Remotely Verifiable Software Integrity in IoT Devices: From Attestation to Poisoning Prevention

Norrathep Rattanavipanon -
Digital Security

Date: -
Location: Eurecom

Abstract: Embedded/IoT devices are increasingly ubiquitous, often supporting safety-critical operations. However, due to strict cost/energy constraints, they generally lack advanced security features found in more powerful devices, leaving them vulnerable to software compromises. In this talk, I will discuss our efforts to remotely establish software integrity on potentially compromised IoT devices. Our quest begins with the development of various lightweight security primitives, such as remote attestation, proof of execution, runtime auditing, etc., and extends these primitives to prevent poisoning attacks in IoT/edge federated applications, such as federated learning. Bio: Norrathep (Oak) Rattanavipanon received his Ph.D. in Computer Science from the University of California, Irvine in 2019. Since then, he has been an assistant professor with the College of Computing, Prince of Songkla University, Phuket Campus. His research interests lie in the area of security and privacy, particularly in embedded systems and IoT security, software and binary analysis, and recently security/privacy in machine learning systems.