Abstract
Remote attestation (RA) is an essential feature in many security protocols to verify the memory integrity of remote embedded (IoT) devices. Several RA techniques have been proposed to verify the remote device binary at the time when a checksum function is executed over a specific memory region. A self-relocating malware may try to move itself to avoid being “caught” by the checksum function because the attestation provides no information about the device binary before the current checksum function execution or between consecutive checksum function executions. Several software-based that lack of dedicated hardware rely on detecting the extra latency incurred by the moving process of self-relocating malware by setting tight time constraints. In this paper, we demonstrate the shortcomings of existing software-based approaches by presenting Debug Register-based Self-relocating Attack (DRSA). DRSA monitors the execution of the checksum function using the debug registers and erases itself before the next attestation. Our evaluation demonstrates that DRSA incurs low overhead, and it is extremely difficult for the verifier to detect it.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aman, M.N., et al.: HAtt: hybrid remote attestation for the internet of things with high availability. IEEE Internet Things J. 7(8), 7220–7233 (2020)
Ammar, M., Crispo, B., Jacobs, B., Hughes, D., Daniels, W.: S\(\mu \)v-the security microvisor: a formally-verified software-based security architecture for the internet of things. IEEE Trans. Dependable Secure Comput. 16(5), 885–901 (2019)
Ammar, M., Crispo, B., Tsudik, G.: Simple: a remote attestation approach for resource-constrained IoT devices. In: 2020 ACM/IEEE 11th International Conference on Cyber-Physical Systems (ICCPS), pp. 247–258. IEEE (2020)
ARM, A.: Security technology building a secure system using trustzone technology (white paper). ARM Limited (2009)
Brasser, F., El Mahjoub, B., Sadeghi, A.R., Wachsmann, C., Koeberl, P.: TyTAN: tiny trust anchor for tiny devices. In: Proceedings of the 52nd Annual Design Automation Conference, pp. 1–6 (2015)
Carpent, X., Rattanavipanon, N., Tsudik, G.: Remote attestation of IoT devices via smarm: shuffled measurements against roving malware. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 9–16. IEEE (2018)
Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 400–409 (2009)
De Oliveira Nunes, I., Jakkamsetti, S., Rattanavipanon, N., Tsudik, G.: On the TOCTOU problem in remote attestation. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 2921–2936 (2021)
Dushku, E., Rabbani, M.M., Conti, M., Mancini, L.V., Ranise, S.: SARA: secure asynchronous remote attestation for IoT systems. IEEE Trans. Inf. Forensics Secur. 15, 3123–3136 (2020)
Eldefrawy, K., Rattanavipanon, N., Tsudik, G.: Hydra: hybrid design for remote attestation (using a formally verified microkernel). In: Proceedings of the 10th ACM Conference on Security and Privacy in wireless and Mobile Networks, pp. 99–110 (2017)
Group, T.C.: Trusted platform module (TPM) (2017). http://www.trustedcomputinggroup.org
Guide, P.: Intel® 64 and ia-32 architectures software developer’s manual. Volume 3B: System programming Guide, Part 2(11), 0–40 (2011)
Hao, S., et al.: Deep reinforce learning for joint optimization of condition-based maintenance and spare ordering. Inf. Sci. 634, 85–100 (2023)
Noorman, J., et al.: Sancus: low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In: 22nd USENIX Security Symposium (USENIX Security 13), pp. 479–498 (2013)
Petzi, L., Yahya, A.E.B., Dmitrienko, A., Tsudik, G., Prantl, T., Kounev, S.: \(\{\)SCRAPS\(\}\): scalable collective remote attestation for \(\{\)Pub-Sub\(\}\)\(\{\)IoT\(\}\) networks with untrusted proxy verifier. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 3485–3501 (2022)
Seshadri, A., Luk, M., Shi, E., Perrig, A., Van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, pp. 1–16 (2005)
Seshadri, A., Perrig, A., Van Doorn, L., Khosla, P.: SWATT: software-based attestation for embedded devices. In: IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, pp. 272–282. IEEE (2004)
Shaneck, M., Mahadevan, K., Kher, V., Kim, Y.: Remote software-based attestation for wireless sensors. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 27–41. Springer, Heidelberg (2005). https://doi.org/10.1007/11601494_3
Shepherd, C., Markantonakis, K., Jaloyan, G.A.: LIRA-V: lightweight remote attestation for constrained RISC-V devices. In: 2021 IEEE Security and Privacy Workshops (SPW), pp. 221–227. IEEE (2021)
Yang, X., et al.: Towards a low-cost remote memory attestation for the smart grid. Sensors 15(8), 20799–20824 (2015)
Yang, Y., Wang, X., Zhu, S., Cao, G.: Distributed software-based attestation for node compromise detection in sensor networks. In: 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007), pp. 219–230. IEEE (2007)
Zhang, N., Tan, Y.A., Yang, C., Li, Y.: Deep learning feature exploration for android malware detection. Appl. Soft Comput. 102, 107069 (2021)
Zhang, Q., et al.: A hierarchical group key agreement protocol using orientable attributes for cloud computing. Inf. Sci. 480, 55–69 (2019)
Zhu, H., Tan, Y.A., Zhu, L., Zhang, Q., Li, Y.: An efficient identity-based proxy blind signature for semioffline services. Wireless Commun. Mobile Comput. 2018(2), 1–9 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhang, Z. et al. (2024). DRSA: Debug Register-Based Self-relocating Attack Against Software-Based Remote Authentication. In: Chen, J., Xia, Z. (eds) Blockchain Technology and Emerging Applications. BlockTEA 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 577. Springer, Cham. https://doi.org/10.1007/978-3-031-60037-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-60037-1_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-60036-4
Online ISBN: 978-3-031-60037-1
eBook Packages: Computer ScienceComputer Science (R0)