On the difficulty of software-based attestation of embedded devices

Castelluccia, Claude; Francillon, Aurélien; Perito, Daniele; Soriente, Claudio

doi:10.1145/1653662.1653711

Cited by 169 publications

(152 citation statements)

References 24 publications

(51 reference statements)

Supporting

Mentioning

152

Contrasting

Order By: Relevance

“…In a code compression attack, 21 the adversary can compress the original firmware codes installed within a compromised CH for obtaining available program memory space where the malicious codes can reside.…”

Section: Security Analysismentioning

confidence: 99%

See 1 more Smart Citation

SARA: Sandwiched attestation through remote agents for cluster-based wireless sensor networks

Yang

Yen

2017

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Cluster-based wireless sensor networks have advantages of scalability and efficient communication. However, a major security risk to cluster heads is a malicious code injection attack through which an adversary can completely control a cluster network to deliver fake data and obtain private data. Memory attestation scheme is an effective mechanism for attesting the firmware integrity of an embedded device. Unfortunately, existing hardware-based remote attestation scheme relying on a trusted platform module incurs a considerable storage overhead to cluster heads. Therefore, this article proposes a lightweight hardware-based remote attestation scheme that comprises two remote attestation protocols. A lightweight hardware security module without executing any complicated cryptographic computation is employed and can substantially reduce the development cost and energy consumption compared with the trusted platform module. In the proposed scheme, a base station can attest each individual cluster head while all cluster nodes can simultaneously attest their cluster head in regular intervals. Performance analysis indicates that the storage requirement for cluster heads is independent of the number of attestation sessions. Furthermore, the computational cost of cluster nodes for the proposed scheme is comparable to that of the trusted platform module-based scheme. The proposed scheme is particularly suitable for long-term applications based on lightweight cluster heads.

show abstract

Section: Security Analysismentioning

confidence: 99%

“…In the demonstration of Castelluccia et al, 21 the malicious codes can be hidden by exploiting return-oriented programming technique. The malicious codes can store its copy in the external storage and remove itself from the unused program memory space.…”

Section: Security Analysismentioning

confidence: 99%

SARA: Sandwiched attestation through remote agents for cluster-based wireless sensor networks

Yang

Yen

2017

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

show abstract

“…The SWATT technique does not require prior authentication on the verified phone memory. Two types of attacks against these software-based attestation protocols were suggested [16]. To conquer these attacks, Jakobsson et al [17] designed a new attestation protocol that evaluates both active applications in the memory and inactive programs that have been swapped out.…”

Section: Software Attestationmentioning

confidence: 99%

Enabling Users to Self-manage Networks: Collaborative Anomaly Detection in Wireless Personal Area Networks

Zheng

2012

Financial Cryptography and Data Security

View full text Add to dashboard Cite

Abstract. Personal area networks such as home or small office LANs are usually more vulnerable to cyber-attacks than those with dedicated support staff and the ability to invest consistently in security defenses. In this paper we propose leveraging physical characteristics of these personal area networks in order to enable non-technical individuals to secure their networks or at least be aware that their devices have been compromised. Our proposal leverages records of location for mobile devices, proximity authentication, and individual homophily. In this work, we summarize previous studies on securing personal networks, proximity authentication, and software attestation. We then present a preliminary design for the detection of and recovery from infection for personal area networks. Limitations and future work are also discussed.

show abstract

“…However, software attestation is difficult to deploy in practice (e.g. because of timeliness constraints and device hardware restrictions [Castelluccia et al 2009]). Attacks that locally modify the sensed environment are also still possible.…”

Section: Introductionmentioning

confidence: 99%

Detecting Malicious Data Injections in Wireless Sensor Networks

Illiano

Lupu

2015

ACM Comput. Surv.

View full text Add to dashboard Cite

Wireless Sensor Networks are widely advocated to monitor environmental parameters, structural integrity of the built environment and use of urban spaces, services and utilities. However, embedded sensors are vulnerable to compromise by external actors through malware but also through their wireless and physical interfaces. Compromised sensors can be made to report false measurements with the aim to produce inappropriate and potentially dangerous responses. Such malicious data injections can be particularly difficult to detect if multiple sensors have been compromised as they could emulate plausible sensor behaviour such as failures or detection of events where none occur. This survey reviews the related work on malicious data injection in wireless sensor networks, derives general principles and a classification of approaches within this domain, compares related studies and identifies areas that require further investigation.

show abstract

On the difficulty of software-based attestation of embedded devices

Cited by 169 publications

References 24 publications

SARA: Sandwiched attestation through remote agents for cluster-based wireless sensor networks

SARA: Sandwiched attestation through remote agents for cluster-based wireless sensor networks

Enabling Users to Self-manage Networks: Collaborative Anomaly Detection in Wireless Personal Area Networks

Detecting Malicious Data Injections in Wireless Sensor Networks

Contact Info

Product

Resources

About