Skip to main content

Advertisement

Springer Nature Link
Log in

Analysis of crypto module in RIOT OS using Frama-C

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

With the growing advances in Internet of Things (IoT) technology, it has become an indispensable part of many areas like home automation, industries, medical equipment, etc. Thus, the security of the IoT hardware and software is of utmost importance. The availability of secure IoT software components allows for better confidence in the use of IoT devices for consumers. IoT operating systems are core software components of the IoT ecosystem. There are a lot of IoT operating systems (OSes) available, but Real-time Operating System for IoT (RIOT) is one of the most commonly used open-source OS used by universities and businesses. As the RIOT source code is written in C, it inherently has some security vulnerabilities. With IoT devices having the characteristic of limited battery and computational capability, it is very challenging to detect cyber-attacks online. This would necessitate more rigorous security checks being performed on the device prior to deployment. For the security of the RIOT OS, the analysis techniques used in highly critical domains can also be applied to IoT software. Thus, the purpose of this work is to apply techniques such as formal verification to the crypto module of RIOT using a software analysis platform for C code, namely Frama-C in order to analyze the security aspects of the module.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data availability

This article does not contain any dataset

References

  1. Keerthi K, Indrani R, Aritra H, Chester R (2019) Formal verification for security in IoT devices. In: Chakraborty RS, Mathew J, Vasilakos AV (eds) Security and fault tolerance in internet of things. Springer, Berlin, pp 179–200

    Chapter  Google Scholar 

  2. Mike D (2022) Formally verifying industry cryptography. IEEE Secur Priv 20(3):65–70

    Article  Google Scholar 

  3. Hasan O, Tahar S (2015) Formal verification methods. In: Khosrow-Pour DBA (ed) Encyclopedia of information science and technology. Igi Global, Pennsylvania

    Google Scholar 

  4. Blanchard A, Kosmatov N, Loulergue F (2018) A lesson on verification of IoT software with Frama-C. In: 2018 International Conference on High Performance Computing & Simulation (HPCS), pp 21–30

  5. Baccelli E, Hahm O, Günes M, Wählisch M, Schmidt TC (2013) RIOT OS: towards an os for the internet of things. In: 2013 IEEE Conference on Computer Communications Eorkshops (INFOCOM WKSHPS), pp 79–80

  6. Cuoq P, Kirchner F, Kosmatov N, Prevosto V, Signoles J, Yakobowski B (2012) Frama-C: a software analysis perspective. Springer, Berlin, pp 233–247

    Google Scholar 

  7. Abdullah A-B, Khaled W, Mohammad E-R (2021) The presence, trends, and causes of security vulnerabilities in operating systems of IoT’s low-end devices. MDPI Sens 21(7):2329

    Article  Google Scholar 

  8. McBride J, Arief B, Hernandez-Castro JC (2018) Security analysis of Contiki IoT operating system. ACM Digital Library Junction Publishing, pp 278–283

  9. Mullen G (2019) Liam meany assessment of buffer overflow based attacks on an IoT operating system. Global IoT Summit (GIoTS)

  10. Liang H, Zhao Q, Wang Y, Liu H (2016) Understanding and detecting performance and security bugs in IoT oses. In: 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), IEEE, pp 413–418

  11. Li D, Zhang Z, Liao W, Xu Z (2018) KLRA: a kernel level resource auditing tool for IoT operating system security. In: 2018 IEEE/ACM Symposium on Edge Computing (SEC), IEEE, pp 427–432

  12. Koivunen L, Rauti S, Leppänen V (2016) Ville applying internal interface diversification to IoT operating systems. In: 2016 International Conference on Software Security and Assurance (ICSSA), IEEE, pp 1–5

  13. Mäki P, Rauti S, Hosseinzadeh S, Koivunen L, Leppänen V (2016) Ville interface diversification in iot operating systems. In: Proceedings of the 9th International Conference on Utility and Cloud Computing, pp 304–309

  14. Calatayud BM, Meany L (2022) A comparative analysis of Buffer Overflow vulnerabilities in High-End IoT devices. In: 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), IEEE, pp 0694–0701.

  15. empel S, Bruns T (2020) RIOT-POLICE: an implementation of spatial memory safety for the RIOT operating system. arXiv:2005.09516

  16. Yuan S, Talpin JP (2021) Verified functional programming of an IoT operating system’s bootloader. In: Proceedings of the 19th ACM-IEEE International Conference on Formal Methods and Models for System Design, pp 89–97

  17. Peyrard A, Kosmatov N, Duquennoy S, Raza S (2018) Towards formal verification of Contiki: analysis of the AES–CCM* modules with Frama-C. In: RED-IOT 2018-Workshop on Recent advances in secure management of data and resources in the IoT

  18. Mangano F, Duquennoy S, Kosmatov N (2016) Formal verification of a memory allocation module of Contiki with Frama-C: a case study. In: International Conference on Risks and Security of Internet and Systems, Springer, pp 114–120

  19. Blanchard A, Kosmatov N, Loulergue F (2018) Ghosts for lists: a critical module of Contiki verified in Frama-C. In: NASA formal methods: 10th international symposium, NFM 2018, Newport News, VA, USA, April 17-19, 2018, Proceedings, vol. 10. Springer, pp 37–53

  20. AAlnaeli SM, Sarnowski M, Aman MS, Abdelgawad A, Yelamarthi K (2016) Vulnerable C/C++ code usage in IoT software systems. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), IEEE, pp 348–352

  21. Alnaeli SM, Sarnowski M, Aman M, Abdelgawad A, Yelamarthi K (2017) Source code vulnerabilities in IoT software systems. Adv Sci Technol Eng Syst J 2:1502–1507

    Article  Google Scholar 

  22. Karaduman B, Challenger M, Eslampanah R, Denil J, Vangheluwe H (2020) Platform-specific modeling for riot based iot systems. In: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, pp 639–646

  23. Boeckmann L, Kietzmann P, Lanzieri L, Schmidt T, Wählisch M (2022) Usable Security for an IoT OS: integrating the zoo of embedded crypto components below a common API. arXiv:2208.09281

  24. Blanchard A (2020) Introduction to C program proof with Frama-C and its WP plugin In: Zeste de Savoir, júl

  25. Garion C, Hattenberger G, Pollien B, Roux P, Thirioux X (2022) A gentle introduction to C code verification using the Frama-C platform. In: ISAE-SUPAERO; ONERA—The French Aerospace Lab; ENAC

  26. Burghardt J, Gerlach J, Hartig K, Pohl H, Soto J (2010) Juan ACSL by example. In: DEVICE-SOFT project publication, Fraunhofer FIRST Institute

  27. Todorov V, Boulanger F, Taha S (2018) Formal verification of automotive embedded software In: Proceedings of the 6th Conference on Formal Methods in Software Engineering

  28. Krichen M (2023) A survey on formal verification and validation techniques for internet of things. Appl Sci 13(14):8122

    Article  Google Scholar 

Download references

Funding

No funding was received to assist with the preparation of this manuscript.

Author information

Author notes

  1. Nirnai Rai and Jyoti Grover have contributed equally to this work.

Authors and Affiliations

  1. Department of Computer Science and Engineering, Malaviya National Institute of Technology Jaipur, JLN Road, Jaipur, 302017, Rajasthan, India

    Nirnai Rai & Jyoti Grover

Authors
  1. Nirnai Rai
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Jyoti Grover
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

J.G. and N.R. wrote the manuscript; N.R. performed experiments; N.R. and J.G prepared figures and Tables; all authors reviewed the manuscript.

Corresponding author

Correspondence to Jyoti Grover.

Ethics declarations

Conflict of interest

The authors declare that they have no Conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rai, N., Grover, J. Analysis of crypto module in RIOT OS using Frama-C. J Supercomput 80, 18521–18543 (2024). https://doi.org/10.1007/s11227-024-06171-0

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-024-06171-0

Keywords