Proofs or Remote Execution and Mitigation of TOCTOU Attacks

PART I: Modern society is increasingly surrounded by, and relies upon, a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), and smart devices. They often perform safety-critical functions in numerous settings, e.g., home, office, medical, automotive and industrial. Some devices are small, cheap and specialized sensors and/or actuators. They tend to have meager resources, run simple software, sometimes upon bare metal. If such devices are left unprotected, consequences of forged sensor readings or ignored actuation commands can be catastrophic, particularly, in safety-critical settings. This prompts the following three questions: (1) How to trust data produced by a simple remote embedded device? (2) How to ascertain that this data was produced via execution of expected software? And, (3) Is it possible to attain (1) and (2) under the assumption that all software on the remote device could be modified or compromised? In the first part of the talk we answer these questions by describing VAPE: Verified Architecture for Proofs of Execution [1], the first of its kind result for low-end embedded systems. This work has a range of applications, especially, to authenticated sensing and trustworthy actuation, which are increasingly relevant in the context of safety-critical systems. VAPE architecture is publicly available and it incurs low overhead, affordable even for lowest-end embedded devices. PART II: Much attention has been devoted to verifying software integrity of remote embedded (IoT) devices. Many techniques, with different assumptions and security guarantees, have been proposed under the common umbrella of so-called Remote Attestation (RA). Aside from software integrity verification and malware presence detection, RA serves as a foundation for many security services, such as proofs of memory erasure, system reset, software update, and runtime verification. All prior RA techniques verify the remote device's state at the time when RA functionality is executed, thus providing no information about the device's state before current RA execution or between consecutive RA executions. This implies that presence of transient malware may be undetected. In other words, if transient malware infects a device, performs its nefarious tasks, and leaves before the next attestation, its temporary presence will not be detected. This important problem, called Time-Of-Check-Time-Of-Use (TOCTOU), is well-known in the research literature and remains unaddressed in the context of RA. In the second part of this talk, we discuss Remote Attestation with TOCTOU Avoidance (RATA): a provably secure approach to address the RA TOCTOU problem [2]. With RATA, even malware that erases itself before the next RA execution, cannot hide its ephemeral presence. RATA targets hybrid RA architectures aimed at low-end embedded devices. It comes in two version: RATA-A and RATA-B, suitable for devices with and without real-time clocks, respectively. Each is shown to be secure and is accompanied by a publicly available and formally verified implementation. Both techniques incur rather low hardware overhead, and it, in fact, substantially reduces computational costs of RA execution.