SobTrA

Horsch, Julian; Wessel, Sascha; Stumpf, Frederic; Eckert, Claudia

doi:10.1145/2557547.2557569

Cited by 3 publications

(9 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacks which can be carried out against an attestation protocol have been described in detail in the context of WSN and IoT respectively by [15] and [21]. However, we note that communicating with a faster machine than the client to compute r P (this attack is called a proxy attack) is considered as being out of scope by some of the works which we study [48], [90], [91].…”

Section: ) Challengesmentioning

confidence: 99%

“…To ensure a sufficient evidence level, software-based approaches use several techniques. First, the evidence can rely on the optimality of the attestation procedure [47], [48], [87], [91], [92]. Any modification of the procedure by an attacker will thus be detected by the verifier due to the higher than usual execution time.…”

Section: ) Evidence Acquisitionmentioning

confidence: 99%

“…Indeed, with this method the verifier only needs to know some key structures of the program execution and not the whole content of data memories. Third, some approaches [47], [48], [88], [91], [95] attest only some registers of the CPU reducing again the knowledge required by the verifier. The attested registers contain addressing information (program pointer or data segment pointer for example) and therefore give information about the execution of the program at runtime.…”

Section: ) Integrity Measurementmentioning

confidence: 99%

“…Approaches based on strict timing can avoid dedicated hardware since security is founded on the optimality of the attestation procedure. We note that most of them are software based [47], [48], [87], [91], [92]. However, this method brings up several problems that need to be discussed.…”

Section: ) Timingmentioning

confidence: 99%

See 3 more Smart Citations

Firmware Integrity Protection: A Survey

Marchand,

Imine,

Ouarnoughi

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Over the last years, firmware integrity protection has significantly been addressed in various contexts such as internet of things, vehicles, wireless sensor networks and other systems. However, due to variety of studied systems, the proposed approaches often make divergent and sometimes even conflicting security assumptions. In this regard, we propose in this article a complete survey of the most relevant approaches addressing the firmware integrity protection regardless the considered system or field of application. We first organize the approaches in three main categories, depending on the protection type: 1. secure update, 2. attestation, and 3. secure boot. We then propose two new taxonomies, the first one concerns secure update mechanisms and the second one considers secure boot. Moreover, we extend the scope of an existing taxonomy for attestation mechanisms by studying new approaches and discussing limitations. Finally, we identify open research challenges and then give suggestions and guidelines on how to address them.

show abstract

Section: ) Challengesmentioning

confidence: 99%

Section: ) Evidence Acquisitionmentioning

confidence: 99%

Section: ) Integrity Measurementmentioning

confidence: 99%

Section: ) Timingmentioning

confidence: 99%

See 2 more Smart Citations

Firmware Integrity Protection: A Survey

Marchand,

Imine,

Ouarnoughi

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The subject has been extensively studied in the last two decades, coinciding with the widespread dissemination of smart devices and embedded software in general. Some works propose the formalization of the basic steps of the verification process [16,17], while other works are concerned in establishing the root of trust (RoT) [18]. Recently, some works [19,20] propose the use of physically unclonable functions (PUFs) to integrate the verification process, making it more tamper-resistant.…”

Section: Software Control In Cyber-physical Systemsmentioning

confidence: 99%

Software control and intellectual property protection in cyber-physical systems

Machado

Boccardo

Sá

et al. 2016

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Software control is a critical issue in cyber-physical systems (CPS); if the expected behavior of the software embedded in a single device of a CPS cannot be enforced then the behavior of the whole CPS may be in jeopardy. Thus, CPS stakeholders like having some level of control over the embedded software. Third-party demands to control the software, however, conflict with the intellectual property protection demanded by software developers, since some level of detail about the software at hand would have to be disclosed. In the present paper, we discuss the issue of controlling the software embedded in CPS devices and address the problem of how to achieve an increased level of software control without compromising the protection of intellectual property. We propose a two-party fingerprinting scheme that allows for attribution of responsibility in the case of intellectual property leaks. Our fingerprinting scheme is such that neither party may obtain an advantage over the other by misbehaving, misrepresenting or by prematurely aborting the protocol, therefore providing a fair means to resolve disputes.

show abstract