research-article

Invited - Things, trouble, trust: on building trust in IoT systems

Authors:

Farinaz Koushanfar,

Ahmad-Reza Sadeghi,

Gene TsudikAuthors Info & Claims

DAC '16: Proceedings of the 53rd Annual Design Automation Conference

Article No.: 121, Pages 1 - 6

https://doi.org/10.1145/2897937.2905020

Published: 05 June 2016 Publication History

Abstract

The emerging and much-touted Internet of Things (IoT) presents a variety of security and privacy challenges. Prominent among them is the establishment of trust in remote IoT devices, which is typically attained via remote attestation, a distinct security service that aims to ascertain the current state of a potentially compromised remote device. Remote attestation ranges from relatively heavy-weight secure hardware-based techniques, to light-weight software-based ones, and also includes approaches that blend software (e.g., control-flow integrity) and hardware features (e.g., PUFs). In this paper, we survey the landscape of state-of-the-art attestation techniques from the IoT device perspective and argue that most of them have a role to play in IoT trust establishment.

References

[1]

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. ACM Trans. Inf. Syst. Secur., 13(1), 2009.

Digital Library

[2]

I. Anati, S. Gueron, S. Johnson, and V. Scarlata. Innovative Technology for CPU Based Attestation and Sealing. In Workshop on Hardware and Architectural Support for Security and Privacy, 2013.

[3]

N. Asokan, F. Brasser, A. Ibrahim, A.-R. Sadeghi, M. Schunter, G. Tsudik, and C. Wachsmann. SEDA: Scalable Embedded Device Attestation. In ACM Computer and Communications Security (CCS), 2015.

Digital Library

[4]

B. Balacheff, L. Chen, S. Pearson, D. Plaquin, and G. Proudler. Trusted computing platforms: TCPA technology in context. Prentice Hall Professional, 2003.

[5]

F. Brasser, B. El Mahjoub, A.-R. Sadeghi, C. Wachsmann, and P. Koeberl. TyTAN: Tiny Trust Anchor for Tiny Devices. In Design Automation Conference (DAC), 2015.

Digital Library

[6]

F. Brasser, A.-R. Sadeghi, K. B. Rasmussen, and G. Tsudik. Remote Attestation for Low-End Embedded Devices: the Prover's Perspective. In Design Automation Conference (DAC), 2016.

Digital Library

[7]

C. Castelluccia, A. Francillon, D. Perito, and C. Soriente. On the dificulty of software-based attestation of embedded devices. In ACM Computer and Communications Security (CCS), 2009.

Digital Library

[8]

S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-control-data attacks are realistic threats. In USENIX Security Symposium, 2005.

Digital Library

[9]

K. El Defrawy, A. Francillon, D. Perito, and G. Tsudik. SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust. In NDSS, 2012.

[10]

A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik. Systematic Treatment of Remote Attestation. Cryptology ePrint Archive, 2012.

[11]

A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik. A Minimalist Approach to Remote Attestation. In Design, Automation & Test in Europe (DATE), 2014.

Digital Library

[12]

Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, and N. Asokan. Beyond secure channels. In ACM workshop on Scalable trusted computing (STC), 2007.

Digital Library

[13]

P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan. TrustLite: A Security Architecture for Tiny Embedded Devices. In European Conference on Computer Systems (EuroSys), apr 2014.

Digital Library

[14]

J. Kong, F. Koushanfar, P. K. Pendyala, A.-R. Sadeghi, and C. Wachsmann. PUFatt: Embedded Platform Attestation Based on Novel Processor-Based PUFs. In Design Automation Conference (DAC), 2014.

Digital Library

[15]

K. Kostiainen, N. Asokan, and J.-E. Ekberg. Practical property-based attestation on mobile devices. In International conference on Trust and Trustworthy Computing (TRUST), 2011.

Digital Library

[16]

R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return-oriented programming: Systems, languages, and applications. ACM Trans. Inf. Syst. Secur., 15(1):2:1--2:34, 2012.

Digital Library

[17]

A.-R. Sadeghi and C. Stüble. Property-based Attestation for Computing Platforms: Caring about properties, not mechanisms. In Workshop on New Security Paradigms (NSPW), 2005.

Digital Library

[18]

S. Saroiu and A. Wolman. I am a sensor, and I approve this message. In HotMobile, New York, New York, USA, 2010.

Digital Library

[19]

S. Schulz, A.-R. Sadeghi, and C. Wachsmann. Short Paper: Lightweight Remote Attestation using Physical Functions. In ACM conference on Wireless network security (WiSec), 2011.

Digital Library

[20]

A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In Symposium on Operating Systems Principles (SOSP), 2005.

Digital Library

[21]

A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWATT: software-based attestation for embedded devices. In IEEE Symposium on Security and Privacy, 2004.

[22]

T. Abera et al. C-FLAT: Control flow attestation for embedded systems software. Work in Progress, 2016.

Cited By

Sha ZShepherd CRafi AMarkantonakis K(2025)Control-flow attestation: Concepts, solutions, and open challengesComputers & Security10.1016/j.cose.2024.104254150(104254)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104254
Bakhshi TGhita BKuzminykh I(2024)A Review of IoT Firmware Vulnerabilities and Auditing TechniquesSensors10.3390/s2402070824:2(708)Online publication date: 22-Jan-2024
https://doi.org/10.3390/s24020708
Cuñat SReinosa RLacalle IPalau C(2024)Immutability and non-repudiation in the exchange of key messages within the EU IoT-Edge-Cloud ContinuumProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669918(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669918
Show More Cited By

Invited - Things, trouble, trust: on building trust in IoT systems
1. Computer systems organization
2. Security and privacy
  1. Systems security

Recommendations

Security, privacy and trust in Internet of Things

Internet of Things (IoT) is characterized by heterogeneous technologies, which concur to the provisioning of innovative services in various application domains. In this scenario, the satisfaction of security and privacy requirements plays a fundamental ...
Survey on Trust Calculation Methods in Internet of Things
Abstract
The Internet of Things (IoT) is widely affecting our daily lives in many different activities and applications. IoT devices are ranging from a tiny wearable device to large industrial applications. Wide variety of IoT applications have been ...
Trust-based recommendation systems in Internet of Things: a systematic literature review

Internet of Things (IoT) creates a world where smart objects and services interacting autonomously. Taking into account the dynamic-heterogeneous characteristic of interconnected devices in IoT, demand for a trust model to guarantee security, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

DAC '16: Proceedings of the 53rd Annual Design Automation Conference

June 2016

1048 pages

ISBN:9781450342360

DOI:10.1145/2897937

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 June 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

DAC '16

DAC '16: The 53rd Annual Design Automation Conference 2016

June 5 - 9, 2016

Texas, Austin

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

86
Total Citations
View Citations
1,416
Total Downloads

Downloads (Last 12 months)74
Downloads (Last 6 weeks)8

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sha ZShepherd CRafi AMarkantonakis K(2025)Control-flow attestation: Concepts, solutions, and open challengesComputers & Security10.1016/j.cose.2024.104254150(104254)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104254
Bakhshi TGhita BKuzminykh I(2024)A Review of IoT Firmware Vulnerabilities and Auditing TechniquesSensors10.3390/s2402070824:2(708)Online publication date: 22-Jan-2024
https://doi.org/10.3390/s24020708
Cuñat SReinosa RLacalle IPalau C(2024)Immutability and non-repudiation in the exchange of key messages within the EU IoT-Edge-Cloud ContinuumProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669918(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669918
Zhao ZLi ZYu JZhang FXie XXu HChen B(2024)CMD: Co-analyzed IoT Malware Detection and Forensics via Network and Hardware DomainsIEEE Transactions on Mobile Computing10.1109/TMC.2023.3311012(1-15)Online publication date: 2024
https://doi.org/10.1109/TMC.2023.3311012
Qatawneh NAljaafreh AHmoud Al-Laymoun OAladaileh R(2024)Critical Success Factors Influencing the Behavioral Intention to Adopt Smart Home TechnologiesIEEE Access10.1109/ACCESS.2024.343249312(132996-133007)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3432493
Linsner SDemuth KSurminski SDavi LReuter C(2024)Building trust in remote attestation through transparency – a qualitative user study on observable attestationBehaviour & Information Technology10.1080/0144929X.2024.2374889(1-21)Online publication date: 11-Jul-2024
https://doi.org/10.1080/0144929X.2024.2374889
Arazzi MNicolazzo SNocera A(2024)A novel IoT trust model leveraging fully distributed behavioral fingerprinting and secure delegationPervasive and Mobile Computing10.1016/j.pmcj.2024.10188999(101889)Online publication date: Apr-2024
https://doi.org/10.1016/j.pmcj.2024.101889
Rimbeck MStumpf-Wollersheim JRichter A(2024)Unfolding IoT Adoption: A Status Quo Bias PerspectiveBusiness & Information Systems Engineering10.1007/s12599-024-00891-6Online publication date: 31-Aug-2024
https://doi.org/10.1007/s12599-024-00891-6
Mansoor KAfzal MIqbal WAbbas Y(2024)Securing the future: exploring post-quantum cryptography for authentication and user privacy in IoT devicesCluster Computing10.1007/s10586-024-04799-428:2Online publication date: 26-Nov-2024
https://doi.org/10.1007/s10586-024-04799-4
Dirin AOliver ILaine T(2023)A Security Framework for Increasing Data and Device Integrity in Internet of Things SystemsSensors10.3390/s2317753223:17(7532)Online publication date: 30-Aug-2023
https://doi.org/10.3390/s23177532
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten