R.P., McMillan, K.L., Medel, R.: Experimental analysis of different techniques for bounded model checking. In: Proceedings of International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pp. 34–48 (2003)
Amla, N., Du, X., Kuehlmann, A., Kurshan, R.P., McMillan, K.L.: An analysis of SAT-based model checking techniques in an industrial environment. In: Proceedings of International Conference on Correct Hardware Design and Verification Methods (CHARME), pp. 254–268 (2005)
Appel, A.W.: Verification of a cryptographic primitive: SHA-256. ACM Trans. Program. Lang. Syst. 37(2), 7:1–7:31 (2015). http://doi.acm.org/10.1145/2701415
Biere, A., Cimatti, A., Clarke, E.M., Fujita, M., Zhu, Y.: Symbolic model checking using SAT procedures instead of BDDs. In: Proceedings of 36th Annual Design Automation Conference, pp. 317–320 (1999)
Biere, A., Cimatti, A., Clarke, E.M., Zhu, Y.: Symbolic model checking without BDDs. Lect. Notes Comput. Sci. 1579, 193–207 (1999)
Biere, A., Clarke, E.M., Raimi, R., Zhu, Y.: Verifying safety properties of a PowerPC microprocessor using symbolic model checking without BDDs. In: Proceedings of International Conference on Computer-Aided Verification (CAV), pp. 61–71 (1999)
Bryant, R.: Graph-based algorithms for Boolean-function manipulation. IEEE Trans. Comput. 35(8), 677–691 (1986)
Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: $10^{20}$ states and beyond. Inf. Comput. 98(2), 142–170 (1986)
Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L.: Sequential circuit verification using symbolic model checking. In: Proceedings of 28th Annual Design Automation Conference, pp. 46–51 (1991)
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, 15–19 August 1999, Proceedings. Lecture Notes in Computer Science, vol. 1666, pp. 398–412. Springer (1999). https://doi.org/10.1007/3-540-48405-1
Chen, Y., Hsu, C., Lin, H., Schwabe, P., Tsai, M., Wang, B., Yang, B., Yang, S.: Verifying Curve25519 software. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 299–309 (2014)
Clarke, E., Kroening, D.: The CPROVER User Manual (2006)
Clarke, E.M., Grumberg, O., Hamaguchi, K.: Another look at LTL model checking. In: Proceedings of International Conference on Computer-Aided Verification (CAV), pp. 47–71 (1994)
Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press (2000)
Clake, E.M., Biere, A., Raimi, R., Zhu, Y.: Bounded model checking using satisfiability solving. J. Form. Methods Syst. Des. 19(1), 7–34 (2001)
Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press (2001)
Clarke, E.M., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Tools and Algorithms for the Construction and Analysis of Systems, 10th International Conference, TACAS 2004, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2004, Barcelona, Spain, 29 March–2 April 2004, Proceedings, pp. 168–176 (2004)
Duan, J., Hurd, J., Li, G., Owens, S., Slind, K., Zhang, J.: Functional correctness proofs of encryption algorithms. In: 12th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning, LPAR 2005, Montego Bay, Jamaica, 2–6 December 2005, Proceedings, pp. 519–533 (2005)
Eldib, H., Wang, C., Schaumont, P.: Formal verification of software countermeasures against side-channel attacks. ACM Trans. Softw. Eng. Methodol. 24(2), 11:1–11:24 (2014). http://doi.acm.org/10.1145/2685616
Goldberg, E., Novikov, Y.: BerkMin: A fast and robust SAT-solver. In: Proceedings of Design Automation and Test Conference in Europe Conference (DATE). pp. 142–149 (2002)
Kang, H.J., Park, I.C.: SAT-based unbounded model checking. In: Proceedings of 40th Annual Design Automation Conference, pp. 840–843 (2003)
Kroening, D., Strichman, O.: Decision Procedures—An Algorithmic Point of View. Texts in Theoretical Computer Science. An EATCS Series. Springer (2008). https://doi.org/10.1007/978-3-540-74105-3
McMillan, K.L.: Symbolic Model Checking. Kluwer Academic Publishers (1993)
McMillan, K.L.: Applying SAT methods in unbounded symbolic model checking. In: Proceedings of International Conference on Computer-Aided Verification (CAV), pp. 250–264 (2002)
The MITRE Corporation: Common Vulnerabilities and Exposures. https://cwe.mitre.org/
The MITRE Corporation: Common Weakness and Enumerations. https://cwe.mitre.org/
Moskewicz, M., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: engineering an efficient SAT solver. In: Proceedings of 38th Annual Design Automation Conference, pp. 530–535 (2001)
Nguyen, D.M., Stoffel, D., Welder, M., Kunz, W.: Conflict driven learning in a quantified Boolean satisfiability solver. In: Proceedings of International Conference on Computer-Aided Design (ICCAD), pp. 442–449 (2002)
Rajendran, J., Dhandayuthapany, A.M., Vedula, V., Karri, R.: Formal security verification of third party intellectual property cores for information leakage. In: 29th International Conference on VLSI Design and 15th International Conference on Embedded Systems, VLSID 2016, Kolkata, India, 4–8 January 2016, pp. 547–552. IEEE Computer Society (2016). https://doi.org/10.1109/VLSID.2016.143
Silva, M., Sakallah, K.A.: GRASP: a search algorithm for propositional satisfiability. IEEE Trans. Comput. 48(5), 506–521 (1999)
Smith, E.W., Dill, D.L.: Automatic formal verification of block cipher implementations. In: Formal Methods in Computer-Aided Design, FMCAD 2008, Portland, Oregon, USA, 17–20 November 2008, pp. 1–7 (2008)
Tsai, M., Wang, B., Yang, B.: Certified verification of algebraic properties on low-level mathematical constructs in cryptographic programs. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 1973–1987 (2017)
U.S. Department of Commerce, National Institute of Standards and Technology: Digital Signature Standard (DSS) (2000)
Waksman, A., Suozzo, M., Sethumadhavan, S.: FANCI: identification of stealthy malicious logic using Boolean functional analysis. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, 4–8 November 2013, pp. 697–708. ACM (2013). http://doi.acm.org/10.1145/2508859.2516654
Zhang, J., Yuan, F., Wei, L., Liu, Y., Xu, Q.: VeriTrust: verification for hardware trust. IEEE Trans. CAD Integr. Circuits Syst. 34(7), 1148–1161 (2015). https://doi.org/10.1109/TCAD.2015.2422836
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Keerthi, K., Roy, I., Hazra, A., Rebeiro, C. (2019). Formal Verification for Security in IoT Devices. In: Chakraborty, R., Mathew, J., Vasilakos, A. (eds) Security and Fault Tolerance in Internet of Things. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-02807-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-02807-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02806-0
Online ISBN: 978-3-030-02807-7
eBook Packages: EngineeringEngineering (R0)