Cited By
View all- Nunes IEldefrawy KRattanavipanon NSteiner MTsudik GHeninger NTraynor P(2019)VRASEDProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361437(1429-1446)Online publication date: 14-Aug-2019
Reconciling remote attestation and safety-critical operation on simple IoT devices
Authors: 
Xavier Carpent, Karim Eldefrawy, Norrathep Rattanavipanon, Ahmad-Reza Sadeghi, 
Gene TsudikAuthors Info & Claims
Xavier Carpent, Karim Eldefrawy, Norrathep Rattanavipanon, Ahmad-Reza Sadeghi, Gene TsudikAuthors Info & ClaimsArticle No.: 90, Pages 1 - 6
Abstract
Remote attestation (RA) is a means of malware detection, typically realized as an interaction between a trusted verifier and a potentially compromised remote device (prover). RA is especially relevant for low-end embedded devices that are incapable of protecting themselves against malware infection. Most current RA techniques require on-demand and uninterruptible (atomic) operation. The former fails to detect transient malware that enters and leaves between successive RA instances; the latter involves performing potentially time-consuming computation over prover's memory and/or storage, which can be harmful to the device's safety-critical functionality and general availability. However, relaxing either on-demand or atomic RA operation is tricky and prone to vulnerabilities. This paper identifies some issues that arise in reconciling requirements of safety-critical operation with those of secure remote attestation, including detection of transient and self-relocating malware. It also investigates mitigation techniques, including periodic self-measurements as well as interruptible attestation modality that involves shuffled memory traversals and various memory locking mechanisms.
References
[1]
Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et al. Understanding the mirai botnet. In USENIX Security Symposium, 2017.
[2]
N Asokan, Ferdinand Brasser, Ahmad Ibrahim, Ahmad-Reza Sadeghi, Matthias Schunter, Gene Tsudik, and Christian Wachsmann. SEDA: Scalable embedded device attestation. In ACM Conference on Computer and Communications Security (CCS), 2015.
[3]
Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. TyTAN: tiny trust anchor for tiny devices. In ACM/IEEE Design Automation Conference (DAC), 2015.
[4]
Xavier Carpent, Karim ElDefrawy, Norrathep Rattanavipanon, and Gene Tsudik. Lightweigh swarm attestation: a tale of two LISA-s. In ACM Asia Conference on Computer and Communications Security (ASIACCS), 2017.
[5]
Xavier Carpent, Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. Temporal consistency of integrity-ensuring computations and applications to embedded systems security. In ACM Asia Conference on Computer and Communications Security (ASIACCS), 2018.
[6]
Xavier Carpent, Norrathep Rattanavipanon, and Gene Tsudik. ERASMUS: Efficient remote attestation via self-measurement for unattended settings. In Design, Automation and Test in Europe (DATE), 2018.
[7]
Xavier Carpent, Norrathep Rattanavipanon, and Gene Tsudik. Remote attestation of iot devices via SMARM: Shuffled measurements against roving malware. In IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2018.
[8]
Claude Castelluccia, Aurélien Francillon, Daniele Perito, and Claudio Soriente. On the difficulty of software-based attestation of embedded devices. In ACM Conference on Computer and Communications Security (CCS), 2009.
[9]
Hardkernel co. Ltd. ODROID-XU4, 2013.
[10]
Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. Fusing hybrid remote attestation with a formally verified microkernel: Lessons learned. In IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W), 2017.
[11]
Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. HYDRA: Hybrid design for remote attestation (using a formally verified microkernel). In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2017.
[12]
Karim Eldefrawy, Gene Tsudik, Aurélien Francillon, and Daniele Perito. SMART: Secure and minimal architecture for (establishing dynamic) root of trust. In Network and Distributed System Security Symposium (NDSS), 2012.
[13]
Ahmad Ibrahim, Ahmad-Reza Sadeghi, Gene Tsudik, and Shaza Zeitouni. DARPA: Device attestation resilient to physical attacks. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2016.
[14]
Ahmad Ibrahim, Ahmad-Reza Sadeghi, and Shaza Zeitouni. SeED: secure non-interactive attestation for embedded devices. In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2017.
[15]
Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher. Standard, ISO.
[16]
Don Johnson, Alfred Menezes, and Scott Vanstone. The elliptic curve digital signature algorithm (ecdsa). International journal of information security, 1(1):36--63, 2001.
[17]
Jakob Jonsson, Kathleen Moriarty, Burt Kaliski, and Andreas Rusch. Pkcs# 1: Rsa cryptography specifications version 2.2. 2016.
[18]
Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, et al. sel4: Formal verification of an os kernel. In ACM symposium on Operating systems principles, 2009.
[19]
Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. TrustLite: A security architecture for tiny embedded devices. In ACM European Conference on Computer Systems (EuroSys), 2014.
[20]
Hugo Krawczyk, Ran Canetti, and Mihir Bellare. Hmac: Keyed-hashing for message authentication. 1997.
[21]
Daniele Perito and Gene Tsudik. Secure code update for embedded devices via proofs of secure erasure. In ESORICS, 2010.
[22]
Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. Return-oriented programming: Systems, languages, and applications. ACM Transactions on Information and System Security (TISSEC), 2012.
[23]
Ahmad-Reza Sadeghi, Matthias Schunter, Ahmad Ibrahim, Mauro Conti, and Gregory Neven. SANA: Secure and scalable aggregate network attestation. In ACM Conference on Computer and Communications Security (CCS), 2016.
[24]
Erol Şahin. Swarm robotics: From sources of inspiration to domains of application. In International workshop on swarm robotics, 2004.
[25]
Arvind Seshadri, Mark Luk, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla. Scuba: Secure code update by attestation in sensor networks. In ACM workshop on Wireless security, 2006.
[26]
Arvind Seshadri, Mark Luk, Elaine Shi, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In ACM Symposium on Operating Systems Principles, 2005.
[27]
Trusted Computing Group. Trusted platform module (tpm).
[28]
Jaikumar Vijayan. Stuxnet renews power grid security concerns, june 2010.
Recommendations
On the TOCTOU Problem in Remote Attestation
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications SecurityMuch attention has been devoted to verifying software integrity of remote embedded (IoT) devices. Many techniques, with different assumptions and security guarantees, have been proposed under the common umbrella of so-called Remote Attestation (RA). ...
Remote Attestation via Self-Measurement
Remote attestation (RA) is a popular means of detecting malware in embedded and IoT devices. RA is usually realized as an interactive protocol, whereby a trusted party (verifier) measures software integrity of a potentially compromised remote device (...
Invited: Reconciling Remote Attestation and Safety-Critical Operation on Simple IoT Devices
2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC)Remote attestation (RA) is a means of malware detection, typically realized as an interaction between a trusted verifier and a potentially compromised remote device (prover). RA is especially relevant for low-end embedded devices that are incapable of ...
Comments
Information & Contributors
Information
Published In
June 2018
1089 pages
ISBN:9781450357005
DOI:10.1145/3195970
Copyright © 2018 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- EDAC: Electronic Design Automation Consortium
- SIGDA: ACM Special Interest Group on Design Automation
- IEEE Council on Electronic Design Automation (CEDA)
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 June 2018
Check for updates
Qualifiers
- Research-article
Conference
DAC '18
Sponsor:
- EDAC
- SIGDA
DAC '18: The 55th Annual Design Automation Conference 2018
June 24 - 29, 2018
California, San Francisco
Acceptance Rates
Overall Acceptance Rate 1,770 of 5,499 submissions, 32%
Upcoming Conference
DAC '25
- Sponsor:
- sigda
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 242Total Downloads
- Downloads (Last 12 months)32
- Downloads (Last 6 weeks)10
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
Cited By
View all- Nunes IEldefrawy KRattanavipanon NSteiner MTsudik GHeninger NTraynor P(2019)VRASEDProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361437(1429-1446)Online publication date: 14-Aug-2019
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in