Building hardened internet-of-things clients with language-theoretic security

Prashant Anantharaman; Michael Locasto; Gabriela F. Ciocarlie; Ulf Lindqvist

doi:10.1109/SPW.2017.36

Building hardened internet-of-things clients with language-theoretic security

Prashant Anantharaman
, Michael Locasto
, Gabriela F. Ciocarlie
, Ulf Lindqvist

Department of Computer Science

Dartmouth College
SRI International

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Scopus citations

Abstract

Unprincipled input handling has caused many of the most prevalent and severe vulnerabilities in the Internet era, and this trend appears to continue in the emerging Internet of Things (IoT). In this paper, we present a methodology to build secure input-handling functionality for application-layer IoT protocols by applying the Language-theoretic Security (LangSec) philosophy. We have built working implementations for the XMPP and MQTT protocols and demonstrated that our clients, which consist of less than a hundred lines of code, correctly recognize all valid messages in our tests. With respect to CPU time, our clients compare well against the most widely deployed implementations of these two protocols.

Original language	English
Title of host publication	Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017
Pages	120-126
Number of pages	7
ISBN (Electronic)	9781538619674
DOIs	https://doi.org/10.1109/SPW.2017.36
State	Published - 19 Dec 2017
Event	12th IEEE Symposium on Security and Privacy Workshops, SPW 2017 - San Jose, United States Duration: 25 May 2017 → …

Publication series

Name	Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017
Volume	2017-December

Conference

Conference	12th IEEE Symposium on Security and Privacy Workshops, SPW 2017
Country/Territory	United States
City	San Jose
Period	25/05/17 → …

Keywords

IoT
language theoretic security
parser combinator
protocol state machines

Access to Document

10.1109/SPW.2017.36

Cite this

Anantharaman, P., Locasto, M., Ciocarlie, G. F., & Lindqvist, U. (2017). Building hardened internet-of-things clients with language-theoretic security. In Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017 (pp. 120-126). (Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017; Vol. 2017-December). https://doi.org/10.1109/SPW.2017.36

@inproceedings{e89a2dcf4fa3422ea2fe6f43b7d261bb,

title = "Building hardened internet-of-things clients with language-theoretic security",

abstract = "Unprincipled input handling has caused many of the most prevalent and severe vulnerabilities in the Internet era, and this trend appears to continue in the emerging Internet of Things (IoT). In this paper, we present a methodology to build secure input-handling functionality for application-layer IoT protocols by applying the Language-theoretic Security (LangSec) philosophy. We have built working implementations for the XMPP and MQTT protocols and demonstrated that our clients, which consist of less than a hundred lines of code, correctly recognize all valid messages in our tests. With respect to CPU time, our clients compare well against the most widely deployed implementations of these two protocols.",

keywords = "IoT, language theoretic security, parser combinator, protocol state machines",

author = "Prashant Anantharaman and Michael Locasto and Ciocarlie, \{Gabriela F.\} and Ulf Lindqvist",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 12th IEEE Symposium on Security and Privacy Workshops, SPW 2017 ; Conference date: 25-05-2017",

year = "2017",

month = dec,

day = "19",

doi = "10.1109/SPW.2017.36",

language = "English",

series = "Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017",

pages = "120--126",

booktitle = "Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017",

}

Anantharaman, P, Locasto, M, Ciocarlie, GF & Lindqvist, U 2017, Building hardened internet-of-things clients with language-theoretic security. in Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017. Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017, vol. 2017-December, pp. 120-126, 12th IEEE Symposium on Security and Privacy Workshops, SPW 2017, San Jose, United States, 25/05/17. https://doi.org/10.1109/SPW.2017.36

Building hardened internet-of-things clients with language-theoretic security. / Anantharaman, Prashant; Locasto, Michael; Ciocarlie, Gabriela F. et al.
Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017. 2017. p. 120-126 (Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017; Vol. 2017-December).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Building hardened internet-of-things clients with language-theoretic security

AU - Anantharaman, Prashant

AU - Locasto, Michael

AU - Ciocarlie, Gabriela F.

AU - Lindqvist, Ulf

PY - 2017/12/19

Y1 - 2017/12/19

N2 - Unprincipled input handling has caused many of the most prevalent and severe vulnerabilities in the Internet era, and this trend appears to continue in the emerging Internet of Things (IoT). In this paper, we present a methodology to build secure input-handling functionality for application-layer IoT protocols by applying the Language-theoretic Security (LangSec) philosophy. We have built working implementations for the XMPP and MQTT protocols and demonstrated that our clients, which consist of less than a hundred lines of code, correctly recognize all valid messages in our tests. With respect to CPU time, our clients compare well against the most widely deployed implementations of these two protocols.

AB - Unprincipled input handling has caused many of the most prevalent and severe vulnerabilities in the Internet era, and this trend appears to continue in the emerging Internet of Things (IoT). In this paper, we present a methodology to build secure input-handling functionality for application-layer IoT protocols by applying the Language-theoretic Security (LangSec) philosophy. We have built working implementations for the XMPP and MQTT protocols and demonstrated that our clients, which consist of less than a hundred lines of code, correctly recognize all valid messages in our tests. With respect to CPU time, our clients compare well against the most widely deployed implementations of these two protocols.

KW - IoT

KW - language theoretic security

KW - parser combinator

KW - protocol state machines

UR - https://www.scopus.com/pages/publications/85035790009

UR - https://www.scopus.com/pages/publications/85035790009#tab=citedBy

U2 - 10.1109/SPW.2017.36

DO - 10.1109/SPW.2017.36

M3 - Conference contribution

AN - SCOPUS:85035790009

T3 - Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017

SP - 120

EP - 126

BT - Proceedings - 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017

T2 - 12th IEEE Symposium on Security and Privacy Workshops, SPW 2017

Y2 - 25 May 2017

ER -

Building hardened internet-of-things clients with language-theoretic security

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this