Wireless mobile networks frequently need remote software updates to add or adjust the tasks of mobile nodes.\nSoftware update traffic, particularly in the Internet of Things (IoT), should be carefully handled since attackers can\neasily compromise a number of unattended devices by modifying a piece of code in the software update routine.\nThese attacks are quite realistic and harmful as seen in the real world. To protect lower-powered mobile devices, an\nin-network detection mechanism is preferred. However, due to the mobility of devices, it is difficult to set a network\nmonitor with complete context of software updates. Moreover, even the conventional integrity checks can be fooled\nby a replaced binary code or minimized modification. In this paper, we tackle this problem and propose CodeDog, a\nnew approach to check the integrity of software updates in mobile environments. CodeDog generates a binary code\nwith semantics markers. A validation of those markers proves the control flow semantics was unchanged. It can be\nperformed on program fragments for in-network monitoring to protect incapable devices. Our evaluation result\nshows that CodeDog can prevent attacks in the supply chain with 4.2 % storage overhead.
Loading....