Skip to main content
Springer Nature Link
Log in

HolA: Holistic and Autonomous Attestation for IoT Networks

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13285))

Included in the following conference series:

Abstract

Collective Remote Attestation (CRA) is a well-established approach where a single Verifier attests the integrity of multiple devices in a single execution of the challenge-response protocol. Current CRA solutions are well-suited for Internet of Things (IoT) networks, where the devices are distributed in a mesh topology and communicate only with their physical neighbours. Recent advancements on low-energy protocols, though, enabled the IoT devices to connected to the Internet, thus disrupting the concept of physical neighbour. In this paper, we propose HolA (Holistic and Autonomous Attestation), the first CRA scheme designed for Internet-like IoT networks. HolA provides defence against attacks targeting both the nodes and the network infrastructure. We deployed HolA on both a network of real devices (i.e., 5 Raspberry Pis) and a simulated environment (i.e., 1M devices in an Omnet++ network). Our results demonstrate that HolA can resist against a disruptive attacker that compromises up to half of the network devices and that tampers with network traffic. HolA can verify the integrity of 1M devices in around 12 s while the state-of-the-art requires 71 s. Finally, HolA requires 7 times less memory per device compared with the state-of-the-art.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    With consecutive nodes, we mean nodes with a consecutive position in the Chord ring.

References

  1. Abe, M.: Mix-networks on permutation networks. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 258ā€“273. Springer, Heidelberg (1999). https://doi.org/10.1007/978-3-540-48000-6_21

    Chapter  Google Scholar 

  2. Abera, T., et al.: C-FLAT: control-flow attestation for embedded systems software. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 743ā€“754. ACM, New York (2016). https://doi.org/10.1145/2976749.2978358, https://doi.acm.org/10.1145/2976749.2978358

  3. Abera, T., Bahmani, R., Brasser, F., Ibrahim, A., Sadeghi, A., Schunter, M.: DIAT: data integrity attestation for resilient collaboration of autonomous systems. In: 26th Annual Network & Distributed System Security Symposium (NDSS). The Internet Society (2019). http://tubiblio.ulb.tu-darmstadt.de/110632/

  4. Alaba, F.A., Othman, M., Hashem, I.A.T., Alotaibi, F.: Internet of things security: a survey. J. Netw. Comput. Appl. 88, 10ā€“28 (2017)

    Article  Google Scholar 

  5. Ambrosin, M., Conti, M., Lazzeretti, R., Rabbani, M.M., Ranise, S.: PADS: practical attestation for highly dynamic swarm topologies. In: 2018 International Workshop on Secure Internet of Things (SIoT), pp. 18ā€“27 (2018). https://doi.org/10.1109/SIoT.2018.00009

  6. Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A.R., Schunter, M.: SANA: secure and scalable aggregate network attestation. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 731ā€“742. ACM, New York (2016). https://doi.org/10.1145/2976749.2978335, https://doi.acm.org/10.1145/2976749.2978335

  7. Asokan, N., et al.: SEDA: scalable embedded device attestation. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 964ā€“975. ACM, New York (2015). https://doi.org/10.1145/2810103.2813670, http://doi.acm.org/10.1145/2810103.2813670

  8. Bhatt, A., Patoliya, J.: Cost effective digitization of home appliances for home automation with low-power WiFi devices. In: 2016 2nd International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics (AEEICB), pp. 643ā€“648 (2016). https://doi.org/10.1109/AEEICB.2016.7538368

  9. Broder, A., Mitzenmacher, M.: Network applications of bloom filters: a survey. Internet Math. 1(4), 485ā€“509 (2004). https://doi.org/10.1080/15427951.2004.10129096

    Article  MathSciNet  MATH  Google Scholar 

  10. Carpent, X., ElDefrawy, K., Rattanavipanon, N., Tsudik, G.: Lightweight swarm attestation: a tale of two LISA-s. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 86ā€“100. ACM, New York (2017). https://doi.org/10.1145/3052973.3053010, http://doi.acm.org/10.1145/3052973.3053010

  11. Challener, D.: Trusted platform module. In: Encyclopedia of Cryptography and Security, pp. 1308ā€“1310 (2011)

    Google Scholar 

  12. Cisco Systems, I.: Why IP is the right foundation for the smart grid. https://www.cisco.com/c/dam/assets/docs/c11-581079-wp.pdf. Accessed November 2020

  13. Conti, M., Di Pietro, R., Gabrielli, A., Mancini, L.V., Mei, A.: The smallville effect: social ties make mobile networks more secure against node capture attack. In: Proceedings of the 8th ACM International Workshop on Mobility Management and Wireless Access, pp. 99ā€“106 (2010)

    Google Scholar 

  14. Conti, M., Di Pietro, R., Mancini, L.V., Mei, A.: Emergent properties: detection of the node-capture attack in mobile wireless sensor networks. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 214ā€“219 (2008)

    Google Scholar 

  15. Conti, M., Rigoni, G., Toffalini, F.: ASAINT: a spy app identification system based on network traffic. In: Proceedings of the 15th International Conference on Availability, Reliability and Security, pp. 1ā€“8 (2020)

    Google Scholar 

  16. Dessouky, G., et al.: Lo-fat: Low-overhead control flow attestation in hardware. In: Proceedings of the 54th Annual Design Automation Conference 2017, pp. 1ā€“6 (2017)

    Google Scholar 

  17. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644ā€“654 (1976)

    Article  MathSciNet  Google Scholar 

  18. Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22Nd Annual Symposium on Foundations of Computer Science. In: SFCS 1981, pp. 350ā€“357. IEEE Computer Society, Washington, DC (1981). https://doi.org/10.1109/SFCS.1981.32

  19. Feistel, H.: Cryptography and computer privacy. Sci. Am. 228(5), 15ā€“23 (1973)

    Article  Google Scholar 

  20. Francillon, A., Nguyen, Q., Rasmussen, K.B., Tsudik, G.: A minimalist approach to remote attestation. In: 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1ā€“6. IEEE (2014)

    Google Scholar 

  21. Gong, B., Zhang, Y., Wang, Y.: A remote attestation mechanism for the sensing layer nodes of the internet of things. Futur. Gener. Comput. Syst. 78, 867ā€“886 (2018)

    Article  Google Scholar 

  22. Thread Group: Thread. https://www.threadgroup.org/. Accessed November 2020

  23. Ibrahim, A., Sadeghi, A.R., Tsudik, G.: US-AID: unattended scalable attestation of IoT devices. In: 37th IEEE International Symposium on Reliable Distributed Systems (2018). https://doi.org/10.1109/SRDS.2018.00013, https://ieeexplore.ieee.org/document/8613950

  24. Ibrahim, A., Sadeghi, A.R., Tsudik, G., Zeitouni, S.: DARPA: device attestation resilient to physical attacks. In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec 2016, pp. 171ā€“182. ACM, New York (2016). https://doi.org/10.1145/2939918.2939938, http://doi.acm.org/10.1145/2939918.2939938

  25. Ibrahim, A., Sadeghi, A.R., Zeitouni, S.: SeED: secure non-interactive attestation for embedded devices. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 64ā€“74 (2017)

    Google Scholar 

  26. Islam, S.A., Katkoori, S.: SafeController: efficient and transparent control-flow integrity for RTL design. In: 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), pp. 270ā€“275. IEEE (2020)

    Google Scholar 

  27. Jeong, S., Hwang, J., Kwon, H., Shin, D.: A CFI countermeasure against got overwrite attacks. IEEE Access 8, 36267ā€“36280 (2020)

    Article  Google Scholar 

  28. KohnhƤuser, F., BĆ¼scher, N., Gabmeyer, S., Katzenbeisser, S.: SCAPI: a scalable attestation protocol to detect software and physical attacks. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, pp. 75ā€“86. ACM, New York (2017). https://doi.org/10.1145/3098243.3098255, http://doi.acm.org/10.1145/3098243.3098255

  29. KohnhƤuser, F., BĆ¼scher, N., Katzenbeisser, S.: SALAD: secure and lightweight attestation of highly dynamic and disruptive networks. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3196494.3196544

  30. KohnhƤuser, F., BĆ¼scher, N., Katzenbeisser, S.: A practical attestation protocol for autonomous embedded systems. In: 4th IEEE European Symposium on Security and Privacy (EuroS &P 2019) (2019). https://doi.org/10.1109/EuroSP.2019.00028, http://tubiblio.ulb.tu-darmstadt.de/114633/

  31. KylƤnpƤƤ, M., Rantala, A.: Remote attestation for embedded systems. In: BĆ©cue, A., Cuppens-Boulahia, N., Cuppens, F., Katsikas, S., Lambrinoudakis, C. (eds.) CyberICS/WOS-CPS -2015. LNCS, vol. 9588, pp. 79ā€“92. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40385-4_6

    Chapter  Google Scholar 

  32. Liberatore, M., Levine, B.N.: Inferring the source of encrypted http connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 255ā€“263. Association for Computing Machinery, New York (2006). https://doi.org/10.1145/1180405.1180437, https://doi.org/10.1145/1180405.1180437

  33. Linaro: Op-tee (2015). https://github.com/OP-TEE/optee_os. Accessed June 2019

  34. Mandula, K., Parupalli, R., Murty, C.A., Magesh, E., Lunagariya, R.: Mobile based home automation using internet of things (IoT). In: 2015 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), pp. 340ā€“343. IEEE (2015)

    Google Scholar 

  35. Pi, R.: Raspberry pi zero. https://www.raspberrypi.org/products/raspberry-pi-zero/

  36. Pi, R.: Raspberry pi 3 model b (2015). https://www.raspberrypi.org

  37. Rayes, A., Salam, S.: The internet in IoT. In: Internet of Things From Hype to Reality, pp. 37ā€“65. Springer, Heidelberg (2019)

    Google Scholar 

  38. Salowey, J., Choudhury, A., McGrew, D.: AES galois counter mode (GCM) cipher suites for TLS. Request for Comments 5288 (2008)

    Google Scholar 

  39. Schulz, S., Schaller, A., KohnhƤuser, F., Katzenbeisser, S.: Boot attestation: secure remote reporting with off-the-shelf IoT sensors. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 437ā€“455. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_24

    Chapter  Google Scholar 

  40. Shelby, Z., Bormann, C.: 6LoWPAN: The Wireless Embedded Internet, vol. 43. Wiley, Hoboen (2011)

    Google Scholar 

  41. Stoica, I., et al.: Chord: a scalable peer-to-peer lookup protocol for internet applications. IEEE/ACM Trans. Netw. 11(1), 17ā€“32 (2003). https://doi.org/10.1109/TNET.2002.808407, http://dx.doi.org/10.1109/TNET.2002.808407

  42. Toffalini, F., Losiouk, E., Biondo, A., Zhou, J., Conti, M.: SCARR: scalable runtime remote attestation for complex systems. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 121ā€“134. USENIX Association, Chaoyang District, Beijing (2019). https://www.usenix.org/conference/raid2019/presentation/toffalini

  43. Varga, A.: OMNet++. In: Wehrle, K., GĆ¼neş, M., Gross, J. (eds.) Modeling and Tools for Network Simulation, pp. 35ā€“59. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12331-3_3

    Chapter  Google Scholar 

  44. Winter, J.: Trusted computing building blocks for embedded linux-based arm trustzone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC 2008, pp. 21ā€“30. ACM, New York (2008). https://doi.org/10.1145/1456455.1456460, http://doi.acm.org/10.1145/1456455.1456460

  45. Xia, H.: Capability memory protection for embedded systems. Ph.D. thesis, University of Cambridge (2020)

    Google Scholar 

  46. Zave, P.: How to make chord correct (using a stable base). CoRR abs/1502.06461 (2015). http://arxiv.org/abs/1502.06461

  47. Zeitouni, S., et al.: ATRIUM: runtime attestation resilient under memory attacks. In: 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 384ā€“391. IEEE (2017)

    Google Scholar 

Download references

Acknowledgements

The work is supported by A*STAR under its RIE2020 Advanced Manufacturing and Engineering (AME) Industry Alignment Fund - Pre Positioning (IAF-PP) Award A19D6a0053. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of A*STAR.

Author information

Authors and Affiliations

  1. University of Padua, Padua, Italy

    Alessandro Visintin, Eleonora Losiouk & Mauro Conti

  2. EPFL, Lausanne, Switzerland

    Flavio Toffalini

  3. SUTD, Singapore, Singapore

    Flavio Toffalini & Jianying Zhou

Authors
  1. Alessandro Visintin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Flavio Toffalini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eleonora Losiouk
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mauro Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alessandro Visintin .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Bristol, Bristol, UK

    Sridhar Adepu

  3. University of Malaga, Malaga, Spain

    Cristina Alcaraz

  4. Radboud University Nijmegen, MƔlaga, The Netherlands

    Lejla Batina

  5. Sapienza University of Rome, Rome, Roma, Italy

    Emiliano Casalicchio

  6. Singapore University of Technology and Design, Singapore, Singapore

    Sudipta Chattopadhyay

  7. Centrum Wiskunde & Informatica, Amsterdam, The Netherlands

    Chenglu Jin

  8. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  9. University of Padua, Padua, Italy

    Eleonora Losiouk

  10. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  11. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  12. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  13. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  14. University of Aizu, Aizu-Wakamatsu, Japan

    Chunhua Su

  15. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  16. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

  17. Rutgers University, Piscataway, NJ, USA

    Saman Zonouz

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Visintin, A., Toffalini, F., Losiouk, E., Conti, M., Zhou, J. (2022). HolA: Holistic and Autonomous Attestation for IoT Networks. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2022. Lecture Notes in Computer Science, vol 13285. Springer, Cham. https://doi.org/10.1007/978-3-031-16815-4_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16815-4_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16814-7

  • Online ISBN: 978-3-031-16815-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation