Abstract
We investigate and address the currently unsolved problem of trust establishment in large-scale Internet of Things (IoT) networks where heterogeneous devices and mutually mistrusting stakeholders are involved. We design, prototype and evaluate LegIoT, a novel, probabilistic trust management system that enables secure, dynamic and flexible (yet inexpensive) trust relationships in large IoT networks. The core component of LegIoT is a novel graph-based scheme that allows network devices (graph nodes) to re-use the already existing trust associations (graph edges) very efficiently; thus, significantly reducing the number of individually conducted trust assessments. Since no central trusted third party exists, LegIoT leverages Distributed Ledger Technology (DLT) to create and manage the trust relation graph in a decentralized manner. The trust assessment among devices can be instantiated by any appropriate assessment technique, for which we focus on remote attestation (integrity verification) in this paper. We prototyped LegIoT for Hyperledger Sawtooth and demonstrated through evaluation that the number of trust assessments in the network can be significantly reduced – e.g., by a factor of 20 for a network of 400 nodes and factor 5 for 1000 nodes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Available under the link: https://github.com/legiot/LegIoT.
- 2.
An edge is equivalent to a direct trust rating \(T_i(j)\) of two nodes; yet, we simply use
for better readability. - 3.
for better readability.References
Abdul-Rahman, A., Hailes, S.: A distributed trust model. In: Proceedings of the 1997 Workshop on New Security Paradigms, pp. 48–60 (1998)
Abera, T., et al.: C-FLAT: control-flow attestation for embedded systems software. In: ACM SIGSAC CCS (2016)
Abera, T., et al.: Things, trouble, trust: on building trust in IoT systems. In: ACM DAC (2016)
Abera, T., Bahmani, R., Brasser, F., Ibrahim, A., Sadeghi, A.R., Schunter, M.: DIAT: data integrity attestation for resilient collaboration of autonomous systems. In: NDSS (2019)
Aberer, K., Despotovic, Z.: Managing trust in a peer-to-peer information system. In: ACM CIKM (2001)
Alexopoulos, N., Daubert, J., Mühlhäuser, M., Habib, S.M.: Beyond the hype: on using blockchains in trust management for authentication. In: IEEE Trustcom/BigDataSE/ICESS (2017)
Alexopoulos, N., Vasilomanolakis, E., Ivánkó, N.R., Mühlhäuser, M.: Towards blockchain-based collaborative intrusion detection systems. In: CRITIS (2017)
Alves, T., Felton, D.: TrustZone: integrated hardware and software security (2004)
Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A.R., Schunter, M.: SANA: secure and scalable aggregate network attestation. In: ACM SIGSAC CCS (2016)
Ammar, M., Washha, M., Ramabhadran, G.S., Crispo, B.: Slimiot: scalable lightweight attestation protocol for the Internet of Things. In: IEEE DSC (2018)
Asokan, N., et al.: SEDA: scalable embedded device attestation. In: ACM SIGSAC CCS (2015)
Banerjee, M., Lee, J., Chen, Q., Choo, K.R.: Blockchain-based security layer for identification and isolation of malicious things in IoT: a conceptual design. In: ICCCN (2018)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: IEEE S&P (1996)
Buchegger, S., Le Boudec, J.Y.: Performance analysis of the CONFIDANT protocol. In: ACM MOBIHOC (2002)
Buterin, V.: A next-generation smart contract and decentralized application platform. Whitepaper (2014). https://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf
Carpent, X., ElDefrawy, K., Rattanavipanon, N., Tsudik, G.: Lightweight swarm attestation: a tale of two LISA-s. In: ACM AsiaCCS (2017)
Cervesato, I.: The Dolev-Yao intruder is the most powerful attacker. In: ACM/IEEE LICS (2001)
Dardaman, C.: Breaking & entering with Zipato SmartHubs (2019). https://blackmarble.sh/zipato-smart-hub/
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29, 198–208 (1983)
Eldefrawy, K., Tsudik, G., Francillon, A., Perito, D.: Smart: secure and minimal architecture for (establishing dynamic) root of trust. In: NDSS (2012)
Elkins, M., Torto, D.D., Levien, R., Roessler, T.: MIME Security with OpenPGP, IETF RFC 3156 (2001). www.ietf.org/rfc/rfc3156.txt
Eschenauer, L., Gligor, V., Baras, J.: On trust establishment in mobile ad-hoc networks. In: Security Protocols Workshop (2002)
WE Forum: This is how a smart factory actually works (2019). https://www.weforum.org/agenda/2019/06/connectivity-is-driving-a-revolution-in-manufacturing/
Francillon, A., Nguyen, Q., Rasmussen, K.B., Tsudik, G.: A minimalist approach to remote attestation. In: DATE (2014)
Golomb, T., Mirsky, Y., Elovici, Y.: CIoTA: collaborative IoT anomaly detection via blockchain. CoRR (2018)
Hemsley, K., Fisher, R.: History of industrial control system cyber incidents (2018)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure, Certificate and CRL Profile, IETF RFC 2459 (1999). www.ietf.org/rfc/rfc2459.txt
Hyperledger: Hyperledger Sawtooth - a modular platform for building, deploying, and running distributed ledgers (2018). https://www.hyperledger.org/projects/sawtooth
Hyperledger: Hyperledger Sawtooth v1.1.4 documentation (2019). https://sawtooth.hyperledger.org/docs/core/releases/1.1.4/
Ibrahim, A., Sadeghi, A.R., Tsudik, G., Zeitouni, S.: DARPA: device attestation resilient to physical attacks. In: 9th ACM WiSec (2016)
Jøsang, A., Hayward, R., Pope, S.: Trust network analysis with subjective logic. In: Australasian Computer Science Conference (2006)
Koeberl, P., Schulz, S., Sadeghi, A.R., Varadharajan, V.: TrustLite: a security architecture for tiny embedded devices. In: EuroSys (2014)
Kohnhäuser, F., Büscher, N., Gabmeyer, S., Katzenbeisser, S.: Scapi: a scalable attestation protocol to detect software and physical attacks. In: ACM WiSec (2017)
Kohnhäuser, F., Büscher, N., Katzenbeisser, S.: Salad: secure and lightweight attestation of highly dynamic and disruptive networks. In: ACM AsiaCCS (2018)
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE S&P 9, 49–51 (2011)
Li, H., Singhal, M.: Trust management in distributed systems. Computers 40(2), 45–53 (2007)
Marti, S., Giuli, T.J., Lai, K., Baker, M.: Mitigating routing misbehavior in mobile ad hoc networks. In: MobiCom (2000)
Meng, W., Tischhauser, E.W., Wang, Q., Wang, Y., Han, J.: When intrusion detection meets blockchain technology: a review. IEEE Access 6, 10179–10188 (2018)
Moinet, A., Darties, B., Baril, J.L.: Blockchain based trust & authentication for decentralized sensor networks. CoRR (2017)
Park, J., Kim, K.: TM-Coin: Trustworthy management of TCB measurements in IoT. In: PerCom Workshops. IEEE (2017)
Pearson, S., Balacheff, B.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall Professional (2003)
Rayner, G.: Smart meters could leave British homes vulnerable to cyber attacks, experts have warned (2018). https://www.telegraph.co.uk/news/2018/02/18/smart-meters-could-leave-british-homes-vulnerable-cyber-attacks/
Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: what it is, and what it is not. In: IEEE Trustcom/BigDataSE/ISPA (2015)
Scout, S.L.: Guide on Airbnb smart locks (2019). https://www.postscapes.com/airbnb-smart-lock/
Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: Using software-based attestation for verifying embedded systems in cars. In: ESCAR Workshop (2004)
Signorini, M., Pontecorvi, M., Kanoun, W., Di Pietro, R.: Bad: blockchain anomaly detection. CoRR (2018)
Stajano, F., Anderson, R.: The resurrecting duckling: security issues for ad hoc wireless networks. In: Security Protocols Workshop (1999)
TCG: Trusted computing group. https://trustedcomputinggroup.org/
Wang, Y., Vassileva, J.: Bayesian network-based trust model. In: IEEE/WIC WI 2003, pp. 372–378. IEEE (2003)
World, T.: IoT in utilities market forecasted to grow to \$53.8 billion by 2024 (2020). https://www.tdworld.com/grid-innovations/article/21120887/iot-in-utilities-market-worth-538-billion-by-2024
Xiong, L., Liu, L.: Building trust in decentralized peer-to-peer electronic communities. In: ICEC (2002)
Xu, C., Liu, H., Li, P., Wang, P.: A remote attestation security model based on privacy-preserving blockchain for v2x. IEEE Access 6, 67809–67818 (2018)
Yu, B., Singh, M.P.: A social mechanism of reputation management in electronic communities. In: Klusch, M., Kerschberg, L. (eds.) CIA 2000. LNCS (LNAI), vol. 1860, pp. 154–165. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-540-45012-2_15
Acknowledgment
This research has been funded by the Federal Ministry of Education and Research of Germany (BMBF) in the framework KMU-innovativ-Verbundprojekt: Secure Internet of Things Management Platform - SIMPL (project number 16KIS0852), by BMBF within the project iBlockchain, by the European Space Operations Centre with the Networking/Partnering Initiative, and by the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems (ICRI-CARS).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Attestation Schemes and Trust Scope
A Attestation Schemes and Trust Scope
Remote attestation originally came to prominence as a feature of the TPM [41], the standard defined by the Trusted Computing Group (TCG) [48]. Many approaches to attestation have been developed, which differ in underlying requirements and security guarantees provided. Generally, they provide different levels of resilience, which refers to the general robustness of the underlying architecture against compromise. In the following we discuss attestation approaches of four categories, and suggest what resilience level and trust scope they can provide.
Hardware-Based Architectures. Include strong cryptographic co-processors like TPMs [41]. A different approach are Trusted Execution Environments (TEEs) that use an isolated processing environment [43]. Usually, they offer complex attestation mechanisms with arbitrary cryptographic functionality. Since cryptographic co-processors are well studied and strongly protected, hardware-based architectures generally have a high resilience. Thus, this architecture is able to attest other devices and create functional as well as referral trust.
Hybrid Architectures. Generally include minimal security features like Read Only Memory (ROM) and Memory Protection Unit (MPU) for secure storage [24]. Generally, hybrid schemes such as SMART [20] and TrustLite [32] attest a defined area of code only. Their limitations are less significant compared to software-based attestation schemes. Thus, their resilience is considered to be medium. If the attested code contains the segment that handles device functionality, functional trust is gained. In contrast, referral trust requires the attestation component of the prover to be attested.
Software-Based Attestation. Generally, secure co-processors are not available on low-end embedded devices due to minimal cost requirements. Thus, purely software-based approaches were developed [45]. They do not assume any secrets on the prover’s device, since there is no secure storage available at the prover side. Instead, these schemes are based on using side-channel information to decide whether an attestation result is valid. However, this approach poses many assumptions on the network topology and adversarial capabilities. For instance, the verifier needs to have direct communication with the prover with no intermediate hops [3]. We consider resilience of this attestation type as low because the potential attack surface is comparatively high. As attestation statements made by such attestations about other parties cannot be trusted, they can only provide functional trust.
Control-Flow Attestation is a relatively recent development in the attestation landscape [2]. Static attestation, to which previously discussed attestation categories belong to, is not able to capture misbehavior of software during runtime. This is where runtime attestation comes into play by monitoring an application’s control flow and detecting all deviations from the expected flow (documented in the security policy). This approach enables the highest trust guarantees of all attestation schemes. Runtime attestation schemes like DIAT [4] offer a very high resilience because they also protect against runtime adversaries, and thus can provide both referral and functional trust.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Neureither, J., Dmitrienko, A., Koisser, D., Brasser, F., Sadeghi, AR. (2020). LegIoT: Ledgered Trust Management Platform for IoT. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds) Computer Security – ESORICS 2020. ESORICS 2020. Lecture Notes in Computer Science(), vol 12308. Springer, Cham. https://doi.org/10.1007/978-3-030-58951-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-58951-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58950-9
Online ISBN: 978-3-030-58951-6
eBook Packages: Computer ScienceComputer Science (R0)