The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things

by   Manuel Huber, et al.

We live in a time when billions of IoT devices are being deployed and increasingly relied upon. This makes ensuring their availability and recoverability in case of a compromise a paramount goal. The large and rapidly growing number of deployed IoT devices make manual recovery impractical, especially if the devices are dispersed over a large area. Thus, there is a need for a reliable and scalable remote recovery mechanism that works even after attackers have taken full control over devices, possibly misusing them or trying to render them useless. To tackle this problem, we present Lazarus, a system that enables the remote recovery of compromised IoT devices. With Lazarus, an IoT administrator can remotely control the code running on IoT devices unconditionally and within a guaranteed time bound. This makes recovery possible even in case of severe corruption of the devices' software stack. We impose only minimal hardware requirements, making Lazarus applicable even for low-end constrained off-the-shelf IoT devices. We isolate Lazarus's minimal recovery trusted computing base from untrusted software both in time and by using a trusted execution environment. The temporal isolation prevents secrets from being leaked through side-channels to untrusted software. Inside the trusted execution environment, we place minimal functionality that constrains untrusted software at runtime. We implement Lazarus on an ARM Cortex-M33-based microcontroller in a full setup with an IoT hub, device provisioning and secure update functionality. Our prototype can recover compromised embedded OSs and bare-metal applications and prevents attackers from bricking devices, for example, through flash wear out. We show this at the example of FreeRTOS, which requires no modifications but only a single additional task. Our evaluation shows negligible runtime performance impact and moderate memory requirements.


page 1

page 2

page 3

page 4


Software-based security approach for networked embedded devices

As the Internet of Things (IoT) continues to expand, data security has b...

Sponge-Based Control-Flow Protection for IoT Devices

Embedded devices in the Internet of Things (IoT) face a wide variety of ...

Minimal Virtual Machines on IoT Microcontrollers: The Case of Berkeley Packet Filters with rBPF

Virtual machines (VM) are widely used to host and isolate software modul...

Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)

As many types of IoT devices worm their way into numerous settings and m...

TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone

The rapid evolution of Internet-of-Things (IoT) technologies has led to ...

Towards Automated PKI Trust Transfer for IoT

IoT deployments grow in numbers and size and questions of long time supp...

On the Analysis of MUD-Files' Interactions, Conflicts, and Configuration Requirements Before Deployment

Manufacturer Usage Description (MUD) is an Internet Engineering Task For...

Please sign up or login with your details

Forgot password? Click here to reset