Skip to main content
SpringerLink
Log in

Efficient scheme of verifying integrity of application binaries in embedded operating systems

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Currently, embedded systems have been widely used for ubiquitous computing environments including digital setup boxes, mobile phones, and USN (Ubiquitous Sensor Networks). The significance of security has been growing as it must be necessarily embedded in all these systems. Up until now, many researchers have made efforts to verify the integrity of applied binaries downloaded in embedded systems. The research of problem solving is organized into hardware methods and software-like methods. In this research, the basic approach to solving problems from the software perspective was employed. From the software perspective, unlike in the existing papers (Seshadri et al., Proc. the IEEE symposium on security and privacy, 2004; Seshadri et al., Proc. the symposium on operating systems principals, 2005) based on the standardized model (TTAS.KO-11.0054. http://www.tta.or.kr 2006) publicized in Korea, there is no extra verifier and conduct for the verification function in the target system. Contrary to the previous schemes (Jung et al. http://ettrends.etri.re.kr/PDFData/23-1_001_011.pdf, 2008; Lee et al., LNCS, vol. 4808, pp. 346–355, 2007), verification results are stored in 1 validation check bit, instead of storing signature value for application binary files in the i-node structure for the purpose of reducing run-time execution overhead. Consequently, the proposed scheme is more efficient because it dramatically reduces overhead in storage space, and when it comes to computing, it performs one hash algorithm for initial execution and thereafter compares 1 validation check bit only, instead of signature and hash algorithms for every application binary. Furthermore, in cases where there are frequent changes in the i-node structure or file data depending on the scheme application, the scheme can provide far more effective verification performance compared to the previous schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abuhmed T, Nyamaa N, Nyang D (2009) Software-based remote code attestation in wireless sensor network. In: Proc IEEE GLOBECOM

  2. Arbaugh A, Farber DJ, Smith JM (1997) A secure and reliable BootStrap architecture. In: Proc IEEE symposium on security and privacy, pp 65–71

  3. Castelluccia C, Francillon A, Perito D, Soriente C (2009) On the difficulty of software-based attestation of embedded devices. In: Proc the 16th ACM conference on computer and communications security (CCS)

  4. Chen Y, Venkatesan R, Cary M, Sinha S, Jakubowski MH (2002) Oblivious hashing: a stealthy software integrity verification primitive. In: Proc int workshop, information hiding, pp 400–414

  5. Chhabra S, Rogers B, Solihin Y, Prvulovic M (2009) Making secure processors OS- and performance-friendly. ACM Trans Archit Code Optim (TACO) 5(4)

  6. Ceccato M Preda, MD, Majumdar, A, Tonella, P (2009) Remote software protection by orthogonal client replacement. In: Proc the 24th ACM symposium on applied computing, ACM

  7. Common Vulnerabilities and Exposures (2010) http://cve.mitre.org/

  8. Courtright K Husain, MI, Sridhar, R (2009) LASE: latency aware simple encryption for embedded systems security. Int J Comput Sci Netw Secur (IJCSNS), 9(10)

  9. CryptocellTM, Discretix Technologies Ltd. http://www.discretix.com

  10. Giannetsosl T, Dimitrioul T, Krontiris I, Prasad, NR (2010) Arbitrary Code Injection through Self-propagating Worms in Von. Neumann, Architecture Devices. Comput J Adv Access. Published online. http://comjnl.oxfordjournals.org/cgi/content/abstract/bxq009

  11. Gilani S (2007) Embedded OS: a foundation for secure networking. In: Embedded computer design. OpenSystems publishing. http://www.mentor.com

  12. Gilbert H, Handschuh H (2005) Security analysis of SHA-256 and sisters. In: Selected areas in cryptography 2003, NIST cryptographic hash workshop

  13. Gogniat G, Wolf T, Burleson W (2005) Reconfigurable security primitive for embedded systems. In: Proc international symposium on system-on-chip (SOC)

  14. Ghosh AK, Swaminatha TM (2001) Software security and privacy risks in mobile e-commerce. Commun ACM 44:51–57

    Article  Google Scholar 

  15. Henderson B (2010) Linux Loadable Kernel Module HOWTO. http://www.linux.org/docs/ldp/howto/module-howto/

  16. Hoffstein J, Pipher J, Silverman J (1998) NTRU: a ring-based public key cryptosystem. In: Buhler J (ed) Algorithmic number theory (ANTS III). LNCS, vol 1423. Springer, Berlin, pp 267–288

    Chapter  Google Scholar 

  17. Hwang DD, Schaumont P, Tiri K, Verbauwhede I (2006) Securing embedded systems. IEEE Secur Priv 4(2):40–49

    Article  Google Scholar 

  18. Jones K (2001) Loadable kernel modules. http://www.usenix.org/publications/login/2001-11/pdfs/jones2.pdf

  19. Jung YJ, Lim DH, Seo YB, Kim JM (2008) The trends of embedded operating system security technology online publishing. http://ettrends.etri.re.kr/PDFData/23-1_001_011.pdf, ETRI (in Korean)

  20. Kil C, Sezer EC, Azab AM, Ning, P, Zhang X (2009) Remote attestation to dynamic system properties: towards providing complete system integrity evidence. In: Proc the 39th IEEE/IFIP conference on dependable systems and networks

  21. Kocher P, Lee R, McGraw G, Raghunathan A, Ravi S (2004) Security as a new dimension in embedded system design. In: Proc the 41st IEEE design automation conference, pp 753–760

  22. Latest Virus Threats (2010) Symantec Corporation. http://www.symantec.com/avcenter/vinfodb.html

  23. Lee J, Heo J, Park J, Cho Y, Hong J, Park M (2007) Buffer cache level encryption for embedded secure operating system. In: LNCS, vol 4808. Springer, Berlin, pp 346–355

    Google Scholar 

  24. Lee JS, Jung KY, Jung D, Kim TH, Kim Y, Kim J (2008) Preventing ELF-file-infecting malware using signature verification for embedded Linux. J KIISE Comput Pract Lett 14(6) (in Korean)

  25. Lenstra AK, Verheul ER (2000) The XTR public key system. In: Proc Crypto 2000. LNCS, vol 1880. Springer, Berlin

    Google Scholar 

  26. Lie D, Thekkath CA, Mitchell M, Lincoln P, Boneh D, Mitchell JC, Horowitz M (2000) Architectural Support for Copy and Tamper resistant software. In: Proc ACM architectural support for programming languages and operating systems (ASPLOS), pp 168–177

  27. Liu D, Dong Q (2009) Combating side-channel attacks using key management. In: IEEE international symposium on parallel & distributed processing, pp 1–8

  28. Mao S, Wolf T (2010) Hardware support for secure processing in embedded systems. IEEE Trans Comput 59(6):847–854

    Article  MathSciNet  Google Scholar 

  29. Muthukumaran D, Sawani A, Schiffman J, Jung BM, Jaeger T (2008) Measuring integrity on mobile phone systems. In: Proc the 13th ACM symposium on access control models and technologies

  30. Next-Generation Secure Computing Base (NGSCB) (2003) http://www.microsoft.com/resources/ngscb/default.mspx

  31. Rabin MO (1979) Digitalized signatures and public-key functions as intractable as factorization. Technical Report LCS/TR-212. Massachusetts Institute of Technology

  32. Ravi S, Raghunathan A, Chakradhar S (2004) Tamper resistance mechanisms for secure embedded systems. In: Proc the international conference on VLSI Design, pp 605–611

  33. Ravi S, Raghunathan A, Kocher P, Hattangady S (2004) Security in embedded systems: design challenges. ACM Trans Embed Comput Syst 3:461–491

    Article  Google Scholar 

  34. Schellekens D, Wyseur B, Preneel B (2008) Remote attestation on legacy operating systems with trusted platform modules. In: Sci Comput Program, pp 13–22

  35. Secure Coprocessing (2010) IBM Inc. http://www.research.ibm.com/scop/

  36. Security Reference Model for Embedded Operating System (2006) TTAS.KO-11.0054. Telecommunications Technology Association. http://www.tta.or.kr/ (in Korean)

  37. Seshadri A, Luk M, Shi E, Perrig A, Doorn L, Khosla P (2005) Pioneer: verifying integrity and guaranteeing execution of code on legacy platforms. In: Proc the symposium on operating systems principals

  38. Seshadri A, Perrig A, Doorn L, Khosla P (2004) SWATT: software-based ATTestation for embedded devices. In: Proc the IEEE symposium on security and privacy

  39. Suh GE, Clarke D, Gassend B, Dijk M, Devadas S (2003) AEGIS: architecture for tamper-evident and Tamper-resistant processing. In: Proc intl conf. supercomputing (ICS ’03), pp 160–171

  40. Suh GE, Clarke D, Gassend B, Dijk M, Devadas S (2003) Efficient memory integrity verification and encryption for secure processors. In: Proc MICRO-36

  41. The IBM PCI Cryptographic Coprocessor (2010) IBM Inc. http://www3.ibm.com/security/cryptocards/

  42. The National Security Agency (2003) Security-enhanced Linux. http://www.nsa.gov/research/selinux/

  43. TinyECC (2007) A Configurable Library for Elliptic Curve Cryptography in Wiress Sensor Networks Ver 1.0. http//discovery.csc.ncsu.edu/software/TinyECC

  44. Trusted Computing Group (TCG) (2003) https://www.trustedcomputinggroup.org/

  45. Vaslin R, Gogniat G, Diguet J, Wanderley E, Tessier R, Burleson W (2009) A security approach for off-chip memory in embedded microprocessor systems. Microprocess Microsyst 33(1):37–45

    Article  Google Scholar 

  46. Virus Information (2010) Computer Security Resource Center. National Institute of Standards and Technology. http://csrc.nist.gov/virus/

  47. Vulnerability notes database (2010) CERT coordination center. http://www.kb.cert.org/vuls/

  48. Wang X, Yin, Y, Yu H (2005) Finding collisions in the full SHA-1. In: Proc Crypto

  49. Welsh M (1995) Implementing Loadable Kernel Modules for Linux. Dr Dobbs J 20(5)

  50. WireX Communications (2001) Linux Security Module. http://lsm.immunix.org/

  51. Wright C, Cowan C, Smalley S, Morris J, Hartman GK (2002) Linux Security Module framework. In: 2002 Ottawa Linux symposium

  52. Yee B (1994) Using secure co-processors. PhD thesis, Carnegie Mellon University

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Halla University, San 66, Heungup-Li, Heungup-myon, Wonju-shi, Kangwon-do, Republic of Korea

    Soon Seok Kim

  2. ETRI (Electronics & Telecommunications Research Institute), 161, Gajeong-dong, Yuseong-gu, Daejeon, Republic of Korea

    Deok Gyu Lee

  3. Department of Computer Science and Engineering, Seoul National University of Technology, 172 Gongreung 2-dong, Nowon-gu, Seoul, Republic of Korea

    Jong Hyuk Park

Authors
  1. Soon Seok Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Deok Gyu Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jong Hyuk Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Deok Gyu Lee.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kim, S.S., Lee, D.G. & Park, J.H. Efficient scheme of verifying integrity of application binaries in embedded operating systems. J Supercomput 59, 676–692 (2012). https://doi.org/10.1007/s11227-010-0465-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-010-0465-4

Keywords

Search

Navigation