research-article

Public Access

Delegated attestation: scalable remote attestation of commodity CPS by blending proofs of execution with software attestation

Authors:

Ivan De Oliveira Nunes,

Gene TsudikAuthors Info & Claims

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 37 - 47

https://doi.org/10.1145/3448300.3467818

Published: 28 June 2021 Publication History

Abstract

Remote Attestation (RA) is an interaction between a trusted verifier (Vrf) and one or more remote and potentially compromised devices (provers or Prv-s) that allow the former to measure the software state of the latter. RA is particularly relevant to safety-critical cyber-physical systems (CPS) where a set of low-end micro-controllers (MCUs), operate under the control of a remote and more powerful controller. In such cases, RA is an effective and relatively efficient means to detect software compromise, e.g., malware infections, on these low-end MCUs that cannot support expensive security mechanisms.

Unfortunately, current RA techniques have a major practical limitation by requiring one or more of: (i) customized hardware support on every Prv; or (ii) physical presence of Vrf, which must be directly connected to all Prv-s, or (iii) secure pre-loading of trusted software. To overcome this limitation, we construct, implement and evaluate a Delegated Attestation (DA) scheme. In it, all Prv-s remain unmodified, meaning that it applies even to already deployed CPS devices. However, there is no requirement for Vrf's physical proximity, hardware support or secure initial software pre-loading. Instead, DA uses a recently proposed primitive (called Proofs-of-Execution or PoX) which entails a single customized low-end embedded device (called Attestation Proxy or Prox) on the same local-area network (e.g., a CAN-bus) as Prv-s. In doing so, DA enables RA of all Prv-s. Importantly, this guarantee holds even if Prox is itself compromised, enabling secure RA of completely unmodified Prv-s in an efficient manner.

References

[1]

Mahmoud Ammar, Bruno Crispo, Bart Jacobs, Danny Hughes, and Wilfried Daniels. 2019. SμV---The Security MicroVisor: A Formally-Verified Software-Based Security Architecture for the Internet of Things. IEEE Transactions on Dependable and Secure Computing 16, 5 (2019), 885--901.

[2]

Mahmoud Ammar, Bruno Crispo, and Gene Tsudik. 2020. SIMPLE: A Remote Attestation Approach for Resource-constrained IoT devices. In ACM/IEEE ICCPS. 247--258.

[3]

Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et al. 2017. Understanding the mirai botnet. In USENIX Security.

[4]

Arm Ltd. 2018. Arm TrustZone. https://www.arm.com/products/security-on-arm/trustzone

[5]

Frederik Armknecht et al. 2013. A Security Framework for the Analysis and Design of Software Attestation. In ACM CCS.

[6]

F. Brasser et al. 2015. TyTAN: Tiny Trust Anchor for Tiny Devices. In DAC. ACM.

[7]

Claude Castelluccia, Aurélien Francillon, Daniele Perito, and Claudio Soriente. 2009. On the difficulty of software-based attestation of embedded devices. In Proceedings of the 16th ACM conference on Computer and communications security. 400--409.

Digital Library

[8]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Michael Steiner, and Gene Tsudik. 2019. VRASED: A Verified Hardware/Software Co-Design for Remote Attestation. In 28th USENIX Security Symposium (USENIX Security 19). 1429--1446.

[9]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2020. APEX: A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise. In 29th USENIX Security Symposium (USENIX Security 20).

[10]

Aristides V Doumas and Vassilis G Papanicolaou. 2012. The coupon collector's problem revisited: asymptotics of the variance. Advances in Applied Probability 44, 1 (2012), 166--195.

[11]

Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2017. HYDRA: hybrid design for remote attestation (using a formally verified microkernel). In Proceedings of the 10th ACM Conference on Security and Privacy in wireless and Mobile Networks. ACM, 99--110.

Digital Library

[12]

Karim Eldefrawy, Gene Tsudik, Aurélien Francillon, and Daniele Perito. 2012. SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust. In NDSS, Vol. 12. 1--15.

[13]

Radek Fujdiak, Jiri Misurec, Petr Mlynek, and Ondrej Raso. 2015. Analysis of random number generator from texas instrument in MSP430 x5xx families. In 2015 38th International Conference on Telecommunications and Signal Processing (TSP). IEEE, 653--656.

[14]

R.W. Gardner et al. 2009. Detecting Code Alteration by Creating a Temporary Memory Bottleneck. IEEE TIFS (2009).

[15]

Olivier Girard. 2009. openMSP430.

[16]

Virgil D Gligor and Shan Leung Maverick Woo. 2019. Establishing Software Root of Trust Unconditionally. In NDSS.

[17]

Senad Huseinbegovic, Sead Kreso, and Omer Tanovic. 2009. Design and implementation of the CAN based elevator control system. In 2009 XXII International Symposium on Information, Communication and Automation Technologies. IEEE, 1--6.

[18]

Intel. [n.d.]. Intel Software Guard Extensions (Intel SGX). https://software.intel.com/en-us/sgx

[19]

Karl Henrik Johansson, Martin Törngren, and Lars Nielsen. 2005. Vehicle applications of controller area network. In Handbook of networked and embedded control systems. Springer, 741--765.

[20]

Jonathan Katz and Yehuda Lindell. 2014. Introduction to modern cryptography. CRC press.

Digital Library

[21]

Rick Kennell et al. 2003. Establishing the Genuinity of Remote Computer Systems. In USENIX Security.

[22]

Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: A security architecture for tiny embedded devices. In EuroSys. ACM.

[23]

X. Kovah et al. 2012. New Results for Timing-Based Attestation. In IEEE S&P '12.

[24]

Jonathan McCune et al. 2008. Flicker: An Execution Infrastructure for TCB Minimization. SIGOPS Operating Systems Review (2008).

Digital Library

[25]

J Noorman et al. 2013. Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base. In USENIX.

[26]

Jr. Petroni et al. 2004. Copilot --- A Coprocessor-based Kernel Runtime Integrity Monitor. In USENIX Security.

[27]

Srivaths Ravi, Anand Raghunathan, and Srimat Chakradhar. 2004. Tamper resistance mechanisms for secure embedded systems. In VLSI Design.

[28]

t Sailer et al., Reiner. 2004. Design and Implementation of a TCG-based Integrity Measurement Architecture. In SSYM'04.

[29]

Dries Schellekens et al. 2008. Remote attestation on legacy operating systems with trusted platform modules. Science of Comp. Programming (2008).

[30]

A. Seshadri et al. 2004. SWATT: Software-based Attestation for Embedded Devices. In IEEE S&P '04.

[31]

A. Seshadri et al. 2005. Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In ACM SOSP.

Digital Library

[32]

Arvind Seshadri et al. 2006. SCUBA: Secure Code Update By Attestation in Sensor Networks. In ACM WiSe.

[33]

Arvind Seshadri et al. 2008. SAKE: Software Attestation for Key Establishment in Sensor Networks. In DCOSS.

[34]

Texas Instruments. 2018. Random Number Generation Using MSP430 MCUs. https://www.ti.com/lit/an/slaa338a/slaa338a.pdf

[35]

Trusted Computing Group. 2017. Trusted Platform Module (TPM). http://www.trustedcomputinggroup.org/work-groups/trusted-platform-module/

[36]

Yi Yang et al. 2007. Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks. In SRDS'07.

[37]

Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, and Benjamin Beurdouche. 2017. HACL^*: A verified modern cryptographic library. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1789--1806.

Digital Library

Cited By

Grisafi MAmmar MRoveri MCrispo B(2024)FLAShadow: A Flash-based Shadow Stack for Low-end Embedded SystemsACM Transactions on Internet of Things10.1145/36704135:3(1-29)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3670413
Chang SWuthier SKim JKim J(2023)Lightweight Software Assurance for Distributed Mobile Networking2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)10.1109/CSCE60160.2023.00379(2332-2338)Online publication date: 24-Jul-2023
https://doi.org/10.1109/CSCE60160.2023.00379
Sarker AWuthier SKim JKim JChang S(2023)Version++: Cryptocurrency Blockchain Handshaking With Software Assurance2023 IEEE 20th Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51644.2023.10059985(804-809)Online publication date: 8-Jan-2023
https://doi.org/10.1109/CCNC51644.2023.10059985
Show More Cited By

Index Terms

Delegated attestation: scalable remote attestation of commodity CPS by blending proofs of execution with software attestation
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

Remote Attestation via Self-Measurement

Remote attestation (RA) is a popular means of detecting malware in embedded and IoT devices. RA is usually realized as an interactive protocol, whereby a trusted party (verifier) measures software integrity of a potentially compromised remote device (...
Analysis of existing remote attestation techniques

This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
Remote Attestation for Low-End Prover Devices with Post-Quantum Capabilities
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Remote attestation is a well-established interactive technique to establish trust in the realm of connected devices. It allows a Prover device to attest its platform integrity to a Verifier device. Existing remote attestation protocols rely on classical ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 2021

412 pages

ISBN:9781450383493

DOI:10.1145/3448300

General Chairs:
Christina Pöpper
New York University Abu Dhabi, AE
,
Mathy Vanhoef
New York University Abu Dhabi, AE
,
Program Chairs:
Lejla Batina
Radboud University, NL
,
René Mayrhofer
Johannes Kepler University Linz, AT

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Perspecta Labs
Semiconductor Research Corporation (SRC)
NSF

Conference

WiSec '21

Sponsor:

SIGSAC

WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 28 - July 2, 2021

Abu Dhabi, United Arab Emirates

Acceptance Rates

WiSec '21 Paper Acceptance Rate 34 of 121 submissions, 28%;

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
537
Total Downloads

Downloads (Last 12 months)192
Downloads (Last 6 weeks)23

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Grisafi MAmmar MRoveri MCrispo B(2024)FLAShadow: A Flash-based Shadow Stack for Low-end Embedded SystemsACM Transactions on Internet of Things10.1145/36704135:3(1-29)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3670413
Chang SWuthier SKim JKim J(2023)Lightweight Software Assurance for Distributed Mobile Networking2023 Congress in Computer Science, Computer Engineering, & Applied Computing (CSCE)10.1109/CSCE60160.2023.00379(2332-2338)Online publication date: 24-Jul-2023
https://doi.org/10.1109/CSCE60160.2023.00379
Sarker AWuthier SKim JKim JChang S(2023)Version++: Cryptocurrency Blockchain Handshaking With Software Assurance2023 IEEE 20th Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51644.2023.10059985(804-809)Online publication date: 8-Jan-2023
https://doi.org/10.1109/CCNC51644.2023.10059985
Sarker AWuthier SKim JKim JChang S(2023)Version++ Protocol Demonstration for Cryptocurrency Blockchain Handshaking with Software Assurance2023 IEEE 20th Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51644.2023.10059971(915-916)Online publication date: 8-Jan-2023
https://doi.org/10.1109/CCNC51644.2023.10059971

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten