Extending the lifecycle of IoT devices using selective deactivation

Abstract

IoT devices are known for long-lived hardware and short-lived software support by the vendor, which sets the wrong security incentives for users of expensive IoT systems. In order to mitigate as many known vulnerabilities as possible after the vendor has stopped providing security patches for an IoT device, we present a framework that allows the user to selectively disable single hardware components which provide non-essential features that are associated with said vulnerabilites. In the same way, the framework can also be used proactively to reduce the attack surface of an IoT device by disabling unused features. The user’s selection is enforced by a trusted computing base using different hardware security mechanisms on the ARM platform. To this end, we analyze the common hardware architecture of embedded ARM systems using the example of the Raspberry Pi 4. We conclude that only virtualization provides a fine-grained enough partition capabilities for the purpose of partitioning the hardware into used and unused components. However, we also show how other security mechanisms including IOMMUs and ARM TrustZone could be used as an optimization in some cases. Finally, we give a proof of concept implementation using the Raspberry Pi 4 and the Sense HAT as a simulation of a complex IoT device and show how 6 of its hardware components can be selectively enabled and disabled.