Skip to main content
Springer Nature Link
Log in

Towards Practical Hardware Fingerprinting for Remote Attestation

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2024)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 710))

Abstract

In the realm of Trusted Computing for embedded systems, ensuring the integrity of both firmware and hardware presents a complex challenge. Traditional approaches have focused on detecting firmware and operating system (OS) software manipulations, leaving a gap in the identification of subtle hardware modifications and attacks. This paper extends previous work on hardware fingerprinting for remote attestation by conducting and analyzing comprehensive long-term hardware measurements. Building upon the established methodology, we examine the correlation between environmental parameters and analog-to-digital converter (ADC) values to gain suitable reference values for remote attestation procedures. Our work introduces significant contributions: the implementation of two distinct test setups for enhanced hardware fingerprinting, a rigorous evaluation of these measurements to identify strong correlations, the development of a standardized log format for hardware measurements aimed at adoption by the Trusted Computing Group (TCG), and the application to Trusted Platform Module TPM based measured boot and remote attestation. In summary, we integrate hardware manipulation detection with the TPM, and lay the groundwork for a more secure and reliable computing environment in embedded systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/Fraunhofer-SIT/paper-towards-practical-hardware-fingerprinting-for-remote-attestation.

References

  1. Birkholz, H., Eckel, M., Pan, W., Voit, E.: Reference Interaction Models for Remote Attestation Procedures. I-D (2023). https://datatracker.ietf.org/doc/draft-ietf-rats-reference-interaction-models/

  2. Birkholz, H., Thaler, D., Richardson, M., Smith, N., Pan, W.: Remote ATtestation procedureS (RATS) Architecture. RFC 9334 (2023). https://doi.org/10.17487/RFC9334. https://www.rfc-editor.org/rfc/rfc9334

  3. Birkholz, H., Vigano, C., Bormann, C.: Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures. RFC 8610 (2019). https://doi.org/10.17487/RFC8610. https://www.rfc-editor.org/rfc/rfc8610

  4. Bormann, C., Gamari, B., Birkholz, H.: Concise Binary Object Representation (CBOR) Tags for Time, Duration, and Period. I-D (2023). https://datatracker.ietf.org/doc/draft-ietf-cbor-time-tag/

  5. Bormann, C., Hoffman, P.E.: Concise Binary Object Representation (CBOR). RFC 7049 (2013). https://doi.org/10.17487/RFC7049. https://www.rfc-editor.org/rfc/rfc7049

  6. Jäger, L., Lorych, D.: Remote attestation extended to the analog domain. In: Proceedings of the 16th International Conference on Availability, Reliability and Security, ARES 2021. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3465481.3465762

  7. Trusted Computing Group (TCG): Trusted Platform Module Library – Part 1: Architecture, family 2.0, level 00, revision 01.59 edn. (2019). https://trustedcomputinggroup.org/resource/tpm-library-specification/

  8. Trusted Computing Group (TCG): Canonical Event Log Format, version: 1.0, revision: 0.41 edn. (2022). https://trustedcomputinggroup.org/resource/canonical-event-log-format/

  9. Trusted Computing Group (TCG): TCG PC Client Specific Platform Firmware Profile Specification, level 00 version 1.06 revision 52 edn. (2023). https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/

Download references

Acknowledgments

This research work was supported by the National Research Center for Applied Cybersecurity ATHENE as well as the projects VE-ASCOT (ID 16ME0274), TRUSTnet (ID 16KIS1787), and FINESSE (ID 16KIS1586) from the German Federal Ministry of Education and Research.

Author information

Authors and Affiliations

  1. Cyber-Physical Systems Security, Fraunhofer SIT, Rheinstraße 75, 64295, Darmstadt, Germany

    Michael Eckel, Florian Fenzl & Lukas Jäger

  2. ATHENE – National Research Center for Applied Cybersecurity, Rheinstraße 75, 64295, Darmstadt, Germany

    Michael Eckel, Florian Fenzl & Lukas Jäger

Authors
  1. Michael Eckel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Fenzl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lukas Jäger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Eckel .

Editor information

Editors and Affiliations

  1. Edinburgh Napier University, Edinburgh, UK

    Nikolaos Pitropakis

  2. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  3. University of Nottingham, Nottingham, UK

    Steven Furnell

  4. Royal Holloway University of London, Egham, Surrey, UK

    Konstantinos Markantonakis

Rights and permissions

Reprints and permissions

Copyright information

© 2024 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Eckel, M., Fenzl, F., Jäger, L. (2024). Towards Practical Hardware Fingerprinting for Remote Attestation. In: Pitropakis, N., Katsikas, S., Furnell, S., Markantonakis, K. (eds) ICT Systems Security and Privacy Protection. SEC 2024. IFIP Advances in Information and Communication Technology, vol 710. Springer, Cham. https://doi.org/10.1007/978-3-031-65175-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-65175-5_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-65174-8

  • Online ISBN: 978-3-031-65175-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships