The problem to solve is the following: the uncontrolled development of the Internet of Things (IoT) results in personal data being handled by a huge variety of devices, which do not satisfy the safety conditions considered mandatory in more customary applications. The most worrisome characteristics of these devices is that they are subject to physical attacks, which are intended to disrupt the execution flow of some applications in order to extract sensitive information or grant restricted access permissions.
This paper develops, in detail, a method for improving the safety of embedded devices like smartphones, payment systems, and all the digital consumer electronics that allow for the development of IoT. The paper has four authors, seven sections, and ends in 25 pages with 49 references. It is profusely illustrated with figures, tables, algorithms, and listings.
Although correctness proofs of programs seems to be an approach that guarantees that the program does what it is intended to do, if the program has been physically attacked and changed, nothing more can be guaranteed. The approach taken by the authors makes the burden of proof to rely on the program itself, by adding to it redundant code which checks that the loops perform the expected number of iterations.
The code added to the program in order to harden the loops does not change its meaning; instead, it only gives a little overhead in size and in performance. These changes are not too costly because their increase in size or time is lower than 15 percent. However, some questions remain:
- The proportion of loops that are hardened is high, about 95 percent, but it’s not 100 percent. This means that the program can still be changed to a failing program, despite the efforts of the compiler.
- Some injected faults remain undetected; thus, program users cannot trust the program. And the question remains: should we use a program we cannot trust?
- The techniques used are relevant only to fault attacks, which use alteration of the device to retrieve sensitive data or get privilege access. Other attacks are not dealt with.
The paper is clearly presented. The algorithm is implemented in LLVM, which means that an existing compiler scheme is enriched for aiming at hardening the loops. Results are evaluated using a large benchmark. All in all, testing the ideas needs further, wider evaluation, but the whole approach seems promising.