PARIOT: Anti-repackaging for IoT firmware integrity

IoT repackaging refers to an attack devoted to tampering with a legitimate firmware package by modifying its content (e.g., injecting some malicious code) and re-distributing it in the wild. In such a scenario, the firmware delivery and update processes are central to ensuring firmware integrity.Unfortunately, several existing solutions lack proper integrity verification, exposing firmware to repack-aging attacks. If this is not the case, they still require an external trust anchor (e.g., signing keys or secure storage technologies), which could limit their adoption in resource-constrained environments. In addition, state-of-the-art frameworks do not cope with the entire firmware production and delivery process, thereby failing to protect the content generated by the firmware producers through the whole supply chain.To mitigate such a problem, in this paper, we introduce PARIOT, a novel self-protecting scheme for IoT that injects integrity checks, called anti-tampering (AT) controls, directly into the firmware. The AT controls enable the runtime detection of repackaging attempts without needing signing keys, internet connection, secure storage technologies, or external trusted parties. PARIOT can be adopted on top of existing state-of-the-art solutions ensuring the widest compatibility with current IoT ecosystems and update frameworks. Also, we have implemented this scheme into PARIOTIC, a prototype to protect C/C++ IoT firmware automatically. The evaluation phase of 50 real-world firmware samples demonstrated the proposed methodology's feasibility and robustness against practical repackaging attacks without altering the firmware behavior or severe overheads.