Volume 12 - Issue 2
iMRC: Integrated Monitoring & Recovery Component, a Solution to Guarantee the Security of Embedded Systems
- Pierre-Henri Thevenon
Univ. Grenoble Alpes, CEA, LETI, DSYS, F-38000, Grenoble, France
Pierre-Henri.Thevenon
- Sebastien Riou
Tiempo Secure, Montbonnot-Saint-Martin, F-38330, France
Sebastien.Riou@tiempo-secure.com
- Duc-Minh Tran
Universite Paris-Saclay, CEA, LIST, Palaiseau, F-91120, France
Duc-Minh.Tran@cea.fr
- Maxime Puys
Univ. Grenoble Alpes, CEA, LETI, DSYS, F-38000, Grenoble, France
Maxime.Puys
- Nikolaos Foivos Polychronou
Univ. Grenoble Alpes, CEA, LETI, DSYS, F-38000, Grenoble, France
Nikolaos.Polychronou
- Mustapha El Majihi
Univ. Grenoble Alpes, CEA, LETI, DSYS, F-38000, Grenoble, France
Mustapha.Elmajihi
- Camille Sivelle
Univ. Grenoble Alpes, CEA, LETI, DSYS, F-38000, Grenoble, France
CamilleSivelle@cea.fr
Keywords: IoT, IIoT, cybersecurity, resilience, AI, detection, secure element
Abstract
In recent years, the security of connected objects has become a real challenge. Indeed, more and more
IoT devices are being built for increasingly critical applications and as shown by multiple famous botnet
attacks such as Mirai, IoT devices are often poorly protected. In this paper, we introduce a new
solution called iMRC (integrated Monitoring & Recovery Component) to improve the resilience of
embedded systems in case of proven attacks. This innovative solution integrates a hardware component
whose main function is to extract the hardware performance counters of the processor in order
to be analyzed by the artificial intelligence of the control server. This one is able to remotely restore
the devices to a known secure state upon detection of malwares or other abnormal behaviors. We
define a use case based on a home automation network in which the iMRC component is added to a
gateway. We implement a set of scripts reproducing malicious behaviors in order to test our detection
capabilities and show that all malwares are detected within less than 20 seconds after the launch of a
malware execution.