{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:57:19Z","timestamp":1760241439078,"version":"build-2065373602"},"reference-count":69,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2018,3,6]],"date-time":"2018-03-06T00:00:00Z","timestamp":1520294400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003406","name":"Tekes","doi-asserted-by":"publisher","award":["1881\/31\/2016"],"award-info":[{"award-number":["1881\/31\/2016"]}],"id":[{"id":"10.13039\/501100003406","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JSAN"],"abstract":"<jats:p>More actuator and sensor devices are connected to the Internet of Things (IoT) every day, and the network keeps growing, while software security of the devices is often incomplete. Sensor networks and the IoT in general currently cover a large number of devices with an identical internal interface structure. By diversifying the internal interfaces, the interfaces on each node of the network are made unique, and it is possible to break the software monoculture of easily exploitable identical systems. This paper proposes internal interface diversification as a security measure for sensor networks. We conduct a study on diversifiable internal interfaces in 20 IoT operating systems. We also present two proof-of-concept implementations and perform experiments to gauge the feasibility in the IoT environment. Internal interface diversification has practical limitations, and not all IoT operating systems have that many diversifiable interfaces. However, because of low resource requirements, compatibility with other security measures and wide applicability to several interfaces, we believe internal interface diversification is a promising and effective approach for securing nodes in sensor networks.<\/jats:p>","DOI":"10.3390\/jsan7010012","type":"journal-article","created":{"date-parts":[[2018,3,6]],"date-time":"2018-03-06T12:16:27Z","timestamp":1520338587000},"page":"12","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Internal Interface Diversification as a Security Measure in Sensor Networks"],"prefix":"10.3390","volume":"7","author":[{"given":"Sampsa","family":"Rauti","sequence":"first","affiliation":[{"name":"Department of Future Technologies, University of Turku, 20140 Turku, Finland"}]},{"given":"Lauri","family":"Koivunen","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, 20140 Turku, Finland"}]},{"given":"Petteri","family":"M\u00e4ki","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, 20140 Turku, Finland"}]},{"given":"Shohreh","family":"Hosseinzadeh","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, 20140 Turku, Finland"}]},{"given":"Samuel","family":"Laur\u00e9n","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, 20140 Turku, Finland"}]},{"given":"Johannes","family":"Holvitie","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, 20140 Turku, Finland"}]},{"given":"Ville","family":"Lepp\u00e4nen","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, 20140 Turku, Finland"}]}],"member":"1968","published-online":{"date-parts":[[2018,3,6]]},"reference":[{"key":"ref_1","unstructured":"International Telecommunication Union (2012). Overview of the Internet of Things. Recommendation ITU-T Y.2060, ITU."},{"key":"ref_2","unstructured":"Gartner (2016, June 23). Gartner Says 6.4 Billion Connected Things Will Be in Use in 2016, up 30 Percent from 2015. Available online: http:\/\/www.vxdev.com\/docs\/vx55man\/vxworks\/guide\/c-vm.html."},{"key":"ref_3","unstructured":"HP Enterprise (2015). Internet of Things Research Study, Hewlett Packard Enterprise."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and Other Botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"565","DOI":"10.1016\/0167-4048(93)90054-9","article-title":"Operating System Protection through Program Evolution","volume":"12","author":"Cohen","year":"1993","journal-title":"Comput. Secur."},{"key":"ref_6","unstructured":"Forrest, S., Somayaji, A., and Ackley, D. (1997, January 5\u20136). Building Diverse Computer Systems. Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), HOTOS \u201997, Cape Cod, MA, USA."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Koivunen, L., Rauti, S., and Lepp\u00e4nen, V. (2016, January 24\u201325). Applying Internal Interface Diversification to IoT Operating Systems. Proceedings of the 2016 International Conference on Software Security and Assurance (ICSSA), St. Polten, Austria.","DOI":"10.1109\/ICSSA.2016.7"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"M\u00e4ki, P., Rauti, S., Hosseinzadeh, S., Koivunen, L., and Lepp\u00e4nen, V. (2016, January 6\u20139). Interface Diversification in IoT Operating Systems. Proceedings of the 2016 IEEE\/ACM 9th International Conference on Utility and Cloud Computing (UCC), Shanghai, China.","DOI":"10.1145\/2996890.3007877"},{"key":"ref_9","first-page":"51:1","article-title":"Attestation in Wireless Sensor Networks: A Survey","volume":"49","author":"Steiner","year":"2016","journal-title":"ACM Comput. Surv."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Larsen, P., Homescu, A., Brunthaler, S., and Franz, M. (2014, January 18\u201321). SoK: Automated Software Diversity. Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2014.25"},{"key":"ref_11","unstructured":"Rachev, B., and Smrikarov, A. (2016, January 23\u201324). A Survey on Aims and Environments of Diversification and Obfuscation in Software Security. Proceedings of the 17th International Conference on Computer Systems and Technologies CompSysTech\u201916, Palermo, Italy."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Hosseinzadeh, S., Rauti, S., Hyrynsalmi, S., and Lepp\u00e4nen, V. (2015, January 4\u20135). Security in the Internet of Things through obfuscation and diversification. Proceedings of the 2015 International Conference on Computing, Communication and Security (ICCCS), Pamplemousses, Mauritius.","DOI":"10.1109\/CCCS.2015.7374189"},{"key":"ref_13","unstructured":"Buyya, R., and Dastjerdi, A.V. (2016). Obfuscation and Diversification for Securing the Internet of Things (IoT). Internet of Things: Principles and Paradigms, Elsevier."},{"key":"ref_14","unstructured":"Hjelmvik, E., and John, W. (2010). Breaking and Improving Protocol Obfuscation, Chalmers University of Technology. Technical Report."},{"key":"ref_15","unstructured":"Chew, M., and Song, D. (2002). Mitigating Buffer Overflows by Operating System Randomization, Carnegie Mellon University. Technical Report CMU-CS-02-197."},{"key":"ref_16","unstructured":"Rauti, S., Laur\u00e9n, S., Hosseinzadeh, S., M\u00e4kel\u00e4, J., Hyrynsalmi, S., and Lepp\u00e4nen, V. (2014, January 16\u201317). Diversification of System Calls in Linux Binaries. Proceedings of the 6th International Conference on Trustworthy Systems (InTrust 2014), Beijing, China."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Laur\u00e9n, S., Rauti, S., and Lepp\u00e4nen, V. (2015, January 25\u201326). Diversification of System Calls in Linux Kernel. Proceedings of the 16th International Conference on Computer Systems and Technologies CompSysTech \u201915, Dublin, Ireland.","DOI":"10.1145\/2812428.2812447"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Lauren, S., M\u00e4ki, P., Rauti, S., Hosseinzadeh, S., Hyrynsalmi, S., and Lepp\u00e4nen, V. (2014, January 8\u201310). Symbol Diversification of Linux Binaries. Proceedings of the 2014 World Congress on Internet Security (WorldCIS), London, UK.","DOI":"10.1109\/WorldCIS.2014.7028170"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Abrath, B., Coppens, B., Volckaert, S., and De Sutter, B. (2015, January 19). Obfuscating Windows DLLs. Proceedings of the 1st International Workshop on Software Protection, Florence, Italy. SPRO \u201915.","DOI":"10.1109\/SPRO.2015.13"},{"key":"ref_20","unstructured":"Uitto, J., Rauti, S., M\u00e4kel\u00e4, J.M., and Lepp\u00e4nen, V. (2015, January 9\u201310). Preventing Malicious Attacks by Diversifying Linux Shell Commands. Proceedings of the 14th Symposium on Programming Languages and Software Tools (SPLST\u201915), Tampere, Finland."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Uitto, J., Rauti, S., and Lepp\u00e4nen, V. (2016, January 5\u20137). Practical implications and requirements of diversifying interpreted languages. Proceedings of the 11th Annual Cyber and Information Security Research Conference), Oak Ridge, TN, USA. Article No. 14.","DOI":"10.1145\/2897795.2897796"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., and Boneh, D. (2004, January 25\u201329). On the Effectiveness of Address-space Randomization. Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS \u201904, Washington, DC, USA.","DOI":"10.1145\/1030083.1030124"},{"key":"ref_23","unstructured":"Bhatkar, E., Duvarney, D.C., and Sekar, R. (2003, January 4\u20138). Address obfuscation: An efficient approach to combat a broad range of memory error exploits. Proceedings of the 12th USENIX Security Symposium, Washington, DC, USA."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"H\u00f6ller, A., Rauter, T., Iber, J., and Kreiner, C. (2015, January 7\u20138). Towards Dynamic Software Diversity for Resilient Redundant Embedded Systems. Proceedings of the 7th International Workshop on Software Engineering for Resilient Systems, SERENE 2015, Paris, France.","DOI":"10.1007\/978-3-319-23129-7_2"},{"key":"ref_25","unstructured":"Tanenbaum, A. (2014). Modern Operating Systems, Pearson."},{"key":"ref_26","first-page":"1","article-title":"A System Call Randomization Based Method for Countering Code-Injection Attacks","volume":"1","author":"Liang","year":"2009","journal-title":"Int. J. Inf. Technol. Comput. Sci. (IJITCS)"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, H.J., Xu, D., and Wang, Y. (2007, January 10\u201312). RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization. Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems, SRDS 2007, Beijing, China.","DOI":"10.1109\/SRDS.2007.36"},{"key":"ref_28","unstructured":"National Vulnerability Database (2017, December 15). Vulnerability Summary for CVE-2014-6271. Initial CVE of Shellshock Vulnerability, Available online: https:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-6271."},{"key":"ref_29","unstructured":"Portokalidis, G., and Keromytis, A. (2014). Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution. Moving Target Defense, Creating Asymmetric Uncertainty for Cyber Threats, Advances in Information Security 54, Springer."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"331","DOI":"10.3233\/JCS-2009-0322","article-title":"Address-space Layout Randomization Using Code Islands","volume":"17","author":"Xu","year":"2009","journal-title":"J. Comput. Secur."},{"key":"ref_31","unstructured":"Cook, K. (2017, December 15). Introduce Struct Layout Randomization Plugin. Available online: https:\/\/lwn.net\/Articles\/723997\/."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Shelby, Z., Hartke, K., and Bormann, C. (2014). The Constrained Application Protocol (CoAP), Internet Engineering Task Force (IETF).","DOI":"10.17487\/rfc7252"},{"key":"ref_33","unstructured":"SYSCALLS.TXT (2017, December 15). Available online: https:\/\/android.googlesource.com\/platform\/bionic.git\/+\/brillo-m9-dev\/libc\/SYSCALLS.TXT."},{"key":"ref_34","unstructured":"(2017, December 15). ChibiOS\/RT: Syscalls.c Source File. Available online: http:\/\/chibios.sourceforge.net\/html\/syscalls_8c_source.html."},{"key":"ref_35","unstructured":"Contiki Wiki (2017, December 15). Available online: https:\/\/github.com\/contiki-os\/contiki\/wiki."},{"key":"ref_36","unstructured":"Contiki Homepage (2017, December 15). Available online: http:\/\/www.contiki-os.org\/."},{"key":"ref_37","unstructured":"(2017, December 15). Cloud-Native IoT Operating System for Microcontrollers. Available online: https:\/\/github.com\/aws\/amazon-freertos."},{"key":"ref_38","unstructured":"(2017, December 15). INTEGRITY Real-Time Operating System. Available online: http:\/\/www.ghs.com\/products\/rtos\/integrity.html."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"563","DOI":"10.1007\/s11036-005-1567-8","article-title":"MANTIS OS: An embedded multithreaded operating system for wireless micro sensor platforms","volume":"10","author":"Bhatti","year":"2005","journal-title":"Mob. Netw. Appl."},{"key":"ref_40","unstructured":"(2017, December 15). mbed OS uVisor. Available online: https:\/\/github.com\/ARMmbed\/uvisor."},{"key":"ref_41","unstructured":"(2017, December 15). Apache Mynewt Repository. Available online: https:\/\/github.com\/apache\/mynewt-core."},{"key":"ref_42","unstructured":"(2017, December 15). Baselibc Library\u2014Apache Mynewt. Available online: https:\/\/mynewt.apache.org\/latest\/os\/modules\/baselibc\/."},{"key":"ref_43","unstructured":"(2017, December 15). Nano-RK: A Wireless Sensor Networking Real-Time Operating System. Available online: http:\/\/www.nano-rk.org\/projects\/nanork\/wiki."},{"key":"ref_44","unstructured":"(2017, December 15). QNX Developer Support. Available online: http:\/\/www.qnx.com\/developers\/docs\/6.3.0SP3\/neutrino\/sys_arch\/proc.html."},{"key":"ref_45","unstructured":"(2017, December 15). QNX SDP 6.6 Documentation. Available online: http:\/\/www.qnx.com\/developers\/docs\/660\/index.jsp?topic=%2Fcom.qnx.doc.neutrino.getting_started%2Ftopic%2Fs1_procs_Starting_with_system.html."},{"key":"ref_46","unstructured":"(2017, December 15). Memory Configurations. Available online: http:\/\/nuttx.org\/doku.php?id=wiki:nxinternal:memconfigs."},{"key":"ref_47","unstructured":"(2017, December 15). Firmware for Particle Devices. Available online: https:\/\/github.com\/spark\/firmware."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Baccelli, E., Hahm, O., Gunes, M., Wahlisch, M., and Schmidt, T.C. (2013, January 14\u201319). RIOT OS: Towards an OS for the Internet of Things. Proceedings of the 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Turin, Italy.","DOI":"10.1109\/INFCOMW.2013.6970748"},{"key":"ref_49","unstructured":"(2016, June 22). TinyOS Documentation Wiki. Available online: http:\/\/tinyos.stanford.edu\/tinyos-wiki."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Cao, Q., Abdelzaher, T., Stankovic, J., and He, T. (2008, January 22\u201324). The liteos operating system: Towards unix-like abstractions for wireless sensor networks. Proceedings of the 2008 International Conference On Information Processing in Sensor Networks, IPSN \u201908, St. Louis, MO, USA.","DOI":"10.1109\/IPSN.2008.54"},{"key":"ref_51","unstructured":"Wind River Systems (2003). VxWorks Kernel Programmer\u2019s Guide, Wind River."},{"key":"ref_52","unstructured":"(2017, December 15). ZwAllocateVirtualMemory Routine (Windows Drivers). Available online: https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff566416(v=vs.85).aspx."},{"key":"ref_53","unstructured":"(2017, December 15). MMU\/MPU Samples\u2014Zephyr Project Documentation. Available online: http:\/\/docs.zephyrproject.org\/samples\/mpu\/index.html."},{"key":"ref_54","unstructured":"(2017, December 15). Zephyr Project: System Calls. Available online: http:\/\/docs.zephyrproject.org\/kernel\/usermode\/syscalls.html."},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., and Keromytis, A. (2010, January 6\u201310). Fast and Practical Instruction-set Randomization for Commodity Systems. Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC \u201910, Austin, TX, USA.","DOI":"10.1145\/1920261.1920268"},{"key":"ref_56","unstructured":"Amadeo, R. (2017, December 15). Google\u2019s new \u201cAndroid Things\u201d OS hopes to solve awful IoT security. Available online: https:\/\/arstechnica.com\/gadgets\/2016\/12\/google-brillo-rebrands-as-android-things-googles-internet-of-things-os\/."},{"key":"ref_57","unstructured":"Shelby, Z., and Bormann, C. (2011). 6LoWPAN: The Wireless Embedded Internet, John Wiley & Sons."},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Sastry, N., and Wagner, D. (2004, January 1). Security considerations for IEEE 802.15. 4 networks. Proceedings of the 3rd ACM Workshop on Wireless Security, Philadelphia, PA, USA.","DOI":"10.1145\/1023646.1023654"},{"key":"ref_59","unstructured":"(2017, December 15). FreeRTOS-MPU\u2014ARM Cortex-M3 and ARM Cortex-M4 Memory Protection Unit Support in FreeRTOS. Available online: https:\/\/www.freertos.org\/FreeRTOS-MPU-memory-protection-unit.html."},{"key":"ref_60","unstructured":"(2017, December 15). CVE-2016-3714. Available online: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-3714."},{"key":"ref_61","unstructured":"Pop, A.R. (2010). DEP\/ASLR Implementation Progress in Popular Third-Party Windows Applications, Secunia Research."},{"key":"ref_62","doi-asserted-by":"crossref","unstructured":"Kil, C., Jun, J., Bookholt, C., Xu, J., and Ning, P. (2006, January 11\u201315). Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software. Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC \u201906, Miami Beach, FL, USA.","DOI":"10.1109\/ACSAC.2006.9"},{"key":"ref_63","unstructured":"Shacham, H. (2017\u20132, January 29). The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86). Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS \u201907, Alexandria, VA, USA."},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Crane, S.J., Volckaert, S., Schuster, F., Liebchen, C., Larsen, P., Davi, L., Sadeghi, A.R., Holz, T., De Sutter, B., and Franz, M. (2015, January 12\u201316). It\u2019s a TRaP: Table Randomization and Protection Against Function-Reuse Attacks. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, It\u2019s a TRaP: Table Randomization and Protection Against Function-Reuse, CCS \u201915, Attacks, CO, USA.","DOI":"10.1145\/2810103.2813682"},{"key":"ref_65","unstructured":"(2017, December 15). Diversification on Thingsee One Firmware. Available online: https:\/\/gitlab.utu.fi\/soft\/thingsee-sdk."},{"key":"ref_66","unstructured":"(2017, December 15). Shuffle-ld\u2014Layout Shuffling Diversification\u2014Binutils. Available online: https:\/\/gitlab.utu.fi\/soft\/binutils-gdb."},{"key":"ref_67","unstructured":"(2017, December 15). Procedure Call Standard for the ARM\u00ae Architecture. Available online: http:\/\/infocenter.arm.com\/help\/topic\/com.arm.doc.ihi0042f\/IHI0042F_aapcs.pdf."},{"key":"ref_68","doi-asserted-by":"crossref","unstructured":"Aldini, A., Barthe, G., and Gorrieri, R. (2009). Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks. Foundations of Security Analysis and Design V: FOSAD 2007\/2008\/2009 Tutorial Lectures, Springer.","DOI":"10.1007\/978-3-642-03829-7"},{"key":"ref_69","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1016\/j.comnet.2014.03.027","article-title":"Energy efficiency in wireless sensor networks: A top-down survey","volume":"67","author":"Rault","year":"2014","journal-title":"Comput. Netw."}],"container-title":["Journal of Sensor and Actuator Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2224-2708\/7\/1\/12\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T14:57:44Z","timestamp":1760194664000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2224-2708\/7\/1\/12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,3,6]]},"references-count":69,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2018,3]]}},"alternative-id":["jsan7010012"],"URL":"https:\/\/doi.org\/10.3390\/jsan7010012","relation":{},"ISSN":["2224-2708"],"issn-type":[{"type":"electronic","value":"2224-2708"}],"subject":[],"published":{"date-parts":[[2018,3,6]]}}}