Hardware-assisted Remote Runtime Attestation for Critical Embedded Systems

Geden, Munir; Rasmussen, Kasper

doi:10.1109/pst47121.2019.8949036

Cited by 9 publications

(9 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The works led to later works in terms of cell-and block-based pseudo-random checksum, respectively. A few recent works include hardware-assisted remote runtime attestation [8] that addresses runtime attack detection, a low-cost checksum-based remote memory attestation for smart grid [21], lightweight remote attestation in distributed wireless sensor networks where all nodes validate each other's data [9], and so on. Survey papers on attestation, for example, Steiner et al presented a more comprehensive overview on checksum-based attestation [16].…”

Section: Remote Attestationmentioning

confidence: 99%

Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies

Roy¹,

Kadir²,

Vorobeychik³

et al. 2021

Preprint

View full text Add to dashboard Cite

Internet of Things (IoT) devices and applications can have significant vulnerabilities, which may be exploited by adversaries to cause considerable harm. An important approach for mitigating this threat is remote attestation, which enables the defender to remotely verify the integrity of devices and their software. There are a number of approaches for remote attestation, and each has its unique advantages and disadvantages in terms of detection accuracy and computational cost. Further, an attestation method may be applied in multiple ways, such as various levels of software coverage. Therefore, to minimize both security risks and computational overhead, defenders need to decide strategically which attestation methods to apply and how to apply them, depending on the characteristic of the devices and the potential losses.To answer these questions, we first develop a testbed for remote attestation of IoT devices, which enables us to measure the detection accuracy and performance overhead of various attestation methods. Our testbed integrates two example IoT applications, memory-checksum based attestation, and a variety of software vulnerabilities that allow adversaries to inject arbitrary code into running applications. Second, we model the problem of finding an optimal strategy for applying remote attestation as a Stackelberg security game between a defender and an adversary. We characterize the defender's optimal attestation strategy in a variety of special cases. Finally, building on experimental results from our testbed, we evaluate our model and show that optimal strategic attestation can lead to significantly lower losses than naïve baseline strategies.

show abstract

Section: Remote Attestationmentioning

confidence: 99%

Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies

Roy¹,

Kadir²,

Vorobeychik³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Even though benchmark experiments have never identified those structures as critical entirely, in such a case, we suggest using checksums to digest consecutive elements of composite variables (e.g. URL) similar to the previous work [12].…”

Section: Value-based Integrity Checksmentioning

confidence: 99%

TRUVIN: Lightweight Detection of Data Oriented Attacks Through Trusted Value Integrity

Geden

Rasmussen

2020

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Self Cite

View full text Add to dashboard Cite

Data-oriented attacks, where the adversary corrupts critical program data in memory, remain one of the most challenging security threats to address. Because the attacker does not touch any code or code pointers, dataoriented attacks are able to circumvent common defence strategies such as data execution prevention or control-flow protection. Data-flow integrity (DFI) techniques can address these attacks by detecting corruption of any program data. However, due to high performance penalties, these techniques are not widely adopted in practice. This paper presents TRUVIN, a lightweight scheme that mitigates data-oriented attacks by focusing on only those variables which are crucial to the integrity assurance. Instead of instrumenting every memory operation, TRUVIN selectively defends program data that originate from only trusted agents (e.g. the programmer), as they are considered critical to the runtime integrity. Our analysis is performed at compile-time and generates instrumentation only for the necessary operations. TRUVIN reduces the performance cost by a factor of 4.3 on average with 28% overhead compared to full instrumentation (121%), while retaining the security guarantees.

show abstract

“…Is it enough if the computing platform guarantees the integrity of the input and function? The remote attestation technique [19]- [21], [26] can be used to verify such integrity, as well as the integrity of the control flow. When remote attestation is used for embedded systems, the entire memory space can be verified (even though it is still challenging, because of dynamic memory regions), but, for servers, this is not feasible.…”

Section: Background and Motivationmentioning

confidence: 99%

“…Existing trusted hardware approaches can be classified into hardware-based root-of-trust [17], [18], attestation [19]- [21], and isolation [22]- [24]. In the hardware-based root-of-trust approaches [17], [18], the security of a system is enhanced by building the system based on the invariants guaranteed by dedicated hardware.…”

Section: B Hardware Approachesmentioning

confidence: 99%

“…For example, the private key stored in Trusted Platform Module (TPM) [18] can be used to authenticate software running on the system. The attestation techniques [19]- [21], [23], [26]- [28] are used to validate the integrity of a program, its execution (control flow integrity), and/or data integrity. The isolation approaches [22]- [24] provide a hardware mechanism to segregate system resources from potentially malicious programs.…”

Section: B Hardware Approachesmentioning

confidence: 99%

See 1 more Smart Citation

Practical Verifiable Computation by Using a Hardware-Based Correct Execution Environment

et al. 2020

View full text Add to dashboard Cite

The verifiable computation paradigm has been studied extensively as a means to verifying the result of outsourced computation. In said scheme, the verifier requests computation from the prover and verifies the result by checking the output and proof received from the prover. Although they have great potential for various critical applications, verifiable computations have not been widely used in practice, because of their significant performance overhead. Existing cryptography-based approaches incur significant overhead, because a cryptography-based mathematical frame needs to be constructed, which prevents deviation from the correct computation. The proposed approach is to reduce the overhead by trusting the computing hardware platform where the computation is outsourced. If one trusts the hardware to do the computation, the hardware can take the place of the cryptographic computing frame, thereby guaranteeing correct computation. The key challenge of this approach is to define what exactly the hardware should guarantee for verifiable computation. For this, we introduce the concept of Correct Execution Environment (CEE), which guarantees instruction correctness and state preservation. We prove that these two requirements are satisfactory conditions for a correct output. By employing a CEE, the verifiable computation scheme can be simplified, and its overhead can be reduced drastically. The presented experimental results demonstrate that the execution time is approximately 1.7 million times faster and the verification time over 50 times faster than a state-of-the-art cryptographic approach.

show abstract

Hardware-assisted Remote Runtime Attestation for Critical Embedded Systems

Cited by 9 publications

References 15 publications

Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies

Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies

TRUVIN: Lightweight Detection of Data Oriented Attacks Through Trusted Value Integrity

Practical Verifiable Computation by Using a Hardware-Based Correct Execution Environment

Contact Info

Product

Resources

About