RIO: Return Instruction Obfuscation for Bare-Metal IoT Devices

The proliferation of IoT comes with many challenges, among which security is one of the most serious issues. Since most IoT devices are designed based on bare-metal devices with low performance, low power, and small form factor, an attacker can easily perform firmware extraction and analysis. In addition, code reuse attacks, such as Return Oriented Programming (ROP) attacks, are possible based on the analyzed firmware information. Since most code reuse attacks are performed through a combination of gadgets that include return instructions, preventing an attacker from analyzing return instructions can be a fundamental solution for these attacks. To prevent code reuse attacks on bare-metal based IoT devices, this paper proposes Return Instruction Obfuscation (RIO). The proposed scheme encrypts all return instructions in the firmware and instruments the modules necessary to decrypt and execute the encrypted return instructions using a Low Level Virtual Machine (LLVM). Since all return instructions in the firmware are encrypted, the proposed scheme can prevent attackers from performing firmware analysis and gadget collection. The proposed scheme was implemented and evaluated on Nuvoton’s NuMaker-PFM-M2351 development board with an ARM Cortex-M23 based SoC.