Abstract
Remote attestation has emerged as a powerful security mechanism that ascertains the legitimate operation of potential untrusted devices. In particular, it is used to establish trust in Internet of Things (IoT) devices, which are becoming ubiquitous and are increasingly interconnected, making them more vulnerable to malware attacks. A considerable number of prior works in Remote attestation aim to detect the presence of malware in IoT devices by validating the correctness of the software running on a single device. However, the interoperability between IoT devices raises a need for an extension of the existing attestation schemes towards an approach that detects the possible malicious behavior of devices caused by compromised remote services in the system.
In this paper, we discuss the impact of a compromised service in a distributed service setting. We show that due to a malicious input received, a device of the distributed service can perform an unexpected task, even though it runs a genuine software. To detect these devices that exhibit a non legitimate behavior in the system, we propose a novel approach that ensures the integrity of distributed services in a collaborative IoT system. We discuss the effectiveness of our proposal on validating the impact of a malicious service over a set of distributed services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Roy, S., Conti, M., Setia, S., Jajodia, S.: Secure data aggregation in wireless sensor networks: filtering out the attacker’s impact. IEEE Trans. Inf. Forensics Secur. 9(4), 681–694 (2014)
Roy, S., Conti, M., Setia, S., Jajodia, S.: Secure data aggregation in wireless sensor networks. IEEE Trans. Inf. Forensics Secur. 7(3), 1040–1052 (2012)
Zhang, L., Zhang, H., Conti, M., Di Pietro, R., Jajodia, S., Mancini, L.V.: Preserving privacy against external and internalthreats in WSN data aggregation. Telecommun. Syst. 52(4), 2163–2176 (2011)
Roy, S., Conti, M., Setia, S., Jajodia, S.: Secure mediancomputation in wireless sensor networks. Ad Hoc Netw. 7(8), 1448–1462 (2009)
Conti, M., Zhang, L., Roy, S., Di Pietro, R., Jajodia, S., Mancini, L.V.: Privacy-preserving robust data aggregation in wireless sensornetworks. Secur. Commun. Netw. 2(2), 195–213 (2009)
Conti, M.: Secure Wireless Sensor Networks. Springer, New York (2015). https://doi.org/10.1007/978-1-4939-3460-7
Gabrielli, A., Mancini, L.V., Setia, S., Jajodia, S.: Securing topology maintenance protocols for sensor networks. IEEE Trans. Dependable Secur. Comput. 8(3), 450–465 (2011)
Compagno, A., Conti, M., Droms, R.: OnboardICNg: a secure protocol for on-boarding IoT devices in ICN. In: Proceedings of the 2016 Conference on 3rd ACM Conference on Information-Centric Networking-ACM-ICN 2016. ACM Press (2016)
Di Pietro, R., Mancini, L.V., Jajodia, S.: Providing secrecy in key management protocols for large wireless sensors networks. Ad Hoc Netw. 1(4), 455–468 (2003)
Zhu, B., Setia, S., Jajodia, S., Roy, S., Wang, L.: Localized multicast: efficient and distributed replica detection in large-scale sensor networks. IEEE Trans. Mob. Comput. 9(7), 913–926 (2010)
Conti, M., Di Pietro, R., Mancini, L.V., Mei, A.: Distributed detection of clone attacks in wireless sensor networks. IEEE Trans. Dependable Secur. Comput. 8(5), 685–698 (2011)
Company, M.: The internet of things: mapping the value beyond the hype, June 2015. http://www.mckinsey.com/. Accessed 15 Dec 2017
KrebsonSecurity: Mirai Botnete, October 2016.http://krebsonsecurity.com/tag/mirai-botnet. Accessed 15 Dec 2017
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE, May 2016
Ronen, E., Shamir, A., Weingarten, A.O., OFlynn, C.: IoT goes nuclear: creating a ZigBee chain reaction. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE, May 2017
Abera, T., et al.: C-FLAT: control-flow attestation for embedded systems software. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS 2016. ACM Press (2016)
Asokan, N., et al.: SEDA: scalable embedded device attestation. In: Proceedings of the 22nd ACM SIGSAC Conferenceon Computer and Communications Security - CCS 2015. ACM Press (2015)
Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A.R., Schunter, M.: SANA: secure and scalable aggregate network attestation. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS 2016. ACM Press (2016)
Ambrosin, M., Conti, M., Lazzeretti, R., Rabbani, M.M., Ranise, S.: Toward secure and efficient attestation for highly dynamic swarms.In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks - WiSec 2017. ACM Press (2017)
Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: towards providing complete system integrity evidence. In: 2009 IEEE/IFIP International Conference on Dependable Systems & Networks. IEEE, June 2009
Dessouky, G., et al.: LO-FAT: low-overhead control flow attestation in hardware. In: Proceedings of the 54th Annual Design Automation Conference 2017 - DAC 2017. ACM Press (2017)
Shi, E., Perrig, A., Doorn, L.V.: BIND: a fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy (SP). IEEE, May 2005
Senrio: Devil’s Ivy, July 2017. http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions. Accessed 15 Dec 2017
Shacham, H.: The geometry of innocent flesh on the bone. In: Proceedings of the 14th ACM Conference on Computer and Communications Security - CCS 2007. ACM Press (2007)
Acknowledgement
Mauro Conti is supported by a Marie Curie Fellowship funded by the European Commission (agreement PCIG11-GA-2012-321980). This work is also partially supported by the EU TagItSmart! Project (agreement H2020-ICT30-2015-688061), the EU-India REACH Project (agreement ICI+/2014/342-896), by the project CNR-MOST/Taiwan 2016-17 “Verifiable Data Structure Streaming”, the grant n. 2017-166478 (3696) from Cisco University Research Program Fund and Silicon Valley Community Foundation, and by the grant “Scalable IoT Management and Key security aspects in 5G systems” from Intel. Luigi V. Mancini and Edlira Dushku are supported by the Progetto Ateneo 2017, “Protect yourself and your data when using social network”, Sapienza University of Rome.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Conti, M., Dushku, E., Mancini, L.V. (2018). Distributed Services Attestation in IoT. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-04834-1_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04833-4
Online ISBN: 978-3-030-04834-1
eBook Packages: Computer ScienceComputer Science (R0)