Computer Science Department
School of Computer Science, Carnegie Mellon University
Using FIRE & ICE for Detecting and Recovering
Arvind Seshadri, Mark Luk, Adrian Perrig,
The FIRE protocols are based on ICE (Indisputable Code Execution), a mechanism providing externally verifiable code execution on off-the-shelf sensor nodes. ICE gives the following two properties: 1) the locations in memory from where the code is currently executing on a sensor node, matches memory locations being verified and 2) the memory contents being verified are correct. Together, these two properties guarantee that the code currently executing on the sensor node is correct.
The FIRE protocols represent a significant step towards designing secure sensor networks. As far as we are aware, there are no techniques for intrusion detection in adhoc and sensor networks that do make any false negative claims. Also, we do not know of any existing techniques that can automatically recover compromised sensor nodes.
We present an implementation of our FIRE protocols and ICE on current off-the-shelf sensor devices.