I'm looking for a specialist to realize an easy tool that will work as Security Engine service could be responsible to check the integrity of the firmware of IoT gateways and devices. The service scans the pre-OS (firmware) of devices against a whitelist of approved firmware and, by using ML/neural net techniques, will check the integrity of firmware, ensuring that only approved firmware is operating and blocking untrusted updates. A Neural Network can ensure the detection of altered firmware at runtime or each time a firmware update is requested. This functionality enhances system security functionality by complementing device authentication with an additional security check.
In order to have continuous firmware verification in the platform, an approach based to Machine Learning (ML) /neural network technic should be used to implement the Security Engine.
A Machine Learning (ML) based algorithm will give to gateways an internal Artificial Intelligence (AI) that decides if the device is receiving or is running a compromised firmware.
Security Engine may use external processing power given by external platforms, such as IBM Watson.
effective resiliency to every low-level attack vector, based on firmware tampering;
machine learning algorithm to improve security level based on behavioural analysis;
raise alerts for security threats when firmware device results tampered;
Security Engine will perform the following operations:
When the system is deployed there should be a tuning phase, during which the Security Engine, using reverse engineering technics, extracts CFG (Control Flow Graph) data and used functions to understand devices normal operating conditions.
During this training the system uses the received input to calculate the weight on the Neural Network nodes. It could be done by using statistical methods, such as confidence intervals, where it will be estimated the performance of the classifiers. Our selection is to use the Conformal Prediction which gives the confidence level of each output prediction.
At the end of the tuning phase, after having analyzed the behavior of the device firmware, the Security Engine is able to detect all eventual anomalies as deviation from the usual pattern whenever a new firmware is going to be installed on a sensor. This is done also every n minutes by extracting current running firmware via UART from each sensor connected to the Gateway to make sure that current firmware sensors have not been tampered.
A standard behavior is attested as a “Reference” and is used to approve each firmware.
If you are able and interested we will discuss in deep about the rest and requirements etc.