State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Ankergård, Sigurd Frej Joel Jørgensen; Dushku, Edlira; Dragoni, Nicola

doi:10.3390/s21051598

Cited by 30 publications

(9 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software-based schemes (e.g., SWATT [13], Pioneer [14]) do not make any hardware assumption and purely rely on the strict execution time of the RA protocol. Despite their advantages, software-based RA schemes do not provide strong security guarantees [15,16]. Hardware-based schemes (e.g., [17,18]) use a tamper-resistance hardware module as a Trusted Execution Environment (TEE).…”

Section: Remote Attestation Overviewmentioning

confidence: 99%

Memory Offloading for Remote Attestation of Multi-Service IoT Devices

Dushku

Østergaard

Dragoni

2022

Sensors

Self Cite

View full text Add to dashboard Cite

Remote attestation (RA) is an effective malware detection mechanism that allows a trusted entity (Verifier) to detect a potentially compromised remote device (Prover). The recent research works are proposing advanced Control-Flow Attestation (CFA) protocols that are able to trace the Prover’s execution flow to detect runtime attacks. Nevertheless, several memory regions remain unattested, leaving the Prover vulnerable to data memory and mobile adversaries. Multi-service devices, whose integrity is also dependent on the integrity of any attached external peripheral devices, are particularly vulnerable to such attacks. This paper extends the state-of-the-art RA schemes by presenting ERAMO, a protocol that attests larger memory regions by adopting the memory offloading approach. We validate and evaluate ERAMO with a hardware proof-of-concept implementation using a TrustZone-capable LPC55S69 running two sensor nodes. We enhance the protocol by providing extensive memory analysis insights for multi-service devices, demonstrating that it is possible to analyze and attest the memory of the attached peripherals. Experiments confirm the feasibility and effectiveness of ERAMO in attesting dynamic memory regions.

show abstract

Section: Remote Attestation Overviewmentioning

confidence: 99%

Memory Offloading for Remote Attestation of Multi-Service IoT Devices

Dushku

Østergaard

Dragoni

2022

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…In general RA is classified into three categories: software-based, hardware-based and hybrid RA. Software RA [29], [6] does not require specialized hardware components but instead uses timing requirements to ensure the attestation code has not been tampered with. However, software-based RA schemes rely on strong adversarial assumptions and do not provide secure storage for protecting device's keys and the attestation code.…”

Section: Related Workmentioning

confidence: 99%

PERMANENT: Publicly Verifiable Remote Attestation for Internet of Things Through Blockchain

Ankergård

Dushku

Dragoni

2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Remote Attestation (RA) is a security mechanism that allows a centralized trusted entity (Verifier) to check the trustworthiness of a potentially compromised IoT device (Prover). With the tsunami of interconnected IoT devices, the advancement of swarm RA schemes that efficiently attest large IoT networks has become crucial. Recent swarm RA approaches work towards distributing the attestation verification from a centralized Verifier to many Verifiers. However, the assumption of trusted Verifiers in the swarm is not practical in large networks. In addition, the state-of-the-art RA schemes do not establish network-wide decentralized trust among the interacting devices in the swarm. This paper proposes PERMANENT, a Publicly Verifiable Remote Attestation protocol for Internet of Things through Blockchain, which stores the historical attestation results of all devices in a blockchain and allows each interacting device to obtain the attestation result. PERMANENT enables devices to make a trust decision based on the historical attestation results. This feature allows the interaction among trustworthy devices (or with a trust score over a certain threshold) without the computational overhead of attesting every participating device before each interaction. We validate PERMANENT with a proof-of-concept implementation, using Hyperledger Sawtooth as the underlying blockchain. The conducted experiments confirm the feasibility of the PERMANENT protocol.

show abstract

“…There are also software based RA solutions, and hybrid versions with limited requirements on protected memory areas. There is active research in the area [15] as well as large ongoing IETF standardisation efforts [16].…”

Section: Preparations For Operator Changementioning

confidence: 99%

Towards Automated PKI Trust Transfer for IoT

Höglund

Raza

Furuhed³

2022

2022 IEEE International Conference on Public Key Infrastructure and Its Applications (PKIA)

View full text Add to dashboard Cite

IoT deployments grow in numbers and size and questions of long time support and maintainability become increasingly important. To prevent vendor lock-in, standard compliant capabilities to transfer control of IoT devices between service providers must be offered. We propose a lightweight protocol for transfer of control, and we show that the overhead for the involved IoT devices is small and the overall required manual overhead is minimal. We analyse the fulfilment of the security requirements to verify that the stipulated requirements are satisfied.

show abstract

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Cited by 30 publications

References 47 publications

Memory Offloading for Remote Attestation of Multi-Service IoT Devices

Memory Offloading for Remote Attestation of Multi-Service IoT Devices

PERMANENT: Publicly Verifiable Remote Attestation for Internet of Things Through Blockchain

Towards Automated PKI Trust Transfer for IoT

Contact Info

Product

Resources

About