PADS: Practical Attestation for Highly Dynamic Swarm Topologies

Ambrosin, Moreno; Conti, Mauro; Lazzeretti, Riccardo; Rabbani, Masoom; Ranise, Silvio

doi:10.1109/siot.2018.00009

Cited by 35 publications

(49 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To propagate the attestation requests and aggregate the attestation results in an efficient manner, these schemes construct the network as a balanced binary tree, in which devices have a parent-child relationship. To enable attestation in highly dynamic networks, PADS [ 21 ] and SALAD [ 22 ] integrate consensus techniques in the remote attestation solutions. Other RA protocols (such as ESDRA [ 23 ], DIAT [ 24 ]) employ distributed verifiers.…”

Section: Related Workmentioning

confidence: 99%

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Ankergård

Dushku

Dragoni

2021

Sensors

View full text Add to dashboard Cite

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

show abstract

Section: Related Workmentioning

confidence: 99%

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Ankergård

Dushku

Dragoni

2021

Sensors

View full text Add to dashboard Cite

show abstract

“…However, device mobility is indispensable in real life scenarios (e.g., self-driving cars, drones). To address this unique challenge, Ambrosin et al proposed practical attestation for dynamic swarms (PADS) [18]. The authors fuse the idea of selfattestation (i.e., [17]) and sensor technology.…”

Section: Related Workmentioning

confidence: 99%

“…The main objective of an adversary is to incur damage or interrupt network operations without being detected during attestation. In line with other swarm attestation schemes [5], [6], [7], [17], [18], we consider software-only adversaries. We follow the classification proposed by Abera et al [19] to categorize the capabilities of our presumed adversaries:…”

Section: B Adversary Modelmentioning

confidence: 99%

SHeLA: Scalable Heterogeneous Layered Attestation

Rabbani

Vliegen

Winderickx

et al. 2019

IEEE Internet Things J.

Self Cite

View full text Add to dashboard Cite

This paper proposes a novel mechanism for swarm attestation, i.e., the remote attestation of a multitude of interconnected devices, also called a swarm of devices. Classical remote attestation protocols work with one prover and one verifier. Swarm attestation protocols assume that the devices in the swarm act both as verifier and prover in order to attest the software integrity of all the devices to a root verifier, typically in a spanning-tree topology. We propose "SHeLA: Scalable Heterogeneous Layered Attestation", a novel remote attestation technique for swarms. Our approach consists of introducing an additional edge layer in between the root verifier and the swarm devices. The edge layer consists of geographically spread devices with a larger computational power and storage capacity than the swarm devices. The main challenges we address are related to the scalability of the swarm, the availability or visibility of the nodes (especially when they are mobile), the heterogeneity of the devices with respect to the wireless communication protocol and interface, and the granularity of the attestation in terms of detecting the sanity of individual swarm devices. We build a proof-of-concept network that allows us to evaluate the computational delay and the resource overhead of the edge and swarm devices, and to perform a thorough security analysis.

show abstract

“…The previous results of remote attestation on IoT devices show that it is a very well formulated, optimum, faultless, and best security solution for today's IoT environment. 27 The detailed discussion on attestation process is out of the scope of this paper, therefore we refer interested readers to more comprehensive works given by Ibrahim et al 28 and Kohnhäuser et al 29 The main components of the SMART integrated CENSOR architecture are as follow.…”

Section: Security Module Of Censormentioning

confidence: 99%

“…Any event of malicious activity will be notified at the time of remote‐attestation process because only the owner will have the read and write access to the hardware executing the attestation software. The previous results of remote attestation on IoT devices show that it is a very well formulated, optimum, faultless, and best security solution for today's IoT environment . The detailed discussion on attestation process is out of the scope of this paper, therefore we refer interested readers to more comprehensive works given by Ibrahim et al and Kohnhäuser et al…”

Section: Proposed Architecture: Censormentioning

confidence: 99%

CENSOR: Cloud‐enabled secure IoT architecture over SDN paradigm

Conti

Kaliyar

Lal

2018

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

The cyber-security threats to low-cost end-user devices could severely undermine the expected deployment of Internet of Thing (IoT) solutions in a range of real-world applications such as environment monitoring, transportation, and manufacturing. Additionally, the huge amount of data generated by these devices posses new challenges concerning tasks such as efficient information acquisition and analysis, decision making, and action implementation. In this paper, we propose CENSOR, a novel cloud-enabled secure IoT network architecture based on SDN paradigm. We discuss the significant benefits as well as challenges that are inherent while performing integration of SDN and IoT in CENSOR. We show that the emerging software-based networking features combined with the cloud computing solutions can significantly improve the security and communication reliability in the target IoT scenarios. In particular, to provide the adequate security measures in the network, CENSOR uses a lightweight and scalable software remote attestation scheme, which ensures the integrity of the software that is being executed by the IoT devices to achieve the application specific goals in the network. We further discuss the improvements in data communication and data overhead that can be achieved in CENSOR due to its convergence with the cloud computing (at back-end) and fog computing services (at edge routers or front-end). A Smart City use-case has been considered as a target IoT scenario to analyze the feasibility and effectiveness of CENSOR concerning the communication security and the network scalability parameters. Additionally, we provide future research directions along with the recent industry initiatives that include open issues in the integration and deployment of cloud-enabled SDN-based IoT networks. KEYWORDScloud computing, internet of things, remote attestation, security, software defined networks INTRODUCTIONWith the advancements in the hardware and the functionalities of smart-devices, a vast array of smart applications are being deployed to create an Internet of Things (IoT) ecosystem. As millions of devices are connecting every day to the Internet, securing and managing such exponentially growing networks is becoming a challenge for network managers. In this context, the Software Defined Networking (SDN), 1 a new networking paradigm, introduces features such as ubiquitous accessibility, dynamic resource management, robust open programmable interfaces, and logically centralized control, to overcome various management and security issues in future generation networks such as Information Centric Networking (ICN) 2 and 5G. SDN separates the control plane and the data plane. The network intelligence and state are logically centralized (by using distributed controllers), and the underlying network infrastructure is abstracted from applications, hence it enables support for heterogeneous device communication. SDN design helps in enhancing network security through global visibility of the network state where the logically centralized c...

show abstract

PADS: Practical Attestation for Highly Dynamic Swarm Topologies

Cited by 35 publications

References 25 publications

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

SHeLA: Scalable Heterogeneous Layered Attestation

CENSOR: Cloud‐enabled secure IoT architecture over SDN paradigm

Contact Info

Product

Resources

About