Skip to main content
SpringerLink
Log in
Book cover

Security and Fault Tolerance in Internet of Things pp 179–200Cite as

Formal Verification for Security in IoT Devices

  • Chapter
  • First Online:

Part of the book series: Internet of Things ((ITTCC))

Abstract

Online detection of cyber-attacks on IoT devices is extremely difficult due to the limited battery and computational power available in these devices. An alternate approach is to shrink the attack surface in order to reduce the threat of attack. This would require that the device undergo more stringent security tests before deployment. Formal verification is a promising tool that can be used to not only detect potential vulnerabilities but also provide guarantees of security. This chapter reviews several security issues that plague IoT devices such as functional correctness of implementations, programming bugs, side-channel analysis, and hardware Trojans. In each of these cases, we discuss state-of-the-art mechanisms that use formal verification tools to detect the vulnerability much before the device is deployed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Affeldt, R.: On construction of a library of formally verified low-level arithmetic functions. In: Proceedings of the ACM Symposium on Applied Computing, SAC 2012, Riva, Trento, Italy, 26–30 March 2012. pp. 1326–1331 (2012)

    Google Scholar 

  2. Amla, N., Kurshan, R.P., McMillan, K.L., Medel, R.: Experimental analysis of different techniques for bounded model checking. In: Proceedings of International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pp. 34–48 (2003)

    Chapter  Google Scholar 

  3. Amla, N., Du, X., Kuehlmann, A., Kurshan, R.P., McMillan, K.L.: An analysis of SAT-based model checking techniques in an industrial environment. In: Proceedings of International Conference on Correct Hardware Design and Verification Methods (CHARME), pp. 254–268 (2005)

    MATH  Google Scholar 

  4. Appel, A.W.: Verification of a cryptographic primitive: SHA-256. ACM Trans. Program. Lang. Syst. 37(2), 7:1–7:31 (2015). http://doi.acm.org/10.1145/2701415

  5. Biere, A., Cimatti, A., Clarke, E.M., Fujita, M., Zhu, Y.: Symbolic model checking using SAT procedures instead of BDDs. In: Proceedings of 36th Annual Design Automation Conference, pp. 317–320 (1999)

    Google Scholar 

  6. Biere, A., Cimatti, A., Clarke, E.M., Zhu, Y.: Symbolic model checking without BDDs. Lect. Notes Comput. Sci. 1579, 193–207 (1999)

    Article  Google Scholar 

  7. Biere, A., Clarke, E.M., Raimi, R., Zhu, Y.: Verifying safety properties of a PowerPC microprocessor using symbolic model checking without BDDs. In: Proceedings of International Conference on Computer-Aided Verification (CAV), pp. 61–71 (1999)

    Chapter  Google Scholar 

  8. Bryant, R.: Graph-based algorithms for Boolean-function manipulation. IEEE Trans. Comput. 35(8), 677–691 (1986)

    Article  Google Scholar 

  9. Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: $10^{20}$ states and beyond. Inf. Comput. 98(2), 142–170 (1986)

    Article  MathSciNet  Google Scholar 

  10. Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L.: Sequential circuit verification using symbolic model checking. In: Proceedings of 28th Annual Design Automation Conference, pp. 46–51 (1991)

    Google Scholar 

  11. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, 15–19 August 1999, Proceedings. Lecture Notes in Computer Science, vol. 1666, pp. 398–412. Springer (1999). https://doi.org/10.1007/3-540-48405-1

    MATH  Google Scholar 

  12. Chen, Y., Hsu, C., Lin, H., Schwabe, P., Tsai, M., Wang, B., Yang, B., Yang, S.: Verifying Curve25519 software. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 299–309 (2014)

    Google Scholar 

  13. Clarke, E., Kroening, D.: The CPROVER User Manual (2006)

    Google Scholar 

  14. Clarke, E.M., Grumberg, O., Hamaguchi, K.: Another look at LTL model checking. In: Proceedings of International Conference on Computer-Aided Verification (CAV), pp. 47–71 (1994)

    Chapter  Google Scholar 

  15. Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press (2000)

    Google Scholar 

  16. Clake, E.M., Biere, A., Raimi, R., Zhu, Y.: Bounded model checking using satisfiability solving. J. Form. Methods Syst. Des. 19(1), 7–34 (2001)

    Article  Google Scholar 

  17. Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press (2001)

    Google Scholar 

  18. Clarke, E.M., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Tools and Algorithms for the Construction and Analysis of Systems, 10th International Conference, TACAS 2004, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2004, Barcelona, Spain, 29 March–2 April 2004, Proceedings, pp. 168–176 (2004)

    Chapter  Google Scholar 

  19. Duan, J., Hurd, J., Li, G., Owens, S., Slind, K., Zhang, J.: Functional correctness proofs of encryption algorithms. In: 12th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning, LPAR 2005, Montego Bay, Jamaica, 2–6 December 2005, Proceedings, pp. 519–533 (2005)

    Google Scholar 

  20. Eldib, H., Wang, C., Schaumont, P.: Formal verification of software countermeasures against side-channel attacks. ACM Trans. Softw. Eng. Methodol. 24(2), 11:1–11:24 (2014). http://doi.acm.org/10.1145/2685616

    Article  Google Scholar 

  21. Goldberg, E., Novikov, Y.: BerkMin: A fast and robust SAT-solver. In: Proceedings of Design Automation and Test Conference in Europe Conference (DATE). pp. 142–149 (2002)

    Google Scholar 

  22. Kang, H.J., Park, I.C.: SAT-based unbounded model checking. In: Proceedings of 40th Annual Design Automation Conference, pp. 840–843 (2003)

    Google Scholar 

  23. Kroening, D., Strichman, O.: Decision Procedures—An Algorithmic Point of View. Texts in Theoretical Computer Science. An EATCS Series. Springer (2008). https://doi.org/10.1007/978-3-540-74105-3

  24. McMillan, K.L.: Symbolic Model Checking. Kluwer Academic Publishers (1993)

    Google Scholar 

  25. McMillan, K.L.: Applying SAT methods in unbounded symbolic model checking. In: Proceedings of International Conference on Computer-Aided Verification (CAV), pp. 250–264 (2002)

    Chapter  Google Scholar 

  26. The MITRE Corporation: Common Vulnerabilities and Exposures. https://cwe.mitre.org/

  27. The MITRE Corporation: Common Weakness and Enumerations. https://cwe.mitre.org/

  28. Moskewicz, M., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: engineering an efficient SAT solver. In: Proceedings of 38th Annual Design Automation Conference, pp. 530–535 (2001)

    Google Scholar 

  29. Nguyen, D.M., Stoffel, D., Welder, M., Kunz, W.: Conflict driven learning in a quantified Boolean satisfiability solver. In: Proceedings of International Conference on Computer-Aided Design (ICCAD), pp. 442–449 (2002)

    Google Scholar 

  30. Rajendran, J., Dhandayuthapany, A.M., Vedula, V., Karri, R.: Formal security verification of third party intellectual property cores for information leakage. In: 29th International Conference on VLSI Design and 15th International Conference on Embedded Systems, VLSID 2016, Kolkata, India, 4–8 January 2016, pp. 547–552. IEEE Computer Society (2016). https://doi.org/10.1109/VLSID.2016.143

  31. Silva, M., Sakallah, K.A.: GRASP: a search algorithm for propositional satisfiability. IEEE Trans. Comput. 48(5), 506–521 (1999)

    Article  MathSciNet  Google Scholar 

  32. Smith, E.W., Dill, D.L.: Automatic formal verification of block cipher implementations. In: Formal Methods in Computer-Aided Design, FMCAD 2008, Portland, Oregon, USA, 17–20 November 2008, pp. 1–7 (2008)

    Google Scholar 

  33. Tsai, M., Wang, B., Yang, B.: Certified verification of algebraic properties on low-level mathematical constructs in cryptographic programs. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 1973–1987 (2017)

    Google Scholar 

  34. U.S. Department of Commerce, National Institute of Standards and Technology: Digital Signature Standard (DSS) (2000)

    Google Scholar 

  35. Waksman, A., Suozzo, M., Sethumadhavan, S.: FANCI: identification of stealthy malicious logic using Boolean functional analysis. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, 4–8 November 2013, pp. 697–708. ACM (2013). http://doi.acm.org/10.1145/2508859.2516654

  36. Zhang, J., Yuan, F., Wei, L., Liu, Y., Xu, Q.: VeriTrust: verification for hardware trust. IEEE Trans. CAD Integr. Circuits Syst. 34(7), 1148–1161 (2015). https://doi.org/10.1109/TCAD.2015.2422836

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology Madras, Chennai, India

    K. Keerthi, Indrani Roy & Chester Rebeiro

  2. Indian Institute of Technology Kharagpur, Kharagpur, India

    Aritra Hazra

Authors
  1. K. Keerthi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Indrani Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aritra Hazra
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chester Rebeiro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aritra Hazra .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, West Bengal, India

    Rajat Subhra Chakraborty

  2. Department of Computer Science and Engineering, Indian Institute of Technology Patna, Patna, Bihar, India

    Jimson Mathew

  3. Department of Computer Science, Electrical and Space Engineering, Luleå University of Technology, Skellefteå, Sweden

    Athanasios V. Vasilakos

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Keerthi, K., Roy, I., Hazra, A., Rebeiro, C. (2019). Formal Verification for Security in IoT Devices. In: Chakraborty, R., Mathew, J., Vasilakos, A. (eds) Security and Fault Tolerance in Internet of Things. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-02807-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02807-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02806-0

  • Online ISBN: 978-3-030-02807-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation