Swarm-Net: Firmware Attestation in IoT Swarms Using Graph Neural Networks and Volatile Memory

Abstract

Amidst the large-scale deployment of Internet of Things (IoT) networks worldwide, studies have highlighted critical security concerns many of which stem from firmware-related issues. IoT swarms have become more prevalent in industries, smart homes, and agricultural applications and malicious activity on one node can propagate to other network sections. While several remote attestation (RA) techniques have been proposed in the literature, they are limited by their latency, availability, complexity, hardware assumptions, and uncertain access to firmware copies under intellectual property (IP) rights. To address these problems, we present Swarm-Net, a novel swarm attestation technique that uses graph neural networks (GNNs) to exploit the inherent, interconnected, graph-like structure of IoT networks and the runtime information stored in the static random access memory (SRAM). We also present the first datasets on SRAM-based swarm attestation encompassing different types of firmware and edge relationships. In addition, a secure swarm attestation protocol is proposed to ensure authentication, availability, and attestation. Swarm-Net is computationally lightweight and does not require a copy of the firmware. It achieves a 99.96% attestation rate on authentic firmware, 100% detection rate (DR) on anomalous firmware, and 99% DR on propagated anomalies, at a communication overhead and inference latency of ~1 s and $\sim 10^{-5}$ s (on a laptop CPU), respectively. In addition to the collected datasets, Swarm-Net’s effectiveness is evaluated on simulated trace replay, random trace perturbation, and dropped attestation responses, showing robustness against such threats. Lastly, we compare Swarm-Net with past works and present a security analysis.